From 447778eb46bafd81477e66857f828b3d09ebaf31 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 3 Nov 2025 11:13:56 -0300 Subject: [PATCH 001/138] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/2f0f812f69f3eb4140157fe15e12739adf82e32a?narHash=sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L%2BVSybPfiIgzU8lbQ%3D' (2025-10-19) → 'github:ryantm/agenix/9ba0d85de3eaa7afeab493fed622008b6e4924f5?narHash=sha256-lsNWuj4Z%2BpE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94%3D' (2025-10-28) • Updated input 'disko/nixpkgs': 'github:NixOS/nixpkgs/a7fc11be66bdfb5cdde611ee5ce381c183da8386?narHash=sha256-QoJjGd4NstnyOG4mm4KXF%2BweBzA2AH/7gn1Pmpfcb0A%3D' (2025-10-31) → 'github:NixOS/nixpkgs/dab3a6e781554f965bde3def0aa2fda4eb8f1708?narHash=sha256-lFNVsu/mHLq3q11MuGkMhUUoSXEdQjCHvpReaGP1S2k%3D' (2025-07-15) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/864599284fc7c0ba6357ed89ed5e2cd5040f0c04?narHash=sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4%3D' (2025-10-20) → 'github:hercules-ci/flake-parts/0010412d62a25d959151790968765a70c436598b?narHash=sha256-z5PlZ47j50VNF3R%2BIMS9LmzI5fYRGY/Z5O5tol1c9I4%3D' (2025-11-01) • Updated input 'flake-parts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/a73b9c743612e4244d865a2fdee11865283c04e6?narHash=sha256-x2rJ%2BOvzq0sCMpgfgGaaqgBSwY%2BLST%2BWbZ6TytnT9Rk%3D' (2025-08-10) → 'github:nix-community/nixpkgs.lib/719359f4562934ae99f5443f20aa06c2ffff91fc?narHash=sha256-b0yj6kfvO8ApcSE%2BQmA6mUfu8IYG6/uU28OFn4PaC8M%3D' (2025-10-29) • Updated input 'home-manager': 'github:nix-community/home-manager/189c21cf879669008ccf06e78a553f17e88d8ef0?narHash=sha256-nZh6uvc71nVNaf/y%2BwesnjwsmJ6IZZUnP2EzpZe48To%3D' (2025-10-20) → 'github:nix-community/home-manager/8c824254b1ed9e797f6235fc3c62f365893c561a?narHash=sha256-I%2B8yE5HVR2SFcHnW0771psQ/zn0qVzsKHY/gUM0nEVM%3D' (2025-11-03) • Updated input 'niri-flake': 'github:sodiboo/niri-flake/f851a923137c0a54719412146fd63d24b3214e60?narHash=sha256-E2ySTu/oK7cYBdAI3tlGP9zVjF4mZgWJ1OZInBCMb00%3D' (2025-10-20) → 'github:sodiboo/niri-flake/df17789929ac80f4157b15724450db6a303a6dc9?narHash=sha256-U3SDbk7tIwLChpvb3FL66o8V0byaQ2RGMiy/3oLdxTI%3D' (2025-11-03) • Updated input 'niri-flake/niri-unstable': 'github:YaLTeR/niri/b3245b81a6ed8edfaf5388a74d2e0a23c24941e5?narHash=sha256-KbM47vD6E0cx%2Bv4jYQZ8mD5N186AKm2CQlyh34TW58U%3D' (2025-10-20) → 'github:YaLTeR/niri/a2ca2b3c866bc781b12c334a9f949b3db6d7c943?narHash=sha256-anRlNG6t7esBbF1%2BALDeathVBSclA0PEL52Vo0WnN5g%3D' (2025-11-03) • Updated input 'niri-flake/nixpkgs': 'github:NixOS/nixpkgs/5e2a59a5b1a82f89f2c7e598302a9cacebb72a67?narHash=sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs%3D' (2025-10-19) → 'github:NixOS/nixpkgs/2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15?narHash=sha256-kJ8lIZsiPOmbkJypG%2BB5sReDXSD1KGu2VEPNqhRa/ew%3D' (2025-10-31) • Updated input 'niri-flake/nixpkgs-stable': 'github:NixOS/nixpkgs/33c6dca0c0cb31d6addcd34e90a63ad61826b28c?narHash=sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0%3D' (2025-10-19) → 'github:NixOS/nixpkgs/3de8f8d73e35724bf9abef41f1bdbedda1e14a31?narHash=sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo%3D' (2025-11-01) • Updated input 'niri-flake/xwayland-satellite-unstable': 'github:Supreeeme/xwayland-satellite/a9188e70bd748118b4d56a529871b9de5adb9988?narHash=sha256-0pkftKs6/LReNvxw7DVTN2AJEheZVgyeK0Aarbagi70%3D' (2025-10-05) → 'github:Supreeeme/xwayland-satellite/0728d59ff6463a502e001fb090f6eb92dbc04756?narHash=sha256-fBrUszJXmB4MY%2Bwf3QsCnqWHcz7u7fLq0QMAWCltIQg%3D' (2025-10-28) • Updated input 'nix-index-database': 'github:nix-community/nix-index-database/5024e1901239a76b7bf94a4cd27f3507e639d49e?narHash=sha256-xmU8kAsRprJiTGBTaGrwmjBP3AMA9ltlrxHKFuy5JWc%3D' (2025-10-19) → 'github:nix-community/nix-index-database/359ff6333a7b0b60819d4c20ed05a3a1f726771f?narHash=sha256-Pu1v3mlFhRzZiSxVHb2/i/f5yeYyRNqr0RvEUJ4UgHo%3D' (2025-11-02) • Updated input 'nixos-cli': 'github:nix-community/nixos-cli/c8f5ce1fd9bf151df74328795b6b2720e2e22d75?narHash=sha256-N%2BF4n1WYE3AWc/kmdqIz67GNX7PgyKosnmGYYx8vR9k%3D' (2025-10-19) → 'github:nix-community/nixos-cli/5c259f72ae1eaa00b99354d81130d8fddb7f9a7a?narHash=sha256-IUm2nkbKlDkG94ruTmIYLERpBn6gXydm3scZIKzpcKs%3D' (2025-11-01) • Updated input 'nixos-cli/flake-compat': 'github:edolstra/flake-compat/9100a0f413b0c601e0533d1d94ffd501ce2e7885?narHash=sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX%2BfjA8Xf8PUmqCY%3D' (2025-05-12) → 'github:edolstra/flake-compat/f387cd2afec9419c8ee37694406ca490c3f34ee5?narHash=sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4%3D' (2025-10-27) • Updated input 'nixos-cli/nixpkgs': 'github:NixOS/nixpkgs/647e5c14cbd5067f44ac86b74f014962df460840?narHash=sha256-JVZl8NaVRYb0%2B381nl7LvPE%2BA774/dRpif01FKLrYFQ%3D' (2025-09-28) → 'github:NixOS/nixpkgs/a7fc11be66bdfb5cdde611ee5ce381c183da8386?narHash=sha256-QoJjGd4NstnyOG4mm4KXF%2BweBzA2AH/7gn1Pmpfcb0A%3D' (2025-10-31) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/5e2a59a5b1a82f89f2c7e598302a9cacebb72a67?narHash=sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs%3D' (2025-10-19) → 'github:nixos/nixpkgs/2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15?narHash=sha256-kJ8lIZsiPOmbkJypG%2BB5sReDXSD1KGu2VEPNqhRa/ew%3D' (2025-10-31) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/33c6dca0c0cb31d6addcd34e90a63ad61826b28c?narHash=sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0%3D' (2025-10-19) → 'github:nixos/nixpkgs/3de8f8d73e35724bf9abef41f1bdbedda1e14a31?narHash=sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo%3D' (2025-11-01) • Updated input 'noctalia': 'github:noctalia-dev/noctalia-shell/c3439b262c7cb3d57c93197a93a3aa382582bdae?narHash=sha256-XAs/Q4zBJIfK/bwq9KjTUkTH15A%2BPe2rIilyvalEHuM%3D' (2025-10-23) → 'github:noctalia-dev/noctalia-shell/5ca5aa602f58a8e0e73fedbef351f1cdf8cbe981?narHash=sha256-gHfzrTDSnNC5yRJwkZfP55fPHUc8DuB4OQEIBSQSs18%3D' (2025-11-03) • Updated input 'noctalia/quickshell': 'git+https://git.outfoxxed.me/outfoxxed/quickshell?ref=refs/heads/master&rev=a5431dd02dc23d9ef1680e67777fed00fe5f7cda' (2025-07-27) → 'git+https://git.outfoxxed.me/outfoxxed/quickshell?ref=refs/heads/master&rev=db1777c20b936a86528c1095cbcb1ebd92801402' (2025-10-30) • Updated input 'stylix': 'github:danth/stylix/8d008296a1b3be9b57ad570f7acea00dd2fc92db?narHash=sha256-4C3I/ssFsq8EgaUmZP0xv5V7RV0oCHgL/Rx%2BMUkuE%2BE%3D' (2025-10-14) → 'github:danth/stylix/8c0640d5722a02178c8ee80a62c5f019cab4b3c1?narHash=sha256-wGiL2K3kAyBBmIZpJEskaSIgyzzpg0zwfvri%2BSy6/CI%3D' (2025-11-02) • Updated input 'terranix': 'github:terranix/terranix/924573fa6587ac57b0d15037fbd2d3f0fcdf17fb?narHash=sha256-hTMi6oGU%2B6VRnW9SZZ%2BmuFcbfMEf2ajjOp7Z2KM5MMY%3D' (2025-09-07) → 'github:terranix/terranix/a79a47b4617dfb92184e2e5b8f5aa6fc06c659c8?narHash=sha256-J1L1yP29NVBJO04LA/JGM6kwhnjeNhEsX0tLFnuN3FI%3D' (2025-11-03) • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/596c3ac14be576b93f5db9252a1b0581e453ec9f?narHash=sha256-RehxVjBRC9EiBO36EPZROLHhVVSWFe3KEROhaEapboM%3D' (2025-10-20) → 'github:0xc000022070/zen-browser-flake/10e69cb268b1d3dc91135e72f5462b2acfbcc3aa?narHash=sha256-sIPhzkDrfe6ptthZiwoxQyO6rKd9PgJnl%2BLOyythQkI%3D' (2025-11-03) --- flake.lock | 128 ++++++++++++++++++++++++++--------------------------- 1 file changed, 64 insertions(+), 64 deletions(-) diff --git a/flake.lock b/flake.lock index 5993cdf..429e817 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1760836749, - "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "lastModified": 1761656077, + "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=", "owner": "ryantm", "repo": "agenix", - "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", + "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5", "type": "github" }, "original": { @@ -186,11 +186,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -204,11 +204,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1760948891, - "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", + "lastModified": 1762040540, + "narHash": "sha256-z5PlZ47j50VNF3R+IMS9LmzI5fYRGY/Z5O5tol1c9I4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", + "rev": "0010412d62a25d959151790968765a70c436598b", "type": "github" }, "original": { @@ -338,11 +338,11 @@ ] }, "locked": { - "lastModified": 1760929667, - "narHash": "sha256-nZh6uvc71nVNaf/y+wesnjwsmJ6IZZUnP2EzpZe48To=", + "lastModified": 1762178366, + "narHash": "sha256-I+8yE5HVR2SFcHnW0771psQ/zn0qVzsKHY/gUM0nEVM=", "owner": "nix-community", "repo": "home-manager", - "rev": "189c21cf879669008ccf06e78a553f17e88d8ef0", + "rev": "8c824254b1ed9e797f6235fc3c62f365893c561a", "type": "github" }, "original": { @@ -418,11 +418,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1760950171, - "narHash": "sha256-E2ySTu/oK7cYBdAI3tlGP9zVjF4mZgWJ1OZInBCMb00=", + "lastModified": 1762152856, + "narHash": "sha256-U3SDbk7tIwLChpvb3FL66o8V0byaQ2RGMiy/3oLdxTI=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "f851a923137c0a54719412146fd63d24b3214e60", + "rev": "df17789929ac80f4157b15724450db6a303a6dc9", "type": "github" }, "original": { @@ -451,11 +451,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1760940149, - "narHash": "sha256-KbM47vD6E0cx+v4jYQZ8mD5N186AKm2CQlyh34TW58U=", + "lastModified": 1762146685, + "narHash": "sha256-anRlNG6t7esBbF1+ALDeathVBSclA0PEL52Vo0WnN5g=", "owner": "YaLTeR", "repo": "niri", - "rev": "b3245b81a6ed8edfaf5388a74d2e0a23c24941e5", + "rev": "a2ca2b3c866bc781b12c334a9f949b3db6d7c943", "type": "github" }, "original": { @@ -487,11 +487,11 @@ ] }, "locked": { - "lastModified": 1760846226, - "narHash": "sha256-xmU8kAsRprJiTGBTaGrwmjBP3AMA9ltlrxHKFuy5JWc=", + "lastModified": 1762055842, + "narHash": "sha256-Pu1v3mlFhRzZiSxVHb2/i/f5yeYyRNqr0RvEUJ4UgHo=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "5024e1901239a76b7bf94a4cd27f3507e639d49e", + "rev": "359ff6333a7b0b60819d4c20ed05a3a1f726771f", "type": "github" }, "original": { @@ -528,11 +528,11 @@ "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1760856139, - "narHash": "sha256-N+F4n1WYE3AWc/kmdqIz67GNX7PgyKosnmGYYx8vR9k=", + "lastModified": 1761970410, + "narHash": "sha256-IUm2nkbKlDkG94ruTmIYLERpBn6gXydm3scZIKzpcKs=", "owner": "nix-community", "repo": "nixos-cli", - "rev": "c8f5ce1fd9bf151df74328795b6b2720e2e22d75", + "rev": "5c259f72ae1eaa00b99354d81130d8fddb7f9a7a", "type": "github" }, "original": { @@ -559,11 +559,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1754788789, - "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "lastModified": 1761765539, + "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", "type": "github" }, "original": { @@ -574,11 +574,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1760862643, - "narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=", + "lastModified": 1761999846, + "narHash": "sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c", + "rev": "3de8f8d73e35724bf9abef41f1bdbedda1e14a31", "type": "github" }, "original": { @@ -590,11 +590,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1760862643, - "narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=", + "lastModified": 1761999846, + "narHash": "sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c", + "rev": "3de8f8d73e35724bf9abef41f1bdbedda1e14a31", "type": "github" }, "original": { @@ -606,11 +606,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1761880412, - "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", + "lastModified": 1752596105, + "narHash": "sha256-lFNVsu/mHLq3q11MuGkMhUUoSXEdQjCHvpReaGP1S2k=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386", + "rev": "dab3a6e781554f965bde3def0aa2fda4eb8f1708", "type": "github" }, "original": { @@ -638,11 +638,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1760878510, - "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", + "lastModified": 1761907660, + "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", + "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", "type": "github" }, "original": { @@ -670,11 +670,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1759070547, - "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", + "lastModified": 1761880412, + "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "647e5c14cbd5067f44ac86b74f014962df460840", + "rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386", "type": "github" }, "original": { @@ -686,11 +686,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1760878510, - "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", + "lastModified": 1761907660, + "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", + "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", "type": "github" }, "original": { @@ -741,11 +741,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1761190730, - "narHash": "sha256-XAs/Q4zBJIfK/bwq9KjTUkTH15A+Pe2rIilyvalEHuM=", + "lastModified": 1762156721, + "narHash": "sha256-gHfzrTDSnNC5yRJwkZfP55fPHUc8DuB4OQEIBSQSs18=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "c3439b262c7cb3d57c93197a93a3aa382582bdae", + "rev": "5ca5aa602f58a8e0e73fedbef351f1cdf8cbe981", "type": "github" }, "original": { @@ -787,11 +787,11 @@ ] }, "locked": { - "lastModified": 1753595452, - "narHash": "sha256-vqkSDvh7hWhPvNjMjEDV4KbSCv2jyl2Arh73ZXe274k=", + "lastModified": 1761821581, + "narHash": "sha256-nLuc6jA7z+H/6bHPEBSOYPbz7RtvNCZiTKmYItJuBmM=", "ref": "refs/heads/master", - "rev": "a5431dd02dc23d9ef1680e67777fed00fe5f7cda", - "revCount": 665, + "rev": "db1777c20b936a86528c1095cbcb1ebd92801402", + "revCount": 699, "type": "git", "url": "https://git.outfoxxed.me/outfoxxed/quickshell" }, @@ -883,11 +883,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1760472212, - "narHash": "sha256-4C3I/ssFsq8EgaUmZP0xv5V7RV0oCHgL/Rx+MUkuE+E=", + "lastModified": 1762101397, + "narHash": "sha256-wGiL2K3kAyBBmIZpJEskaSIgyzzpg0zwfvri+Sy6/CI=", "owner": "danth", "repo": "stylix", - "rev": "8d008296a1b3be9b57ad570f7acea00dd2fc92db", + "rev": "8c0640d5722a02178c8ee80a62c5f019cab4b3c1", "type": "github" }, "original": { @@ -995,11 +995,11 @@ "systems": "systems_6" }, "locked": { - "lastModified": 1757278723, - "narHash": "sha256-hTMi6oGU+6VRnW9SZZ+muFcbfMEf2ajjOp7Z2KM5MMY=", + "lastModified": 1762161791, + "narHash": "sha256-J1L1yP29NVBJO04LA/JGM6kwhnjeNhEsX0tLFnuN3FI=", "owner": "terranix", "repo": "terranix", - "rev": "924573fa6587ac57b0d15037fbd2d3f0fcdf17fb", + "rev": "a79a47b4617dfb92184e2e5b8f5aa6fc06c659c8", "type": "github" }, "original": { @@ -1127,11 +1127,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1759707084, - "narHash": "sha256-0pkftKs6/LReNvxw7DVTN2AJEheZVgyeK0Aarbagi70=", + "lastModified": 1761622056, + "narHash": "sha256-fBrUszJXmB4MY+wf3QsCnqWHcz7u7fLq0QMAWCltIQg=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "a9188e70bd748118b4d56a529871b9de5adb9988", + "rev": "0728d59ff6463a502e001fb090f6eb92dbc04756", "type": "github" }, "original": { @@ -1146,11 +1146,11 @@ "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1760934351, - "narHash": "sha256-RehxVjBRC9EiBO36EPZROLHhVVSWFe3KEROhaEapboM=", + "lastModified": 1762131860, + "narHash": "sha256-sIPhzkDrfe6ptthZiwoxQyO6rKd9PgJnl+LOyythQkI=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "596c3ac14be576b93f5db9252a1b0581e453ec9f", + "rev": "10e69cb268b1d3dc91135e72f5462b2acfbcc3aa", "type": "github" }, "original": { From fe091504d08430563e0e6c42678ea991df2e3656 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 3 Nov 2025 12:34:40 -0300 Subject: [PATCH 002/138] openssh greeting fixes --- hosts/alexandria/nextcloud.nix | 7 ++++++- hosts/modules/common/openssh.nix | 8 +++----- hosts/modules/common/programs.nix | 12 +++++++++++- users/modules/common/fish.nix | 5 ++++- 4 files changed, 24 insertions(+), 8 deletions(-) diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 68d4875..9e606d9 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -24,7 +24,12 @@ in database.createLocally = true; maxUploadSize = "16G"; extraApps = { - inherit (config.services.nextcloud.package.packages.apps) calendar contacts notes; + inherit (config.services.nextcloud.package.packages.apps) + calendar + contacts + notes + tasks + ; }; extraAppsEnable = true; caching = { diff --git a/hosts/modules/common/openssh.nix b/hosts/modules/common/openssh.nix index 63422b3..df70bdd 100644 --- a/hosts/modules/common/openssh.nix +++ b/hosts/modules/common/openssh.nix @@ -4,10 +4,8 @@ services.openssh = { enable = true; settings.PermitRootLogin = "no"; + extraConfig = '' + PrintLastLog no + ''; }; - programs.fish.interactiveShellInit = '' - if set -q SSH_CONNECTION - neofetch - end - ''; } diff --git a/hosts/modules/common/programs.nix b/hosts/modules/common/programs.nix index be57b69..fd10953 100644 --- a/hosts/modules/common/programs.nix +++ b/hosts/modules/common/programs.nix @@ -25,6 +25,16 @@ programs = { command-not-found.enable = false; - fish.enable = true; + fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + if set -q SSH_CONNECTION + export TERM=xterm-256color + clear + fastfetch + end + ''; + }; }; } diff --git a/users/modules/common/fish.nix b/users/modules/common/fish.nix index d95db24..c753297 100644 --- a/users/modules/common/fish.nix +++ b/users/modules/common/fish.nix @@ -3,7 +3,10 @@ { programs.fish = { enable = true; - interactiveShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; + interactiveShellInit = '' + set fish_greeting + ${lib.getExe pkgs.nix-your-shell} fish | source + ''; loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; plugins = [ { From 4622f2b299704e0458c48c69a27410ba39bd228e Mon Sep 17 00:00:00 2001 From: William Date: Mon, 3 Nov 2025 16:42:18 -0300 Subject: [PATCH 003/138] fix trantor disko config --- disko/trantor.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/disko/trantor.nix b/disko/trantor.nix index db1397e..0791308 100644 --- a/disko/trantor.nix +++ b/disko/trantor.nix @@ -27,8 +27,7 @@ name = "root"; size = "100%"; content = { - type = "filesystem"; - format = "btrfs"; + type = "btrfs"; extraArgs = [ "-f" ]; subvolumes = { "@root" = { From f5f1541aec620f879d7b1768d0b1e18abf96cb0a Mon Sep 17 00:00:00 2001 From: William Date: Mon, 3 Nov 2025 17:19:21 -0300 Subject: [PATCH 004/138] fixing trantor --- hosts/io/hardware-configuration.nix | 5 ++--- hosts/trantor/boot.nix | 5 ++++- hosts/trantor/hardware-configuration.nix | 7 ++++--- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/hosts/io/hardware-configuration.nix b/hosts/io/hardware-configuration.nix index cb114a1..a17fe24 100644 --- a/hosts/io/hardware-configuration.nix +++ b/hosts/io/hardware-configuration.nix @@ -2,15 +2,14 @@ config, lib, modulesPath, - self, + inputs, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") - self.diskoConfigurations.io - ]; + ] ++ inputs.self.diskoConfigurations.io.modules; boot = { initrd = { diff --git a/hosts/trantor/boot.nix b/hosts/trantor/boot.nix index 67ac124..0498818 100644 --- a/hosts/trantor/boot.nix +++ b/hosts/trantor/boot.nix @@ -1,3 +1,6 @@ { - boot.initrd.systemd.enable = true; + boot = { + initrd.systemd.enable = true; + loader.efi.efiSysMountPoint = "/boot/efi"; + }; } diff --git a/hosts/trantor/hardware-configuration.nix b/hosts/trantor/hardware-configuration.nix index 4a9503f..94568f6 100644 --- a/hosts/trantor/hardware-configuration.nix +++ b/hosts/trantor/hardware-configuration.nix @@ -1,15 +1,16 @@ { lib, modulesPath, - self, + inputs, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") - self.diskoConfigurations.trantor - ]; + inputs.disko.nixosModules.disko + ] + ++ inputs.self.diskoConfigurations.trantor.modules; boot = { kernelModules = [ ]; From d6f582fffd2df08649cc609f180f9ed5d619e5cd Mon Sep 17 00:00:00 2001 From: William Date: Mon, 3 Nov 2025 21:37:03 -0300 Subject: [PATCH 005/138] no diskoConfirations outputs --- diskoConfigurations.nix | 12 --------- flake.nix | 1 - disko/io.nix => hosts/io/disko.nix | 0 hosts/io/hardware-configuration.nix | 4 +-- hosts/modules/ephemeral.nix | 2 +- disko/trantor.nix => hosts/trantor/disko.nix | 6 ++++- hosts/trantor/hardware-configuration.nix | 26 ++++++-------------- 7 files changed, 14 insertions(+), 37 deletions(-) delete mode 100644 diskoConfigurations.nix rename disko/io.nix => hosts/io/disko.nix (100%) rename disko/trantor.nix => hosts/trantor/disko.nix (90%) diff --git a/diskoConfigurations.nix b/diskoConfigurations.nix deleted file mode 100644 index 511eddc..0000000 --- a/diskoConfigurations.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ - inputs.disko.flakeModule - ]; - - flake.diskoConfigurations = { - io.modules = [ ./disko/io.nix ]; - trantor.modules = [ ./disko/trantor.nix ]; - }; -} diff --git a/flake.nix b/flake.nix index c9d5076..07d4a02 100644 --- a/flake.nix +++ b/flake.nix @@ -62,7 +62,6 @@ imports = [ ./deploy.nix ./devShells.nix - ./diskoConfigurations.nix ./homeConfigurations.nix ./nixosConfigurations.nix ./nixosModules.nix diff --git a/disko/io.nix b/hosts/io/disko.nix similarity index 100% rename from disko/io.nix rename to hosts/io/disko.nix diff --git a/hosts/io/hardware-configuration.nix b/hosts/io/hardware-configuration.nix index a17fe24..8e4dae4 100644 --- a/hosts/io/hardware-configuration.nix +++ b/hosts/io/hardware-configuration.nix @@ -7,9 +7,7 @@ }: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ] ++ inputs.self.diskoConfigurations.io.modules; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot = { initrd = { diff --git a/hosts/modules/ephemeral.nix b/hosts/modules/ephemeral.nix index 8ed08bc..cad5f41 100644 --- a/hosts/modules/ephemeral.nix +++ b/hosts/modules/ephemeral.nix @@ -10,7 +10,7 @@ enable = true; rootDevice = if config.networking.hostName == "trantor" then - "/dev/disk/by-id/scsi-36067d367fe184830a89bbe708c7b1066" + "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2" else "/dev/mapper/cryptroot"; rootSubvolume = "@root"; diff --git a/disko/trantor.nix b/hosts/trantor/disko.nix similarity index 90% rename from disko/trantor.nix rename to hosts/trantor/disko.nix index 0791308..0e47058 100644 --- a/disko/trantor.nix +++ b/hosts/trantor/disko.nix @@ -1,7 +1,11 @@ +{ inputs, ... }: + { + imports = [ inputs.disko.nixosModules.default ]; + disko.devices.disk.main = { type = "disk"; - device = "/dev/disk/by-id/scsi-36067d367fe184830a89bbe708c7b1066"; + device = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20"; content = { type = "gpt"; partitions = { diff --git a/hosts/trantor/hardware-configuration.nix b/hosts/trantor/hardware-configuration.nix index 94568f6..039129e 100644 --- a/hosts/trantor/hardware-configuration.nix +++ b/hosts/trantor/hardware-configuration.nix @@ -1,30 +1,18 @@ { lib, modulesPath, - inputs, ... }: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - inputs.disko.nixosModules.disko - ] - ++ inputs.self.diskoConfigurations.trantor.modules; + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot = { - kernelModules = [ ]; - extraModulePackages = [ ]; - initrd = { - availableKernelModules = [ - "xhci_pci" - "virtio_pci" - "virtio_scsi" - "usbhid" - ]; - kernelModules = [ ]; - }; - }; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "virtio_pci" + "virtio_scsi" + "usbhid" + ]; networking.useDHCP = lib.mkDefault true; From 97450f0057a4a4e488ba0f79105105e27697d67b Mon Sep 17 00:00:00 2001 From: William Date: Tue, 4 Nov 2025 08:13:16 -0300 Subject: [PATCH 006/138] no more protonup --- hosts/modules/gaming.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/modules/gaming.nix b/hosts/modules/gaming.nix index cf6217f..5aef14e 100644 --- a/hosts/modules/gaming.nix +++ b/hosts/modules/gaming.nix @@ -6,7 +6,6 @@ heroic mangohud prismlauncher - protonup steam-run ]; From cb59a911d63f70a6502ffa3e25aee7e2dfb9dd7f Mon Sep 17 00:00:00 2001 From: William Date: Thu, 6 Nov 2025 19:57:04 -0300 Subject: [PATCH 007/138] added ai tag for desktop hosts --- flake.lock | 151 ++++++++++++++++++++++++++++++++-------- flake.nix | 2 + hosts/modules/ai.nix | 9 +++ hosts/modules/dev.nix | 1 - nixosConfigurations.nix | 2 + 5 files changed, 136 insertions(+), 29 deletions(-) create mode 100644 hosts/modules/ai.nix diff --git a/flake.lock b/flake.lock index 429e817..3b994bf 100644 --- a/flake.lock +++ b/flake.lock @@ -91,6 +91,28 @@ "type": "github" } }, + "blueprint": { + "inputs": { + "nixpkgs": [ + "nix-ai-tools", + "nixpkgs" + ], + "systems": "systems_3" + }, + "locked": { + "lastModified": 1761645416, + "narHash": "sha256-wTQzbbQ6XHtvNJVuhJj+ytZDRyNtwUKbrIfIvMvKNfQ=", + "owner": "numtide", + "repo": "blueprint", + "rev": "633af1961cae8e02bc6195e6e599a6b09bf75217", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "blueprint", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -261,7 +283,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_3" + "systems": "systems_4" }, "locked": { "lastModified": 1731533236, @@ -464,6 +486,26 @@ "type": "github" } }, + "nix-ai-tools": { + "inputs": { + "blueprint": "blueprint", + "nixpkgs": "nixpkgs_5", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1762442079, + "narHash": "sha256-aWt5CgOsQiiq+caxF0iqp56kfHRkv8Tnz0X9DhJeBEE=", + "owner": "numtide", + "repo": "nix-ai-tools", + "rev": "aaee8f2df1325c7f212d769515092162bcac31a7", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "nix-ai-tools", + "type": "github" + } + }, "nix-flatpak": { "locked": { "lastModified": 1754777568, @@ -503,7 +545,7 @@ "nix-options-doc": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "rust-overlay": "rust-overlay_2" }, "locked": { @@ -525,7 +567,7 @@ "inputs": { "flake-compat": "flake-compat_2", "nix-options-doc": "nix-options-doc", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1761970410, @@ -604,6 +646,22 @@ "type": "github" } }, + "nixpkgs_10": { + "locked": { + "lastModified": 1755615617, + "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "20075955deac2583bb12f07151c2df830ef346b4", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1752596105, @@ -653,6 +711,22 @@ } }, "nixpkgs_5": { + "locked": { + "lastModified": 1762111121, + "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { "locked": { "lastModified": 1740695751, "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", @@ -668,7 +742,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1761880412, "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", @@ -684,7 +758,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1761907660, "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", @@ -700,7 +774,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1758690382, "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", @@ -716,29 +790,13 @@ "type": "github" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1755615617, - "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "20075955deac2583bb12f07151c2df830ef346b4", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "noctalia": { "inputs": { "nixpkgs": [ "nixpkgs" ], "quickshell": "quickshell", - "systems": "systems_4" + "systems": "systems_5" }, "locked": { "lastModified": 1762156721, @@ -810,10 +868,11 @@ "impermanence": "impermanence", "niri": "niri", "niri-flake": "niri-flake", + "nix-ai-tools": "nix-ai-tools", "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "nixpkgs-stable": "nixpkgs-stable_2", "noctalia": "noctalia", "stylix": "stylix", @@ -873,9 +932,9 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_2", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_9", "nur": "nur", - "systems": "systems_5", + "systems": "systems_6", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -986,13 +1045,28 @@ "type": "github" } }, + "systems_7": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "terranix": { "inputs": { "flake-parts": "flake-parts_3", "nixpkgs": [ "nixpkgs" ], - "systems": "systems_6" + "systems": "systems_7" }, "locked": { "lastModified": 1762161791, @@ -1089,6 +1163,27 @@ "type": "github" } }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nix-ai-tools", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1762410071, + "narHash": "sha256-aF5fvoZeoXNPxT0bejFUBXeUjXfHLSL7g+mjR/p5TEg=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "97a30861b13c3731a84e09405414398fbf3e109f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "utils": { "inputs": { "systems": "systems_2" @@ -1143,7 +1238,7 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_10" }, "locked": { "lastModified": 1762131860, diff --git a/flake.nix b/flake.nix index 07d4a02..af148c1 100644 --- a/flake.nix +++ b/flake.nix @@ -49,6 +49,8 @@ url = "github:terranix/terranix"; inputs.nixpkgs.follows = "nixpkgs"; }; + + nix-ai-tools.url = "github:numtide/nix-ai-tools"; }; outputs = diff --git a/hosts/modules/ai.nix b/hosts/modules/ai.nix new file mode 100644 index 0000000..ddf4fca --- /dev/null +++ b/hosts/modules/ai.nix @@ -0,0 +1,9 @@ +{ inputs, pkgs, ... }: + +{ + environment.systemPackages = with inputs.nix-ai-tools.packages.${pkgs.system}; [ + claude-desktop + claudebox + opencode + ]; +} diff --git a/hosts/modules/dev.nix b/hosts/modules/dev.nix index 82908f2..c4cca78 100644 --- a/hosts/modules/dev.nix +++ b/hosts/modules/dev.nix @@ -3,7 +3,6 @@ { environment.systemPackages = with pkgs; [ bat - claude-code lazygit fd fzf diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index ced8851..85fd378 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -10,6 +10,7 @@ in hostname = "rotterdam"; tags = [ "desktop" + "ai" "bluetooth" "dev" "ephemeral" @@ -25,6 +26,7 @@ in hostname = "io"; tags = [ "desktop" + "ai" "bluetooth" "dev" "ephemeral" From 6ec815a7668b8af89d2ff800ecee32253c916cfd Mon Sep 17 00:00:00 2001 From: William Date: Thu, 6 Nov 2025 19:59:58 -0300 Subject: [PATCH 008/138] fix disko usage for io --- hosts/io/disko.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/io/disko.nix b/hosts/io/disko.nix index 37f3160..4e6c9d5 100644 --- a/hosts/io/disko.nix +++ b/hosts/io/disko.nix @@ -1,4 +1,8 @@ +{ inputs, ... }: + { + imports = [ inputs.disko.nixosModules.default ]; + disko.devices.disk.main = { type = "disk"; device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689"; From 59cda1884dfd49bed2852fca8ca1af82e1fcfcd3 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 7 Nov 2025 06:17:28 -0300 Subject: [PATCH 009/138] add recipient to oci alert --- terranix/oci/trantor.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/terranix/oci/trantor.nix b/terranix/oci/trantor.nix index 37c12ae..2037d87 100644 --- a/terranix/oci/trantor.nix +++ b/terranix/oci/trantor.nix @@ -229,6 +229,7 @@ threshold = 5; threshold_type = "PERCENTAGE"; display_name = "daily-spend-alert"; + recipients = "baduhai@proton.me"; description = "Alert when daily spending exceeds $0.05"; message = "Daily spending has exceeded $0.05 in the trantor compartment"; }; From 45f89a1663187983364c38e04a1f5c857d21a3bb Mon Sep 17 00:00:00 2001 From: William Date: Fri, 7 Nov 2025 07:15:12 -0300 Subject: [PATCH 010/138] add claude-code back --- hosts/modules/ai.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/ai.nix b/hosts/modules/ai.nix index ddf4fca..e2dd9d2 100644 --- a/hosts/modules/ai.nix +++ b/hosts/modules/ai.nix @@ -3,6 +3,7 @@ { environment.systemPackages = with inputs.nix-ai-tools.packages.${pkgs.system}; [ claude-desktop + claude-code claudebox opencode ]; From d3ef56c724a2eed6b0544e0a01f69ceb33adb70d Mon Sep 17 00:00:00 2001 From: William Date: Fri, 7 Nov 2025 11:55:27 -0300 Subject: [PATCH 011/138] add presenterm to desktops --- hosts/modules/desktop/desktop.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 5258442..f2418ce 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -35,6 +35,7 @@ libreoffice onlyoffice-desktopeditors papers + presenterm rnote ### Graphics & Design ### gimp From 5baff5a68e44900d13e0579a3479cfcf5ab92b2f Mon Sep 17 00:00:00 2001 From: William Date: Fri, 7 Nov 2025 12:13:47 -0300 Subject: [PATCH 012/138] added kanshi to manage displays --- users/modules/desktop/niri.nix | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 16955d9..283d940 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -14,19 +14,27 @@ in { imports = [ inputs.noctalia.homeModules.default ]; + services.kanshi = { + enable = true; + settings = [ + { + profile.name = "default"; + profile.outputs = [ + { + criteria = "*"; + scale = 1.0; + } + ]; + } + ]; + }; + home = { packages = with pkgs; [ xwayland-satellite ]; sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; }; xdg.configFile."niri/config.kdl".text = '' - output "eDP-1" { - scale 1.0 - } - output "DP-3" { - scale 1.0 - } - input { keyboard { xkb { From 52eaf14b0950fa725e86bfb521a40fbdabe4969f Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 13:02:22 -0300 Subject: [PATCH 013/138] noto emoji font name change; niri window/workspace up/down keybind --- users/modules/desktop/niri.nix | 8 ++++---- users/modules/stylix.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 283d940..1f6a1bf 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -163,13 +163,13 @@ in Mod+Shift+Q { close-window; } Alt+F4 { close-window; } Mod+Left { focus-column-left; } - Mod+Down { focus-window-down; } - Mod+Up { focus-window-up; } + Mod+Down { focus-window-or-workspace-down; } + Mod+Up { focus-window-or-workspace-up; } Mod+Right { focus-column-right; } Mod+H { focus-column-left; } Mod+L { focus-column-right; } - Mod+J { focus-window-down; } - Mod+K { focus-window-up; } + Mod+J { focus-window-or-workspace-down; } + Mod+K { focus-window-or-workspace-up; } Ctrl+Alt+J { focus-workspace-down; } Ctrl+Alt+K { focus-workspace-up; } Ctrl+Alt+Down { focus-workspace-down; } diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix index 13ba8b6..f1c7e44 100644 --- a/users/modules/stylix.nix +++ b/users/modules/stylix.nix @@ -46,7 +46,7 @@ name = "FiraCode Nerd Font"; }; emoji = { - package = pkgs.noto-fonts-emoji; + package = pkgs.noto-fonts-color-emoji; name = "Noto Color Emoji"; }; sizes = { From a1369e5818cd0bf26ae7dfd5970b81e81272d682 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 20:46:38 -0300 Subject: [PATCH 014/138] rekeyd secrets --- hosts/alexandria/firewall.nix | 11 ----------- secrets/cloudflare.age | 18 ++++++++++-------- secrets/nextcloud-adminpass.age | Bin 465 -> 465 bytes secrets/nextcloud-secrets.json.age | Bin 537 -> 537 bytes secrets/secrets.nix | 3 ++- 5 files changed, 12 insertions(+), 20 deletions(-) delete mode 100644 hosts/alexandria/firewall.nix diff --git a/hosts/alexandria/firewall.nix b/hosts/alexandria/firewall.nix deleted file mode 100644 index f6fded2..0000000 --- a/hosts/alexandria/firewall.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: - -{ - networking.firewall = { - allowedTCPPorts = [ - 80 - 443 - ]; - allowedUDPPorts = [ ]; - }; -} diff --git a/secrets/cloudflare.age b/secrets/cloudflare.age index 9e989ec..028e964 100644 --- a/secrets/cloudflare.age +++ b/secrets/cloudflare.age @@ -1,9 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 Kfdnog gEZvRtLBhGslmS97VaRqoucgExvOopsHAAne4lCmEEY -NkIeFYuQFntDOBqd3k0/OVYMcM7h73uO0jPXaHzEcZc --> ssh-ed25519 8YSAiw bVV4jIDbBKxsr6mQ4Tv0rP6ylrAEOJWkqjpyvXjnQRU -6kUe5Syw7sd+aF2QEgr6Yj+fOPL5zSJN1PJvY9Kdhlg --> ssh-ed25519 J6tVTA 4JMlJmhHAYUgjiWwB1Q278TSjJypwecALmfnosxan0s -WIubcIFrjMV0GpyU1ZGc48YwrqOtSmJxweonw1KnR+U ---- 78A7re4LLB/0n5AXLRlVqiMNFMAQ2ZvjjK21YGRveRE -_4pkVCKm#~kI8Em3kp|0^tSk s/΅?=l,7~̈́c{ȞAݭ>ZlGTJsGY //B4e'IIc ,"< \ No newline at end of file +-> ssh-ed25519 Kfdnog IHXv4c5we36dCUsB1v8uEF23tIRlDQ/8WR1hX4GQ+Uc +Cwccw64BYBdSZUdkSqKESIU7E17cLNtiAZZ3Y1xV87A +-> ssh-ed25519 8YSAiw Ce3vdMG111ubjcFgd3+q2Qw2+7dsoUz7SiudtuLDr0Y +JUodwFsKfOTZXxFyRrEk/4gxJ4goPkwvYeThi893M0U +-> ssh-ed25519 J6tVTA bExFuITTGXkTvhW25nushN7zT/PJGDoezsqu7fLKemI +4a90v0F4wgcZeqWBQ/EpqOZ9OCgT7qruwVvlGZeFmN8 +-> ssh-ed25519 Qt3Q+A j1oo46pNh1+yPEtxpgj+QPQPf5m82jL0DHGMacY8UFA +vy52Hl1WLTdKNA8+4p7A48Sg9+QkMXbECf/uxVMCLYk +--- 429vzgFnmFbEqDMwdvC0/EYDJlKU64YEGgE0AqPqlBs +b/!8O3Df/&kNQhurt%&]ucjH]_5@D$>N8Ϧ >9:CvѦ69W'X]X^ƻ$}|c/ ߸={uɳs \ No newline at end of file diff --git a/secrets/nextcloud-adminpass.age b/secrets/nextcloud-adminpass.age index 3b6ff2affb50a87f4b2cf91edf585c73272a134f..b4a29fa2568f59e840bde1dbd55ace544626f3b8 100644 GIT binary patch delta 411 zcmcb}e35yAPJLc}VR4C}dq`2WO`Myv3IVvL6L8scd>U?K~-UTm4BX#r?KG0mcUv|0t$UXy zYw%v)XTN@Qb=HR#cxf*wE0#>Rwz7U4vS89VhUCO=pI6L?lj>d;)?c@4p5y5@N3J!G G_5lEIGm+c? delta 411 zcmcb}e35yAPJN=QslG{oagj-?Nm_<^np>o&wn1{HNuFtHy0fQcM1^l?aad@eS6ObB zE0?EFPKckAv5Aqhk6%GbghjAxUT|KOYhhMdaF#`Ju1l7?Q(#0^pm9N1GMBEMLUD11 zZfc5=si~o*f<r!^a)3v8o{zS6 zKu~a&lc%EzS5UTzt3_~G@Up1{UVQPR0R6-rmM3AwdPXK53yI+6Cc`X67NT9$x;r=~;%_j=_;!1t~sx zQQ>8Q9+iHUIZ>s-CRtf!#d+>|soEjFQ3e5t>1AnUfnE__;YQ_Ly1Kdw8D0fp!J(EF zemRNBmX={IMrN4?rQv2?<@%xe&iVeyj^!R+!J*FC28qeVT=(tk|74sxcJ}$9S=Tr| zUC=zrvWa)yQ#P5uo^SfEFZ_L>-MeDyY#FQdRyLBIo4j}xE;xlv{`2(FH{WY-E9QK> HX5a$=F~*Zs diff --git a/secrets/nextcloud-secrets.json.age b/secrets/nextcloud-secrets.json.age index 473f3cb97a38fcb01d2d7512306b9576963b2754..02d170dce9315c545774f3510a4f81541ea6137b 100644 GIT binary patch delta 484 zcmbQqGLvP3PQ6z|j%%7%ieq-3zL8r*x=V;jQD#MOc$%-Lvt?CaMxuU5o>_WoWx0`K zD3@1ZMWTClMs`7Rv1Nuum7{xPxxYtAQGS|5dUjcaafz#^OF?i-Xhm41374*&LUD11 zZfc5=si~o*f< zX0BmgWnNf5SDIx~g^9aSPx`V~&;o}nqJ!ByE@KHC1S zWzH3;5ozv~mZ{oK`X(V&AucJ!kshU9Zk_>&`V}R~X+D<8hIxTpy1KdwQKd;0Ri)a# zzMh5UMyc-Ef&OMCIjIqr&fccJk)h@Rj()!NK_%sep8f^NTp_t{KN=*=`v32=CU@f6 zb#FN=XRdnX61Z;tXEo;=u{B8>C9)d2%j>GzX8&-0mcX=iT4s;Z!JaS{UQVIjmu}Dg`A2*!eD> delta 484 zcmbQqGLvP3PJO0XiLpzFzh#AQNn);vWkgQCr*S~0WqGArij$dviAk_QSZ;`iSz(S_ zI#-&0mVa7ma8X5Kv44tBiiJyNm2*jsN485=q;E!Xfu~WjWoEd0PJym@eV`;dXWol`1s#~N8Yibt+vabaO-L10yezH4OQ z#E;_j>DfLeVL4vq0YAn`FS4cuD+&brAEGP6;8pP7JI(# g=e#`y61#*wLgp)0cI;b{`b%#~@#5{@wobYM08OvE1ONa4 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index d47309f..84b14d6 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -7,7 +7,7 @@ let alexandria = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK95QueW+jp1ZmF299Xr3XkgHJ6dL7aZVsfWxqbOKVKA root@alexandria"; - trantor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINkGuGLZPnYJbCGY4BhJ9uTupp6ruuR1NZ7FEYEaLPA7 root@alexandria"; + trantor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIh/2u5pr/iPVeavlsor5hbTtsgUfP1JpzZVco2YQAo3 root@trantor"; in { @@ -15,6 +15,7 @@ in io-user rotterdam-user alexandria + trantor ]; "nextcloud-adminpass.age".publicKeys = [ io-user From 2289f0e6e46b5adabb087b2dad5b35cb281fd03a Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 20:47:21 -0300 Subject: [PATCH 015/138] beginnings of split dns --- devShells.nix | 6 +-- hosts/alexandria/forgejo.nix | 9 +++++ hosts/alexandria/jellyfin.nix | 9 +++++ hosts/alexandria/librespeed.nix | 9 +++++ hosts/alexandria/nextcloud.nix | 9 +++++ hosts/alexandria/nginx.nix | 5 +++ hosts/alexandria/unbound.nix | 67 ++++++++++++++++++++++++++++++++ hosts/alexandria/vaultwarden.nix | 9 +++++ hosts/modules/split-dns.nix | 28 +++++++++++++ utils.nix | 29 ++++++++++++++ 10 files changed, 177 insertions(+), 3 deletions(-) create mode 100644 hosts/alexandria/unbound.nix create mode 100644 hosts/modules/split-dns.nix diff --git a/devShells.nix b/devShells.nix index 72b2695..f7e9627 100644 --- a/devShells.nix +++ b/devShells.nix @@ -1,12 +1,12 @@ -{ ... }: +{ inputs, ... }: { perSystem = - { pkgs, ... }: + { pkgs, system, ... }: { devShells.default = pkgs.mkShell { packages = with pkgs; [ - agenix-cli + inputs.agenix.packages.${system}.default deploy-rs nil nixfmt-rfc-style diff --git a/hosts/alexandria/forgejo.nix b/hosts/alexandria/forgejo.nix index 909d1d1..d9860f6 100644 --- a/hosts/alexandria/forgejo.nix +++ b/hosts/alexandria/forgejo.nix @@ -32,4 +32,13 @@ in domains."git.baduhai.dev".locations."/".proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; }; + + # Register this domain for split DNS + services.splitDNS.entries = [ + { + domain = "git.baduhai.dev"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + } + ]; } diff --git a/hosts/alexandria/jellyfin.nix b/hosts/alexandria/jellyfin.nix index 9555c89..994f972 100644 --- a/hosts/alexandria/jellyfin.nix +++ b/hosts/alexandria/jellyfin.nix @@ -13,4 +13,13 @@ in acmeHost = "baduhai.dev"; domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; }; + + # Register this domain for split DNS + services.splitDNS.entries = [ + { + domain = "jellyfin.baduhai.dev"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + } + ]; } diff --git a/hosts/alexandria/librespeed.nix b/hosts/alexandria/librespeed.nix index e36a81d..9b59685 100644 --- a/hosts/alexandria/librespeed.nix +++ b/hosts/alexandria/librespeed.nix @@ -27,4 +27,13 @@ in acmeHost = "baduhai.dev"; domains."speedtest.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:58080/"; }; + + # Register this domain for split DNS + services.splitDNS.entries = [ + { + domain = "speedtest.baduhai.dev"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + } + ]; } diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 9e606d9..e12d12b 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -79,6 +79,15 @@ in acmeHost = "baduhai.dev"; domains."cloud.baduhai.dev" = { }; }; + + # Register this domain for split DNS + splitDNS.entries = [ + { + domain = "cloud.baduhai.dev"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + } + ]; }; age.secrets = { diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix index 0a0a261..54640c1 100644 --- a/hosts/alexandria/nginx.nix +++ b/hosts/alexandria/nginx.nix @@ -38,6 +38,11 @@ in users.users.nginx.extraGroups = [ "acme" ]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + age.secrets.cloudflare = { file = ../../secrets/cloudflare.age; owner = "nginx"; diff --git a/hosts/alexandria/unbound.nix b/hosts/alexandria/unbound.nix new file mode 100644 index 0000000..e923318 --- /dev/null +++ b/hosts/alexandria/unbound.nix @@ -0,0 +1,67 @@ +{ config, inputs, lib, ... }: + +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkSplitDNS; +in + +{ + imports = [ ../modules/split-dns.nix ]; + + services.unbound = { + enable = true; + enableRootTrustAnchor = true; + settings = { + server = { + interface = [ + "0.0.0.0" + "::" + ]; + access-control = [ + "127.0.0.0/8 allow" + "192.168.0.0/16 allow" + "100.64.0.0/10 allow" # Tailscale CGNAT range + "::1/128 allow" + "fd7a:115c:a1e0::/48 allow" # Tailscale IPv6 + ]; + + # Enable views for split DNS + access-control-view = [ + "100.64.0.0/10 tailscale" + "fd7a:115c:a1e0::/48 tailscale" + "192.168.0.0/16 lan" + ]; + + num-threads = 2; + msg-cache-size = "50m"; + rrset-cache-size = "100m"; + cache-min-ttl = 300; + cache-max-ttl = 86400; + prefetch = true; + prefetch-key = true; + hide-identity = true; + hide-version = true; + so-rcvbuf = "1m"; + so-sndbuf = "1m"; + }; + # Split DNS views - automatically collected from all service files + view = mkSplitDNS config.services.splitDNS.entries; + + forward-zone = [ + { + name = "."; + forward-addr = [ + "1.1.1.1@853#cloudflare-dns.com" + "1.0.0.1@853#cloudflare-dns.com" + ]; + forward-tls-upstream = true; + } + ]; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; +} diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix index fd10d6b..68387ee 100644 --- a/hosts/alexandria/vaultwarden.nix +++ b/hosts/alexandria/vaultwarden.nix @@ -24,4 +24,13 @@ in domains."pass.baduhai.dev".locations."/".proxyPass = "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; }; + + # Register this domain for split DNS + services.splitDNS.entries = [ + { + domain = "pass.baduhai.dev"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + } + ]; } diff --git a/hosts/modules/split-dns.nix b/hosts/modules/split-dns.nix new file mode 100644 index 0000000..0998816 --- /dev/null +++ b/hosts/modules/split-dns.nix @@ -0,0 +1,28 @@ +{ config, lib, ... }: + +{ + options.services.splitDNS = { + entries = lib.mkOption { + type = lib.types.listOf ( + lib.types.submodule { + options = { + domain = lib.mkOption { + type = lib.types.str; + description = "The domain name to configure"; + }; + lanIP = lib.mkOption { + type = lib.types.str; + description = "IP address to return for LAN requests"; + }; + tailscaleIP = lib.mkOption { + type = lib.types.str; + description = "IP address to return for Tailscale requests"; + }; + }; + } + ); + default = [ ]; + description = "List of domains to configure for split DNS"; + }; + }; +} diff --git a/utils.nix b/utils.nix index 38cf968..c803fe5 100644 --- a/utils.nix +++ b/utils.nix @@ -190,4 +190,33 @@ in }; in lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) domains; + + # Split DNS utilities for unbound + # Generates unbound view config from a list of DNS entries + mkSplitDNS = + entries: + let + # Generate view entries for a single domain + mkEntry = + { + domain, + lanIP, + tailscaleIP, + }: + [ + { + name = "tailscale"; + view-first = true; + local-zone = ''"baduhai.dev." transparent''; + local-data = ''"${domain}. IN A ${tailscaleIP}"''; + } + { + name = "lan"; + view-first = true; + local-zone = ''"baduhai.dev." transparent''; + local-data = ''"${domain}. IN A ${lanIP}"''; + } + ]; + in + builtins.concatMap mkEntry entries; } From af444584d09eda850d4327af2d74874be3028a75 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 21:35:13 -0300 Subject: [PATCH 016/138] Add shared services infrastructure for cross-host data Created centralized service definitions in shared/services.nix to store service metadata (domains, IPs, ports) that need to be accessible across multiple hosts. This replaces the per-service split DNS module approach with a single source of truth. Services are now exported through utils.nix for easy access in host configs. --- hosts/alexandria/librespeed.nix | 39 ---------------------------- shared/services.nix | 39 ++++++++++++++++++++++++++++ utils.nix | 46 +++++++++++++++++---------------- 3 files changed, 63 insertions(+), 61 deletions(-) delete mode 100644 hosts/alexandria/librespeed.nix create mode 100644 shared/services.nix diff --git a/hosts/alexandria/librespeed.nix b/hosts/alexandria/librespeed.nix deleted file mode 100644 index 9b59685..0000000 --- a/hosts/alexandria/librespeed.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in - -{ - virtualisation.oci-containers.containers."librespeed" = { - image = "lscr.io/linuxserver/librespeed:latest"; - environment = { - TZ = "America/Bahia"; - }; - ports = [ "127.0.0.1:58080:80" ]; - extraOptions = [ - "--pull=newer" - "--label=io.containers.autoupdate=registry" - ]; - }; - - services.nginx.virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; - domains."speedtest.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:58080/"; - }; - - # Register this domain for split DNS - services.splitDNS.entries = [ - { - domain = "speedtest.baduhai.dev"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - } - ]; -} diff --git a/shared/services.nix b/shared/services.nix new file mode 100644 index 0000000..f55e4d2 --- /dev/null +++ b/shared/services.nix @@ -0,0 +1,39 @@ +# Shared service definitions for cross-host configuration +# Used by: +# - alexandria: DNS server (LAN) + service hosting (vaultwarden, nextcloud, jellyfin) +# - trantor: DNS server (Tailnet) + service hosting (forgejo) +{ + services = [ + { + name = "vaultwarden"; + domain = "vault.baduhai.dev"; + host = "alexandria"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + port = 8222; + } + { + name = "forgejo"; + domain = "git.baduhai.dev"; + host = "trantor"; + tailscaleIP = "100.108.5.90"; + port = 3000; + } + { + name = "nextcloud"; + domain = "cloud.baduhai.dev"; + host = "alexandria"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + port = 443; + } + { + name = "jellyfin"; + domain = "jellyfin.baduhai.dev"; + host = "alexandria"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + port = 8096; + } + ]; +} diff --git a/utils.nix b/utils.nix index c803fe5..740bad0 100644 --- a/utils.nix +++ b/utils.nix @@ -8,9 +8,14 @@ let home-manager agenix ; + + # Import shared service definitions + sharedServices = import ./shared/services.nix; in { + # Re-export shared services for use in host configs + inherit (sharedServices) services; # Tag-based host configuration system mkHost = { @@ -196,27 +201,24 @@ in mkSplitDNS = entries: let - # Generate view entries for a single domain - mkEntry = - { - domain, - lanIP, - tailscaleIP, - }: - [ - { - name = "tailscale"; - view-first = true; - local-zone = ''"baduhai.dev." transparent''; - local-data = ''"${domain}. IN A ${tailscaleIP}"''; - } - { - name = "lan"; - view-first = true; - local-zone = ''"baduhai.dev." transparent''; - local-data = ''"${domain}. IN A ${lanIP}"''; - } - ]; + # Generate local-data entries for all domains + tailscaleData = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') entries; + lanData = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') entries; in - builtins.concatMap mkEntry entries; + [ + # Single Tailscale view with all domains + { + name = "tailscale"; + view-first = true; + local-zone = ''"baduhai.dev." transparent''; + local-data = tailscaleData; + } + # Single LAN view with all domains + { + name = "lan"; + view-first = true; + local-zone = ''"baduhai.dev." transparent''; + local-data = lanData; + } + ]; } From 8d8847e2fbbe3a88b8b50e5d050be86c89cb745d Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 21:35:33 -0300 Subject: [PATCH 017/138] Remove split DNS module and per-service entries Removed the split-dns.nix module and all service-specific splitDNS.entries configurations. Service DNS records are now sourced from the centralized shared/services.nix file instead of being declared individually in each service configuration. --- hosts/alexandria/forgejo.nix | 9 --------- hosts/alexandria/jellyfin.nix | 9 --------- hosts/alexandria/nextcloud.nix | 9 --------- hosts/alexandria/vaultwarden.nix | 9 --------- hosts/modules/split-dns.nix | 28 ---------------------------- 5 files changed, 64 deletions(-) delete mode 100644 hosts/modules/split-dns.nix diff --git a/hosts/alexandria/forgejo.nix b/hosts/alexandria/forgejo.nix index d9860f6..909d1d1 100644 --- a/hosts/alexandria/forgejo.nix +++ b/hosts/alexandria/forgejo.nix @@ -32,13 +32,4 @@ in domains."git.baduhai.dev".locations."/".proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; }; - - # Register this domain for split DNS - services.splitDNS.entries = [ - { - domain = "git.baduhai.dev"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - } - ]; } diff --git a/hosts/alexandria/jellyfin.nix b/hosts/alexandria/jellyfin.nix index 994f972..9555c89 100644 --- a/hosts/alexandria/jellyfin.nix +++ b/hosts/alexandria/jellyfin.nix @@ -13,13 +13,4 @@ in acmeHost = "baduhai.dev"; domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; }; - - # Register this domain for split DNS - services.splitDNS.entries = [ - { - domain = "jellyfin.baduhai.dev"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - } - ]; } diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index e12d12b..9e606d9 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -79,15 +79,6 @@ in acmeHost = "baduhai.dev"; domains."cloud.baduhai.dev" = { }; }; - - # Register this domain for split DNS - splitDNS.entries = [ - { - domain = "cloud.baduhai.dev"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - } - ]; }; age.secrets = { diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix index 68387ee..fd10d6b 100644 --- a/hosts/alexandria/vaultwarden.nix +++ b/hosts/alexandria/vaultwarden.nix @@ -24,13 +24,4 @@ in domains."pass.baduhai.dev".locations."/".proxyPass = "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; }; - - # Register this domain for split DNS - services.splitDNS.entries = [ - { - domain = "pass.baduhai.dev"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - } - ]; } diff --git a/hosts/modules/split-dns.nix b/hosts/modules/split-dns.nix deleted file mode 100644 index 0998816..0000000 --- a/hosts/modules/split-dns.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, lib, ... }: - -{ - options.services.splitDNS = { - entries = lib.mkOption { - type = lib.types.listOf ( - lib.types.submodule { - options = { - domain = lib.mkOption { - type = lib.types.str; - description = "The domain name to configure"; - }; - lanIP = lib.mkOption { - type = lib.types.str; - description = "IP address to return for LAN requests"; - }; - tailscaleIP = lib.mkOption { - type = lib.types.str; - description = "IP address to return for Tailscale requests"; - }; - }; - } - ); - default = [ ]; - description = "List of domains to configure for split DNS"; - }; - }; -} From ee1a7c4d180bf9bff5d0261cf3708d1374f78093 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 21:35:53 -0300 Subject: [PATCH 018/138] Split DNS servers: alexandria for LAN, trantor for tailnet Alexandria's unbound now only serves LAN clients (192.168.0.0/16) and returns LAN IPs for service domains. Created new unbound instance on trantor to serve Tailscale clients (100.64.0.0/10) and return tailscale IPs for service domains. Both configurations pull service records from shared/services.nix. --- hosts/alexandria/unbound.nix | 21 ++++--------- hosts/trantor/unbound.nix | 58 ++++++++++++++++++++++++++++++++++++ nixosConfigurations.nix | 1 - 3 files changed, 64 insertions(+), 16 deletions(-) create mode 100644 hosts/trantor/unbound.nix diff --git a/hosts/alexandria/unbound.nix b/hosts/alexandria/unbound.nix index e923318..31363aa 100644 --- a/hosts/alexandria/unbound.nix +++ b/hosts/alexandria/unbound.nix @@ -1,13 +1,10 @@ -{ config, inputs, lib, ... }: +{ inputs, lib, ... }: let utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkSplitDNS; in { - imports = [ ../modules/split-dns.nix ]; - services.unbound = { enable = true; enableRootTrustAnchor = true; @@ -20,16 +17,7 @@ in access-control = [ "127.0.0.0/8 allow" "192.168.0.0/16 allow" - "100.64.0.0/10 allow" # Tailscale CGNAT range "::1/128 allow" - "fd7a:115c:a1e0::/48 allow" # Tailscale IPv6 - ]; - - # Enable views for split DNS - access-control-view = [ - "100.64.0.0/10 tailscale" - "fd7a:115c:a1e0::/48 tailscale" - "192.168.0.0/16 lan" ]; num-threads = 2; @@ -43,9 +31,12 @@ in hide-version = true; so-rcvbuf = "1m"; so-sndbuf = "1m"; + + # LAN-only DNS records + local-zone = ''"baduhai.dev." transparent''; + local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') + (lib.filter (e: e ? lanIP) utils.services); }; - # Split DNS views - automatically collected from all service files - view = mkSplitDNS config.services.splitDNS.entries; forward-zone = [ { diff --git a/hosts/trantor/unbound.nix b/hosts/trantor/unbound.nix new file mode 100644 index 0000000..46808c6 --- /dev/null +++ b/hosts/trantor/unbound.nix @@ -0,0 +1,58 @@ +{ inputs, lib, ... }: + +let + utils = import ../../utils.nix { inherit inputs lib; }; +in + +{ + services.unbound = { + enable = true; + enableRootTrustAnchor = true; + settings = { + server = { + interface = [ + "0.0.0.0" + "::" + ]; + access-control = [ + "127.0.0.0/8 allow" + "100.64.0.0/10 allow" # Tailscale CGNAT range + "::1/128 allow" + "fd7a:115c:a1e0::/48 allow" # Tailscale IPv6 + ]; + + num-threads = 2; + msg-cache-size = "50m"; + rrset-cache-size = "100m"; + cache-min-ttl = 300; + cache-max-ttl = 86400; + prefetch = true; + prefetch-key = true; + hide-identity = true; + hide-version = true; + so-rcvbuf = "1m"; + so-sndbuf = "1m"; + + # Tailnet DNS records from shared services + local-zone = ''"baduhai.dev." transparent''; + local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') utils.services; + }; + + forward-zone = [ + { + name = "."; + forward-addr = [ + "1.1.1.1@853#cloudflare-dns.com" + "1.0.0.1@853#cloudflare-dns.com" + ]; + forward-tls-upstream = true; + } + ]; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; +} diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index 85fd378..c4969c1 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -40,7 +40,6 @@ in tags = [ # "server" TODO: uncomment when 25.11 is out. "fwupd" - "podman" ]; }; From 34622a05cbf2308e27f692efc8f3e04aa84b3942 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 21:47:16 -0300 Subject: [PATCH 019/138] Move forgejo from alexandria to trantor Migrated forgejo service and configuration to trantor. Added nginx reverse proxy support on trantor with ACME configuration for SSL certificates. Fixed vaultwarden domain in shared services from vault.baduhai.dev to pass.baduhai.dev to match actual nginx configuration. --- hosts/{alexandria => trantor}/forgejo.nix | 1 - hosts/trantor/nginx.nix | 50 +++++++++++++++++++++++ shared/services.nix | 2 +- 3 files changed, 51 insertions(+), 2 deletions(-) rename hosts/{alexandria => trantor}/forgejo.nix (96%) create mode 100644 hosts/trantor/nginx.nix diff --git a/hosts/alexandria/forgejo.nix b/hosts/trantor/forgejo.nix similarity index 96% rename from hosts/alexandria/forgejo.nix rename to hosts/trantor/forgejo.nix index 909d1d1..c11573e 100644 --- a/hosts/alexandria/forgejo.nix +++ b/hosts/trantor/forgejo.nix @@ -28,7 +28,6 @@ in }; services.nginx.virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; domains."git.baduhai.dev".locations."/".proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; }; diff --git a/hosts/trantor/nginx.nix b/hosts/trantor/nginx.nix new file mode 100644 index 0000000..6879bfc --- /dev/null +++ b/hosts/trantor/nginx.nix @@ -0,0 +1,50 @@ +{ + config, + lib, + inputs, + ... +}: + +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in + +{ + security.acme = { + acceptTerms = true; + defaults = { + email = "baduhai@proton.me"; + dnsResolver = "1.1.1.1:53"; + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.cloudflare.path; + }; + }; + + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = { + "_" = { + default = true; + locations."/".return = "444"; + }; + }; + }; + + users.users.nginx.extraGroups = [ "acme" ]; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + + age.secrets.cloudflare = { + file = ../../secrets/cloudflare.age; + owner = "nginx"; + group = "nginx"; + }; +} diff --git a/shared/services.nix b/shared/services.nix index f55e4d2..fd4e440 100644 --- a/shared/services.nix +++ b/shared/services.nix @@ -6,7 +6,7 @@ services = [ { name = "vaultwarden"; - domain = "vault.baduhai.dev"; + domain = "pass.baduhai.dev"; host = "alexandria"; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; From 73db53426937916050da864ee45e53520da34294 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 21:47:41 -0300 Subject: [PATCH 020/138] Switch from wildcard to per-domain SSL certificates Updated mkNginxVHosts to use per-domain certificates (enableACME) instead of shared wildcard certificates (useACMEHost). Each service now requests its own certificate, avoiding conflicts between hosts and following the principle of least privilege. Removed wildcard certificate configuration from both alexandria and trantor. Each host now only obtains certificates for domains it actually serves: - Alexandria: pass.baduhai.dev, cloud.baduhai.dev, jellyfin.baduhai.dev - Trantor: git.baduhai.dev --- hosts/alexandria/jellyfin.nix | 1 - hosts/alexandria/nextcloud.nix | 1 - hosts/alexandria/nginx.nix | 11 +++++------ hosts/alexandria/vaultwarden.nix | 1 - utils.nix | 7 ++----- 5 files changed, 7 insertions(+), 14 deletions(-) diff --git a/hosts/alexandria/jellyfin.nix b/hosts/alexandria/jellyfin.nix index 9555c89..6ceac09 100644 --- a/hosts/alexandria/jellyfin.nix +++ b/hosts/alexandria/jellyfin.nix @@ -10,7 +10,6 @@ in }; services.nginx.virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; }; } diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 9e606d9..2368a3c 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -76,7 +76,6 @@ in }; nginx.virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; domains."cloud.baduhai.dev" = { }; }; }; diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix index 54640c1..6879bfc 100644 --- a/hosts/alexandria/nginx.nix +++ b/hosts/alexandria/nginx.nix @@ -19,9 +19,6 @@ in dnsProvider = "cloudflare"; credentialsFile = config.age.secrets.cloudflare.path; }; - certs."baduhai.dev" = { - extraDomainNames = [ "*.baduhai.dev" ]; - }; }; services.nginx = { @@ -30,9 +27,11 @@ in recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; - domains."_".locations."/".return = "444"; + virtualHosts = { + "_" = { + default = true; + locations."/".return = "444"; + }; }; }; diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix index fd10d6b..2335ee0 100644 --- a/hosts/alexandria/vaultwarden.nix +++ b/hosts/alexandria/vaultwarden.nix @@ -20,7 +20,6 @@ in }; services.nginx.virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; domains."pass.baduhai.dev".locations."/".proxyPass = "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; }; diff --git a/utils.nix b/utils.nix index 740bad0..7a81af7 100644 --- a/utils.nix +++ b/utils.nix @@ -183,13 +183,10 @@ in # Nginx virtual host utilities mkNginxVHosts = - { - acmeHost, - domains, - }: + { domains }: let commonVHostConfig = { - useACMEHost = acmeHost; + enableACME = true; forceSSL = true; kTLS = true; }; From 952a55f03d392d504728065191f5edddebc453ba Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 21:57:27 -0300 Subject: [PATCH 021/138] Add Kanidm identity provider to alexandria Added Kanidm server configuration to serve as central identity provider for all services. Configuration includes: - Server on auth.baduhai.dev with HTTPS - LDAP support on port 636 for legacy integrations - Nginx reverse proxy with SSL termination - Added to shared services for DNS resolution Kanidm will provide OAuth2/OIDC authentication for Nextcloud, Vaultwarden, Forgejo, and other services. --- hosts/alexandria/kanidm.nix | 78 +++++++++++++++++++++++++++++++++++++ shared/services.nix | 10 ++++- 2 files changed, 87 insertions(+), 1 deletion(-) create mode 100644 hosts/alexandria/kanidm.nix diff --git a/hosts/alexandria/kanidm.nix b/hosts/alexandria/kanidm.nix new file mode 100644 index 0000000..ee56bc1 --- /dev/null +++ b/hosts/alexandria/kanidm.nix @@ -0,0 +1,78 @@ +{ + config, + lib, + inputs, + pkgs, + ... +}: + +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; + kanidmCertDir = "/var/lib/kanidm/certs"; +in + +{ + services.kanidm = { + enableServer = true; + package = pkgs.kanidm; + + serverSettings = { + domain = "auth.baduhai.dev"; + origin = "https://auth.baduhai.dev"; + bindaddress = "127.0.0.1:8443"; + ldapbindaddress = "127.0.0.1:636"; + trust_x_forward_for = true; + # Use self-signed certificates for internal TLS + tls_chain = "${kanidmCertDir}/cert.pem"; + tls_key = "${kanidmCertDir}/key.pem"; + }; + }; + + services.nginx.virtualHosts = mkNginxVHosts { + domains."auth.baduhai.dev" = { + locations."/" = { + proxyPass = "https://127.0.0.1:8443"; + extraConfig = '' + proxy_ssl_verify off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + ''; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 636 ]; + + # Generate self-signed certificates for kanidm's internal TLS + systemd.services.kanidm-generate-certs = { + description = "Generate self-signed TLS certificates for Kanidm"; + wantedBy = [ "multi-user.target" ]; + before = [ "kanidm.service" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + mkdir -p ${kanidmCertDir} + if [ ! -f ${kanidmCertDir}/key.pem ]; then + ${pkgs.openssl}/bin/openssl req -x509 -newkey rsa:4096 \ + -keyout ${kanidmCertDir}/key.pem \ + -out ${kanidmCertDir}/cert.pem \ + -days 3650 -nodes \ + -subj "/CN=localhost" \ + -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" + chown -R kanidm:kanidm ${kanidmCertDir} + chmod 600 ${kanidmCertDir}/key.pem + chmod 644 ${kanidmCertDir}/cert.pem + fi + ''; + }; + + # Ensure certificate generation runs before kanidm starts + systemd.services.kanidm = { + after = [ "kanidm-generate-certs.service" ]; + wants = [ "kanidm-generate-certs.service" ]; + }; +} diff --git a/shared/services.nix b/shared/services.nix index fd4e440..8870258 100644 --- a/shared/services.nix +++ b/shared/services.nix @@ -1,9 +1,17 @@ # Shared service definitions for cross-host configuration # Used by: -# - alexandria: DNS server (LAN) + service hosting (vaultwarden, nextcloud, jellyfin) +# - alexandria: DNS server (LAN) + service hosting (vaultwarden, nextcloud, jellyfin, kanidm) # - trantor: DNS server (Tailnet) + service hosting (forgejo) { services = [ + { + name = "kanidm"; + domain = "auth.baduhai.dev"; + host = "alexandria"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + port = 8443; + } { name = "vaultwarden"; domain = "pass.baduhai.dev"; From 58fec035791726b213ac648902513589fa11ab7e Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 22:53:18 -0300 Subject: [PATCH 022/138] Switch ACME to DNS-01 challenge with auto-configured certificates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Changed certificate generation from HTTP-01 to DNS-01 challenge to support services behind Tailscale/CGNAT IPs. HTTP-01 challenges fail because Let's Encrypt cannot reach private Tailscale IPs (100.x.x.x) that Cloudflare DNS points to. Changes: - Pre-configure certificates in security.acme.certs using DNS-01 via Cloudflare - Auto-generate certificate configs from shared/services.nix - Alexandria: filters services with host == "alexandria" - Trantor: filters services with host == "trantor" - Updated mkNginxVHosts to use useACMEHost instead of enableACME - Each domain gets its own certificate configured with DNS-01 challenge This ensures all services get valid Let's Encrypt certificates even when accessible only through Tailscale or private networks. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- hosts/alexandria/nginx.nix | 11 ++++++++++- hosts/trantor/nginx.nix | 13 ++++++++++++- utils.nix | 14 ++++++++------ 3 files changed, 30 insertions(+), 8 deletions(-) diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix index 6879bfc..274f645 100644 --- a/hosts/alexandria/nginx.nix +++ b/hosts/alexandria/nginx.nix @@ -7,7 +7,15 @@ let utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + inherit (utils) mkNginxVHosts services; + + # Get all unique domains from shared services that have LAN IPs (served by this host) + localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "alexandria") services)); + + # Generate ACME cert configs for all local domains + acmeCerts = lib.genAttrs localDomains (domain: { + group = "nginx"; + }); in { @@ -19,6 +27,7 @@ in dnsProvider = "cloudflare"; credentialsFile = config.age.secrets.cloudflare.path; }; + certs = acmeCerts; }; services.nginx = { diff --git a/hosts/trantor/nginx.nix b/hosts/trantor/nginx.nix index 6879bfc..56eed7c 100644 --- a/hosts/trantor/nginx.nix +++ b/hosts/trantor/nginx.nix @@ -7,7 +7,17 @@ let utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + inherit (utils) mkNginxVHosts services; + + # Get all unique domains from shared services on trantor (host = "trantor") + localDomains = lib.unique ( + map (s: s.domain) (lib.filter (s: s.host == "trantor") services) + ); + + # Generate ACME cert configs for all local domains + acmeCerts = lib.genAttrs localDomains (domain: { + group = "nginx"; + }); in { @@ -19,6 +29,7 @@ in dnsProvider = "cloudflare"; credentialsFile = config.age.secrets.cloudflare.path; }; + certs = acmeCerts; }; services.nginx = { diff --git a/utils.nix b/utils.nix index 7a81af7..8c20ab9 100644 --- a/utils.nix +++ b/utils.nix @@ -185,13 +185,15 @@ in mkNginxVHosts = { domains }: let - commonVHostConfig = { - enableACME = true; - forceSSL = true; - kTLS = true; - }; + # Extract domain name and apply it as useACMEHost + mkVHostConfig = domain: config: + lib.recursiveUpdate { + useACMEHost = domain; + forceSSL = true; + kTLS = true; + } config; in - lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) domains; + lib.mapAttrs mkVHostConfig domains; # Split DNS utilities for unbound # Generates unbound view config from a list of DNS entries From 258bcac59750a5ef585ab28c39d1972b9479326d Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 23:56:40 -0300 Subject: [PATCH 023/138] Integrate Kanidm with Nextcloud via OIDC MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Added Kanidm identity provider integration with Nextcloud: - Enabled Kanidm client in kanidm.nix for CLI access - Added user_oidc app to Nextcloud for OpenID Connect authentication - Configured allow_local_remote_servers to permit Nextcloud to reach Kanidm at auth.baduhai.dev (resolves to local IP 192.168.15.142) OAuth2 client configuration (done via kanidm CLI): - Client ID: nextcloud - Scopes: openid, email, profile mapped to idm_all_accounts group - Redirect URI: https://cloud.baduhai.dev/apps/user_oidc/code - User mapping: name claim maps to Nextcloud username This allows users to authenticate to Nextcloud using their Kanidm credentials, with existing Nextcloud accounts linked via username. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- hosts/alexandria/kanidm.nix | 5 +++++ hosts/alexandria/nextcloud.nix | 2 ++ 2 files changed, 7 insertions(+) diff --git a/hosts/alexandria/kanidm.nix b/hosts/alexandria/kanidm.nix index ee56bc1..eaaa9b9 100644 --- a/hosts/alexandria/kanidm.nix +++ b/hosts/alexandria/kanidm.nix @@ -15,6 +15,7 @@ in { services.kanidm = { enableServer = true; + enableClient = true; package = pkgs.kanidm; serverSettings = { @@ -27,6 +28,10 @@ in tls_chain = "${kanidmCertDir}/cert.pem"; tls_key = "${kanidmCertDir}/key.pem"; }; + + clientSettings = { + uri = "https://auth.baduhai.dev"; + }; }; services.nginx.virtualHosts = mkNginxVHosts { diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 2368a3c..c449cce 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -29,6 +29,7 @@ in contacts notes tasks + user_oidc ; }; extraAppsEnable = true; @@ -40,6 +41,7 @@ in trusted_proxies = [ "127.0.0.1" ]; default_phone_region = "BR"; maintenance_window_start = "4"; + allow_local_remote_servers = true; enabledPreviewProviders = [ "OC\\Preview\\BMP" "OC\\Preview\\EMF" From 095d881ad995325d8a1ad1ecd40c510941562df0 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 00:00:00 -0300 Subject: [PATCH 024/138] no ghostty notifications --- users/modules/desktop/desktop.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index ba30852..742a6ea 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -22,7 +22,7 @@ url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; }}"; - bell-features = "border"; + bell-features = ""; gtk-titlebar-style = "tabs"; keybind = [ "shift+enter=text:\\x1b\\r" ]; }; From 92f5593611ac78e163ebff7292656759e393218d Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 07:55:42 -0300 Subject: [PATCH 025/138] junction default browser; remove brave --- hosts/modules/desktop/desktop.nix | 1 - users/modules/desktop/desktop.nix | 15 +++++---------- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index f2418ce..03ec04b 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -20,7 +20,6 @@ systemPackages = with pkgs; [ ### Web ### bitwarden-desktop - brave fragments nextcloud-client tor-browser diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index 742a6ea..df6f380 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -41,33 +41,28 @@ enable = true; defaultApplications = { "text/html" = [ - "com.github.timecraft.junction.desktop" + "re.sonny.Junction.desktop" "zen-browser.desktop" - "brave-browser.desktop" "torbrowser.desktop" ]; "x-scheme-handler/http" = [ - "com.github.timecraft.junction.desktop" + "re.sonny.Junction.desktop" "zen-browser.desktop" - "brave-browser.desktop" "torbrowser.desktop" ]; "x-scheme-handler/https" = [ - "com.github.timecraft.junction.desktop" + "re.sonny.Junction.desktop" "zen-browser.desktop" - "brave-browser.desktop" "torbrowser.desktop" ]; "x-scheme-handler/about" = [ - "com.github.timecraft.junction.desktop" + "re.sonny.Junction.desktop" "zen-browser.desktop" - "brave-browser.desktop" "torbrowser.desktop" ]; "x-scheme-handler/unknown" = [ - "com.github.timecraft.junction.desktop" + "re.sonny.Junction.desktop" "zen-browser.desktop" - "brave-browser.desktop" "torbrowser.desktop" ]; "image/jpeg" = "org.gnome.Loupe.desktop"; From 808bccf0a2665dadd303e309d9f061c360723e8b Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 10:29:45 -0300 Subject: [PATCH 026/138] Add Tailscale tailnet DNS configuration via Terranix MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Configure global DNS nameservers for the Tailscale tailnet, setting trantor as the primary DNS server with Cloudflare as fallback. This enables custom DNS resolution across the entire tailnet. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- terranix/cloudflare/baduhai.dev.nix | 77 +++++++++++++++++++++++++++++ terranix/tailscale/tailnet.nix | 43 ++++++++++++++++ terranixConfigurations.nix | 8 +++ 3 files changed, 128 insertions(+) diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix index e69de29..56d25ad 100644 --- a/terranix/cloudflare/baduhai.dev.nix +++ b/terranix/cloudflare/baduhai.dev.nix @@ -0,0 +1,77 @@ +# Required environment variables: +# CLOUDFLARE_API_TOKEN - API token with "Edit zone DNS" permissions +# TF_VAR_zone_id - Zone ID for baduhai.dev (find in Cloudflare dashboard) +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + +{ config, ... }: + +{ + terraform.required_providers.cloudflare = { + source = "cloudflare/cloudflare"; + version = "~> 5.0"; + }; + + terraform.backend.s3 = { + bucket = "terraform-state"; + key = "cloudflare/baduhai.dev.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + + variable = { + zone_id = { + description = "Cloudflare zone ID for baduhai.dev"; + type = "string"; + sensitive = true; + }; + }; + + data = { + terraform_remote_state.trantor = { + backend = "s3"; + config = { + bucket = "terraform-state"; + key = "oci/trantor.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + }; + }; + + resource = { + cloudflare_record.root = { + zone_id = config.variable.zone_id; + name = "@"; + type = "A"; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value"; + proxied = true; + }; + + cloudflare_record.www = { + zone_id = config.variable.zone_id; + name = "www"; + type = "A"; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value"; + proxied = true; + }; + + cloudflare_record.wildcard = { + zone_id = config.variable.zone_id; + name = "*"; + type = "A"; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value"; + proxied = true; + }; + }; +} diff --git a/terranix/tailscale/tailnet.nix b/terranix/tailscale/tailnet.nix index e69de29..929e79b 100644 --- a/terranix/tailscale/tailnet.nix +++ b/terranix/tailscale/tailnet.nix @@ -0,0 +1,43 @@ +# Required environment variables: +# TAILSCALE_API_KEY - Tailscale API key with appropriate permissions +# TAILSCALE_TAILNET - Your tailnet name (e.g., "user@example.com" or "example.org.github") +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + +{ config, ... }: + +{ + terraform.required_providers.tailscale = { + source = "tailscale/tailscale"; + version = "~> 0.17"; + }; + + terraform.backend.s3 = { + bucket = "terraform-state"; + key = "tailscale/tailnet.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + + variable = { + trantor_tailscale_ip = { + default = "100.108.5.90"; + type = "string"; + }; + }; + + resource = { + tailscale_dns_nameservers.global = { + nameservers = [ + config.variable.trantor_tailscale_ip.default + "1.1.1.1" + "1.0.0.1" + ]; + }; + }; +} diff --git a/terranixConfigurations.nix b/terranixConfigurations.nix index fc84f17..12c90d1 100644 --- a/terranixConfigurations.nix +++ b/terranixConfigurations.nix @@ -14,6 +14,14 @@ modules = [ ./terranix/oci/trantor.nix ]; terraformWrapper.package = pkgs.opentofu; }; + cloudflare-baduhaidev = { + modules = [ ./terranix/cloudflare/baduhai.dev.nix ]; + terraformWrapper.package = pkgs.opentofu; + }; + tailscale-tailnet = { + modules = [ ./terranix/tailscale/tailnet.nix ]; + terraformWrapper.package = pkgs.opentofu; + }; }; }; } From 1b1d7896e6c9fbe87d64ea02b5adbc89b34bd685 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 10:29:54 -0300 Subject: [PATCH 027/138] Document required environment variables for OCI configuration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add documentation about required OCI and AWS credentials for the trantor configuration, clarifying that ~/.oci/config can be used as an alternative to environment variables. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- terranix/oci/trantor.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/terranix/oci/trantor.nix b/terranix/oci/trantor.nix index 2037d87..bb06585 100644 --- a/terranix/oci/trantor.nix +++ b/terranix/oci/trantor.nix @@ -1,3 +1,13 @@ +# Required environment variables: +# instead of OCI variables, ~/.oci/config may also be used +# OCI_TENANCY_OCID - Oracle tenancy OCID (or use TF_VAR_* to override variables) +# OCI_USER_OCID - Oracle user OCID +# OCI_FINGERPRINT - API key fingerprint +# OCI_PRIVATE_KEY_PATH - Path to OCI API private key +# AWS variables are required +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + { config, ... }: { From 1921aad1bdd51292baaf18187106b42a874aa28c Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 10:30:02 -0300 Subject: [PATCH 028/138] Update Cloudflare DNS configuration with explicit zone ID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace sensitive zone_id variable with hardcoded value and update DNS record configuration to use cloudflare_dns_record resource type. Disable proxying and set explicit TTL for better control over DNS propagation. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- terranix/cloudflare/baduhai.dev.nix | 31 +++++++++++++++-------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix index 56d25ad..b74484c 100644 --- a/terranix/cloudflare/baduhai.dev.nix +++ b/terranix/cloudflare/baduhai.dev.nix @@ -1,6 +1,5 @@ # Required environment variables: # CLOUDFLARE_API_TOKEN - API token with "Edit zone DNS" permissions -# TF_VAR_zone_id - Zone ID for baduhai.dev (find in Cloudflare dashboard) # AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage # AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage @@ -26,9 +25,8 @@ variable = { zone_id = { - description = "Cloudflare zone ID for baduhai.dev"; + default = "c63a8332fdddc4a8e5612ddc54557044"; type = "string"; - sensitive = true; }; }; @@ -50,28 +48,31 @@ }; resource = { - cloudflare_record.root = { - zone_id = config.variable.zone_id; + cloudflare_dns_record.root = { + zone_id = config.variable.zone_id.default; name = "@"; type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value"; - proxied = true; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; + proxied = false; + ttl = 3600; }; - cloudflare_record.www = { - zone_id = config.variable.zone_id; + cloudflare_dns_record.www = { + zone_id = config.variable.zone_id.default; name = "www"; type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value"; - proxied = true; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; + proxied = false; + ttl = 3600; }; - cloudflare_record.wildcard = { - zone_id = config.variable.zone_id; + cloudflare_dns_record.wildcard = { + zone_id = config.variable.zone_id.default; name = "*"; type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value"; - proxied = true; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; + proxied = false; + ttl = 3600; }; }; } From 14c4440dd1fa31f0589ed6c3a8f91cfa6fab2f20 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 10:34:57 -0300 Subject: [PATCH 029/138] forgejo: disable singup; document root password --- hosts/trantor/forgejo.nix | 1 + secrets/forgejo-root-password.age | Bin 0 -> 465 bytes secrets/secrets.nix | 5 +++++ 3 files changed, 6 insertions(+) create mode 100644 secrets/forgejo-root-password.age diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix index c11573e..a89526d 100644 --- a/hosts/trantor/forgejo.nix +++ b/hosts/trantor/forgejo.nix @@ -24,6 +24,7 @@ in log.LEVEL = "Warn"; mailer.ENABLED = false; actions.ENABLED = false; + service.DISABLE_REGISTRATION = true; }; }; diff --git a/secrets/forgejo-root-password.age b/secrets/forgejo-root-password.age new file mode 100644 index 0000000000000000000000000000000000000000..90be612af57adcc9b8db836f5f02ed55ff0377b3 GIT binary patch literal 465 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlPD{zlPge*@GRiN@ zHVXH)D2u9$DhM{M@-y(LEGW&3(66X4_6rKl3(GSP49cuB_T(z{3yw514D|_h%SlNs ztnlzRGPg7fb#pc;&#KTb&aTSNkF+R{NHj0fH$k_}A~M)9vs|Gf%AnB8#VIu0(=EKn zqd;5R$EncB)6_WIH7YgS$uuv|JkKPoB0xVl!-6X{#XrN(AS=QnDX*%+G$hC@E6*`M zG^jYpJU3t4Ei=p2FW0!ZJkLGQ&jQ`Hz!Kv?ZAXQaLU)6RLf5nsSAYG)l3YhW-w59b zzyEz)TZU*ATZz{cZdy`tCv literal 0 HcmV?d00001 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 84b14d6..a90cd74 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -27,4 +27,9 @@ in rotterdam-user alexandria ]; + "forgejo-root-password.age".publicKeys = [ + io-user + rotterdam-user + trantor + ]; } From 6f1aca7b01a825e71bb7db10e9968ade435e57b0 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 11:11:55 -0300 Subject: [PATCH 030/138] Configure Forgejo OAuth2 and disable public registration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add OAuth2 client configuration to enable auto-registration via SSO with Kanidm, while disabling direct public registration. Users can now authenticate through the identity provider with automatic account creation and avatar syncing. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- hosts/trantor/forgejo.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix index a89526d..9688458 100644 --- a/hosts/trantor/forgejo.nix +++ b/hosts/trantor/forgejo.nix @@ -25,6 +25,12 @@ in mailer.ENABLED = false; actions.ENABLED = false; service.DISABLE_REGISTRATION = true; + oauth2_client = { + ENABLE_AUTO_REGISTRATION = true; + UPDATE_AVATAR = true; + ACCOUNT_LINKING = "login"; + USERNAME = "preferred_username"; + }; }; }; From 878c4aa3ea7d8c642c2979895c33bf533094f54f Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 11:12:06 -0300 Subject: [PATCH 031/138] Add public visibility flags to service definitions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mark services as public or private to control external access: - Public: vaultwarden, forgejo, nextcloud - Private: kanidm, jellyfin This enables proper routing and firewall configuration based on intended service visibility. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- shared/services.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/shared/services.nix b/shared/services.nix index 8870258..ebd51de 100644 --- a/shared/services.nix +++ b/shared/services.nix @@ -8,6 +8,7 @@ name = "kanidm"; domain = "auth.baduhai.dev"; host = "alexandria"; + public = false; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 8443; @@ -16,6 +17,7 @@ name = "vaultwarden"; domain = "pass.baduhai.dev"; host = "alexandria"; + public = true; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 8222; @@ -24,6 +26,7 @@ name = "forgejo"; domain = "git.baduhai.dev"; host = "trantor"; + public = true; tailscaleIP = "100.108.5.90"; port = 3000; } @@ -31,6 +34,7 @@ name = "nextcloud"; domain = "cloud.baduhai.dev"; host = "alexandria"; + public = true; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 443; @@ -39,6 +43,7 @@ name = "jellyfin"; domain = "jellyfin.baduhai.dev"; host = "alexandria"; + public = false; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 8096; From ad9d565a8f365d2530b0889edb15613dc6ea330a Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 11:20:21 -0300 Subject: [PATCH 032/138] Route DNS based on service visibility flags MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace wildcard DNS with dynamic service-based routing that reads from shared/services.nix. Public services (forgejo, vaultwarden, nextcloud) point to trantor's public IP for external access, while private services (kanidm, jellyfin) point to tailscale IPs for internal-only access. This provides granular control over service exposure without manual DNS management. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- shared/services.nix | 2 - terranix/cloudflare/baduhai.dev.nix | 74 +++++++++++++++++++---------- 2 files changed, 49 insertions(+), 27 deletions(-) diff --git a/shared/services.nix b/shared/services.nix index ebd51de..d267792 100644 --- a/shared/services.nix +++ b/shared/services.nix @@ -8,7 +8,6 @@ name = "kanidm"; domain = "auth.baduhai.dev"; host = "alexandria"; - public = false; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 8443; @@ -43,7 +42,6 @@ name = "jellyfin"; domain = "jellyfin.baduhai.dev"; host = "alexandria"; - public = false; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 8096; diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix index b74484c..3a5e6ee 100644 --- a/terranix/cloudflare/baduhai.dev.nix +++ b/terranix/cloudflare/baduhai.dev.nix @@ -3,7 +3,38 @@ # AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage # AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage -{ config, ... }: +{ config, lib, ... }: + +let + inherit (import ../../shared/services.nix) services; + + # Helper to extract subdomain from full domain (e.g., "git.baduhai.dev" -> "git") + getSubdomain = domain: lib.head (lib.splitString "." domain); + + # Generate DNS records for services + # Public services point to trantor's public IP + # Private services point to their tailscale IP + mkServiceRecords = lib.listToAttrs ( + lib.imap0 (i: svc: + let + subdomain = getSubdomain svc.domain; + targetIP = if svc.public or false + then config.data.terraform_remote_state.trantor "outputs.instance_public_ip" + else svc.tailscaleIP; + in { + name = "service_${toString i}"; + value = { + zone_id = config.variable.zone_id.default; + name = subdomain; + type = "A"; + content = targetIP; + proxied = false; + ttl = 3600; + }; + } + ) services + ); +in { terraform.required_providers.cloudflare = { @@ -48,31 +79,24 @@ }; resource = { - cloudflare_dns_record.root = { - zone_id = config.variable.zone_id.default; - name = "@"; - type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; - proxied = false; - ttl = 3600; - }; + cloudflare_dns_record = mkServiceRecords // { + root = { + zone_id = config.variable.zone_id.default; + name = "@"; + type = "A"; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; + proxied = false; + ttl = 3600; + }; - cloudflare_dns_record.www = { - zone_id = config.variable.zone_id.default; - name = "www"; - type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; - proxied = false; - ttl = 3600; - }; - - cloudflare_dns_record.wildcard = { - zone_id = config.variable.zone_id.default; - name = "*"; - type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; - proxied = false; - ttl = 3600; + www = { + zone_id = config.variable.zone_id.default; + name = "www"; + type = "A"; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; + proxied = false; + ttl = 3600; + }; }; }; } From cd17bf25617f3922b7ccbdfd5a1bfdb9b7b10002 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 12:36:43 -0300 Subject: [PATCH 033/138] only forgejo is public for now --- shared/services.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/shared/services.nix b/shared/services.nix index d267792..44f9208 100644 --- a/shared/services.nix +++ b/shared/services.nix @@ -16,7 +16,6 @@ name = "vaultwarden"; domain = "pass.baduhai.dev"; host = "alexandria"; - public = true; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 8222; @@ -33,7 +32,6 @@ name = "nextcloud"; domain = "cloud.baduhai.dev"; host = "alexandria"; - public = true; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 443; From f1b6be6f3ff1311d7041b194ebdd3956a70fb71d Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 13:00:17 -0300 Subject: [PATCH 034/138] Add fail2ban configuration for SSH and Forgejo on Trantor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Configure fail2ban with progressive ban times (1h base, up to 10000h max) - Add SSH jail with password authentication disabled - Add Forgejo jail using systemd journal backend - Ignore private networks and Tailscale IPs - Set Forgejo to 10 retries per hour, 15min initial ban 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- hosts/trantor/fail2ban.nix | 43 +++++++++++++++++++++++++ hosts/trantor/forgejo.nix | 65 ++++++++++++++++++++++++-------------- hosts/trantor/openssh.nix | 23 ++++++++++++++ 3 files changed, 107 insertions(+), 24 deletions(-) create mode 100644 hosts/trantor/fail2ban.nix create mode 100644 hosts/trantor/openssh.nix diff --git a/hosts/trantor/fail2ban.nix b/hosts/trantor/fail2ban.nix new file mode 100644 index 0000000..4ef1bbc --- /dev/null +++ b/hosts/trantor/fail2ban.nix @@ -0,0 +1,43 @@ +{ config, pkgs, ... }: + +{ + services.fail2ban = { + enable = true; + maxretry = 5; + ignoreIP = [ + "127.0.0.0/8" + "::1" + "10.0.0.0/8" + "172.16.0.0/12" + "192.168.0.0/16" + "100.64.0.0/10" + ]; + + bantime = "1h"; + bantime-increment = { + enable = true; + multipliers = "1 2 4 8 16 32 64"; + maxtime = "10000h"; + overalljails = true; + }; + + jails.forgejo = { + settings = { + enabled = true; + filter = "forgejo"; + backend = "systemd"; + maxretry = 10; + findtime = "1h"; + bantime = "15m"; + }; + }; + }; + + # Custom fail2ban filter for Forgejo using systemd journal + environment.etc."fail2ban/filter.d/forgejo.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + journalmatch = _SYSTEMD_UNIT=forgejo.service + failregex = Failed authentication attempt for .+ from :\d+: + ignoreregex = + ''); +} diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix index 9688458..227bcb4 100644 --- a/hosts/trantor/forgejo.nix +++ b/hosts/trantor/forgejo.nix @@ -9,33 +9,50 @@ let inherit (utils) mkNginxVHosts; in { - services.forgejo = { - enable = true; - repositoryRoot = "/data/forgejo"; - settings = { - session.COOKIE_SECURE = true; - server = { - PROTOCOL = "http+unix"; - DOMAIN = "git.baduhai.dev"; - ROOT_URL = "https://git.baduhai.dev"; - OFFLINE_MODE = true; # disable use of CDNs - SSH_DOMAIN = "baduhai.dev"; + services = { + forgejo = { + enable = true; + repositoryRoot = "/data/forgejo"; + settings = { + session.COOKIE_SECURE = true; + server = { + PROTOCOL = "http+unix"; + DOMAIN = "git.baduhai.dev"; + ROOT_URL = "https://git.baduhai.dev"; + OFFLINE_MODE = true; # disable use of CDNs + SSH_DOMAIN = "baduhai.dev"; + }; + log.LEVEL = "Warn"; + mailer.ENABLED = false; + actions.ENABLED = false; + service.DISABLE_REGISTRATION = true; + oauth2_client = { + ENABLE_AUTO_REGISTRATION = true; + UPDATE_AVATAR = true; + ACCOUNT_LINKING = "login"; + USERNAME = "preferred_username"; + }; }; - log.LEVEL = "Warn"; - mailer.ENABLED = false; - actions.ENABLED = false; - service.DISABLE_REGISTRATION = true; - oauth2_client = { - ENABLE_AUTO_REGISTRATION = true; - UPDATE_AVATAR = true; - ACCOUNT_LINKING = "login"; - USERNAME = "preferred_username"; + }; + nginx.virtualHosts = mkNginxVHosts { + domains."git.baduhai.dev".locations."/".proxyPass = + "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; + }; + fail2ban.jails.forgejo = { + settings = { + enabled = true; + filter = "forgejo"; + logpath = "${config.services.forgejo.stateDir}/log/forgejo.log"; + maxretry = 10; + findtime = "1h"; + bantime = "15m"; }; }; }; - services.nginx.virtualHosts = mkNginxVHosts { - domains."git.baduhai.dev".locations."/".proxyPass = - "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; - }; + environment.etc."fail2ban/filter.d/forgejo.conf".text = '' + [Definition] + failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from + ignoreregex = + ''; } diff --git a/hosts/trantor/openssh.nix b/hosts/trantor/openssh.nix new file mode 100644 index 0000000..51d8795 --- /dev/null +++ b/hosts/trantor/openssh.nix @@ -0,0 +1,23 @@ +{ ... }: + +{ + services = { + openssh = { + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; + fail2ban.jails.sshd = { + settings = { + enabled = true; + port = "ssh"; + filter = "sshd"; + logpath = "/var/log/auth.log"; + maxretry = 5; + findtime = "10m"; + bantime = "1h"; + }; + }; + }; +} From f979314a3cc34dc37c99f2928cd163f0327907d1 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 13:15:12 -0300 Subject: [PATCH 035/138] new readme --- readme.md | 184 ++++++++++++++++++++++-------------------------------- 1 file changed, 74 insertions(+), 110 deletions(-) diff --git a/readme.md b/readme.md index 2804237..1f44455 100644 --- a/readme.md +++ b/readme.md @@ -1,123 +1,87 @@ # NixOS Configuration -A declarative, modular NixOS/Home Manager flake configuration managing multiple systems with a tag-based architecture for maximum code reuse and flexibility. +My personal NixOS configuration for multiple hosts, users, resources... too many things to list. If I could put my life in a flake I would. ## Hosts -| Host | Type | System | Version | Description | -|------|------|--------|---------|-------------| -| **rotterdam** | Desktop | x86_64-linux | NixOS Unstable | Primary workstation with gaming, development | -| **io** | Laptop | x86_64-linux | NixOS Unstable | Mobile workstation | -| **alexandria** | Server/NAS | x86_64-linux | NixOS 25.05 | Personal server running Nextcloud, Forgejo, Jellyfin, Vaultwarden | -| **trantor** | VPS | aarch64-linux | NixOS 25.05 | Oracle Cloud instance | +### Desktop Systems +- **rotterdam** - Main desktop workstation (x86_64) + - Features: Desktop, AI tools, Bluetooth, Dev environment, Gaming, Virtualization (libvirtd), Podman + - Storage: Ephemeral root with LUKS encryption -## Key Features +- **io** - Secondary desktop (x86_64) + - Features: Desktop, AI tools, Bluetooth, Dev environment, Podman + - Storage: Ephemeral root with LUKS encryption -### Architecture -- **Tag-based module system** - Compose configurations using tags instead of traditional inheritance -- **Flake-based** - Fully reproducible builds with locked dependencies -- **Multi-platform** - Supports both x86_64 and aarch64 architectures -- **Deployment automation** - Remote deployment via deploy-rs +### Servers +- **alexandria** - Home server (x86_64) + - Hosts: Nextcloud, Vaultwarden, Jellyfin, Kanidm -### Desktop Experience -- **Niri compositor** - Custom fork with auto-centering window columns -- **Unified theming** - Stylix-based theming -- **Wayland-native** - Full Wayland support -- **Ephemeral root** - Impermanent filesystem using BTRFS for atomic rollback capability +- **trantor** - Cloud server (aarch64) + - Hosts: Forgejo + - Cloud provider: Oracle Cloud Infrastructure + - Storage: Ephemeral root with btrfs -### Self-Hosted Services -- **Nextcloud** - Cloud storage with calendar, contacts, and notes -- **Forgejo** - Self-hosted Git server -- **Jellyfin** - Media streaming -- **Vaultwarden** - Password manager backend -- **LibreSpeed** - Network speed testing -- All services behind Nginx and Tailscale with automatic SSL via Let's Encrypt +## Home Manager Configurations + +- **user@rotterdam** - Full desktop setup with gaming, OBS, and complete development environment +- **user@io** - Lightweight desktop setup + +Both configurations include: +- btop, direnv, helix, starship, tmux +- Stylix theme management +- Fish shell with custom configurations + +## Terranix Configurations + +Infrastructure as code using Terranix (NixOS + Terraform/OpenTofu): + +- **oci-trantor** - Oracle Cloud Infrastructure provisioning for Trantor server +- **cloudflare-baduhaidev** - DNS and CDN configuration for baduhai.dev domain +- **tailscale-tailnet** - Tailscale network ACL and device management + +## Services + +All services are accessible via custom domains under baduhai.dev: + +- **Kanidm** (auth.baduhai.dev) - Identity and access management +- **Vaultwarden** (pass.baduhai.dev) - Password manager +- **Forgejo** (git.baduhai.dev) - Git forge (publicly accessible) +- **Nextcloud** (cloud.baduhai.dev) - File sync and collaboration +- **Jellyfin** (jellyfin.baduhai.dev) - Media server + +Services are accessible via: +- LAN for alexandria-hosted services +- Tailscale VPN for all services +- Public internet for Forgejo only + +## Notable Features + +### Ephemeral Root +Rotterdam, io, and trantor use an ephemeral root filesystem that resets on every boot: +- Root filesystem is automatically rolled back using btrfs snapshots +- Old snapshots retained for 30 days +- Persistent data stored in dedicated subvolumes +- Implements truly stateless systems + +### Custom DNS Architecture +- Unbound DNS servers on both alexandria and trantor +- Service routing based on visibility flags (public/LAN/Tailscale) +- Split-horizon DNS for optimal access paths ### Security -- **Agenix** - Encrypted secrets management -- **Tailscale** - Zero-config VPN mesh network -- **Firewall** - Configured on all hosts -- SSH key-based authentication +- LUKS full-disk encryption on desktop systems +- Fail2ban on public-facing servers +- agenix for secrets management +- Tailscale for secure remote access -## Repository Structure +### Desktop Environment +- Custom Niri window manager (Wayland compositor) +- Using forked version with auto-centering feature +- Stylix for consistent theming -``` -. -├── flake.nix # Main flake definition -├── utils.nix # Tag-based module system utilities -├── nixosConfigurations.nix # Host definitions with tags -├── homeConfigurations.nix # User configurations -├── deploy.nix # Remote deployment configuration -├── hosts/ -│ ├── alexandria/ # Server-specific config -│ ├── io/ # Laptop-specific config -│ ├── rotterdam/ # Desktop-specific config -│ ├── trantor/ # VPS-specific config -│ └── modules/ -│ ├── common/ # Shared base configuration -│ ├── desktop/ # Desktop environment setup -│ ├── server/ # Server-specific modules -│ └── [tag].nix # Optional feature modules -├── users/ -│ └── modules/ # Home Manager configurations -│ └── [tag].nix # Optional feature modules -├── packages/ # Custom package definitions -└── secrets/ # Encrypted secrets (agenix) -``` - -## Tag System - -Configurations are composed using tags that map to modules: - -**Common Tags** (all hosts): -- `common` - Base system configuration (automatically applied) - -**General Tags**: -- `desktop` - *Mostly* full desktop environment with Niri WM -- `dev` - Development tools and environments -- `gaming` - Steam, Heroic, gamemode, controller support -- `ephemeral` - Impermanent root filesystem -- `networkmanager` - WiFi and network management -- `libvirtd` - KVM/QEMU virtualization -- `podman` - Container runtime -- `bluetooth` - Bluetooth support -- `fwupd` - Firmware update daemon - -**Server Tags**: -- `server` - Server-specific configuration - -## Usage - -### Rebuilding a Configuration - -```bash -# Local rebuild -sudo nixos-rebuild switch --flake .#hostname - -# Remote deployment -deploy .#hostname -``` - -### Updating Dependencies - -```bash -nix flake update -``` - -### Adding a New Host - -1. Create host directory in `hosts/` -2. Define configuration in `nixosConfigurations.nix` with appropriate tags -3. Add deployment profile in `deploy.nix` if needed - -## Dependencies - -- [nixpkgs](https://github.com/NixOS/nixpkgs) - Stable (25.05) and unstable channels -- [home-manager](https://github.com/nix-community/home-manager) - User configuration -- [agenix](https://github.com/ryantm/agenix) - Secrets management -- [disko](https://github.com/nix-community/disko) - Declarative disk partitioning -- [stylix](https://github.com/danth/stylix) - System-wide theming -- [niri-flake](https://github.com/sodiboo/niri-flake) - Wayland compositor (custom fork) -- [impermanence](https://github.com/nix-community/impermanence) - Ephemeral filesystem support -- [deploy-rs](https://github.com/serokell/deploy-rs) - Remote deployment -- [nix-flatpak](https://github.com/gmodena/nix-flatpak) - Declarative Flatpak management +### Development Setup +- Nix flakes for reproducible builds +- deploy-rs for automated deployments +- Podman for containerization +- Complete AI tooling integration From 0961eb8f767d8be58798df36fbac01522f187745 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 13:37:04 -0300 Subject: [PATCH 036/138] dns records only for actual services --- .gitignore | 2 ++ terranix/cloudflare/baduhai.dev.nix | 36 ++++++++--------------------- 2 files changed, 12 insertions(+), 26 deletions(-) diff --git a/.gitignore b/.gitignore index b59fd44..73105bb 100644 --- a/.gitignore +++ b/.gitignore @@ -3,6 +3,8 @@ result result-* .direnv/ oci-trantor/ +tailscale-tailnet/ +cloudflare-baduhaidev # Personal notes and temporary files todo.md diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix index 3a5e6ee..1b456f3 100644 --- a/terranix/cloudflare/baduhai.dev.nix +++ b/terranix/cloudflare/baduhai.dev.nix @@ -15,13 +15,17 @@ let # Public services point to trantor's public IP # Private services point to their tailscale IP mkServiceRecords = lib.listToAttrs ( - lib.imap0 (i: svc: + lib.imap0 ( + i: svc: let subdomain = getSubdomain svc.domain; - targetIP = if svc.public or false - then config.data.terraform_remote_state.trantor "outputs.instance_public_ip" - else svc.tailscaleIP; - in { + targetIP = + if svc.public or false then + config.data.terraform_remote_state.trantor "outputs.instance_public_ip" + else + svc.tailscaleIP; + in + { name = "service_${toString i}"; value = { zone_id = config.variable.zone_id.default; @@ -78,25 +82,5 @@ in }; }; - resource = { - cloudflare_dns_record = mkServiceRecords // { - root = { - zone_id = config.variable.zone_id.default; - name = "@"; - type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; - proxied = false; - ttl = 3600; - }; - - www = { - zone_id = config.variable.zone_id.default; - name = "www"; - type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; - proxied = false; - ttl = 3600; - }; - }; - }; + resource.cloudflare_dns_record = mkServiceRecords; } From 3d71b8c1b849fa6b31ae1480a03f66f0a26b3d01 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 13:41:41 -0300 Subject: [PATCH 037/138] update readme.md --- readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/readme.md b/readme.md index 1f44455..7de1cbe 100644 --- a/readme.md +++ b/readme.md @@ -1,6 +1,6 @@ -# NixOS Configuration +# Nix Configuration -My personal NixOS configuration for multiple hosts, users, resources... too many things to list. If I could put my life in a flake I would. +My personal Nix configuration for multiple NixOS hosts, home-manager users, miscellaneous resources... too many things to list. If I could put my life in a flake I would. ## Hosts From 09a4092b92ad0492d486a893232352775cff3105 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 13:56:57 -0300 Subject: [PATCH 038/138] better noctalia integration for niri --- users/modules/desktop/niri.nix | 43 ++++++++++++++++------------------ 1 file changed, 20 insertions(+), 23 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 1f6a1bf..4d18e6a 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -8,7 +8,6 @@ let isRotterdam = hostname == "rotterdam"; - noctalia = "${lib.getExe inputs.noctalia.packages.${pkgs.system}.default}"; in { @@ -30,7 +29,10 @@ in }; home = { - packages = with pkgs; [ xwayland-satellite ]; + packages = with pkgs; [ + xwayland-satellite + inputs.noctalia.packages.${pkgs.system}.default + ]; sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; }; @@ -91,23 +93,18 @@ in inactive-color "#505050" urgent-color "#9b0000" } - tab-indicator { - width 4 - gap 4 - place-within-column - } - ${lib.optionalString isRotterdam '' - struts { - left 8 - right 8 - }''} + tab-indicator { + width 4 + gap 4 + place-within-column + } } overview { zoom 0.65 } - spawn-at-startup "${noctalia}" + spawn-at-startup "noctalia-shell" "-d" layer-rule { match namespace="^wallpaper$" place-within-backdrop true @@ -143,18 +140,18 @@ in } binds { - Alt+Space { spawn "${noctalia}" "ipc" "call" "launcher" "toggle"; } - XF86AudioRaiseVolume allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "volume" "increase"; } - XF86AudioLowerVolume allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "volume" "decrease"; } - XF86AudioMute allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "volume" "muteOutput"; } - XF86MonBrightnessUp allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "brightness" "increase"; } - XF86MonBrightnessDown allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "brightness" "decrease"; } + Alt+Space { spawn "noctalia-shell" "ipc" "call" "launcher" "toggle"; } + XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; } + XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; } + XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; } + XF86MonBrightnessUp allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "increase"; } + XF86MonBrightnessDown allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "decrease"; } XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; } XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } - Mod+V { spawn "${noctalia}" "ipc" "call" "launcher" "clipboard"; } - Mod+Shift+L { spawn "${noctalia}" "ipc" "call" "lockScreen" "toggle"; } + Mod+V { spawn "noctalia-shell" "ipc" "call" "launcher" "clipboard"; } + Mod+Shift+L { spawn "noctalia-shell" "ipc" "call" "lockScreen" "toggle"; } Mod+Return { spawn "ghostty"; } Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } Mod+W repeat=false { toggle-overview; } @@ -228,8 +225,8 @@ in Mod+Print { screenshot; } Ctrl+Print { screenshot-window; } Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } - Mod+Alt+E { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } - Ctrl+Alt+Delete { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } + Mod+Alt+E { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } + Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } Mod+Ctrl+P { power-off-monitors; } } ''; From 5af6c53d817710c3a26e403b9b9c3d0439311efd Mon Sep 17 00:00:00 2001 From: william Date: Sun, 9 Nov 2025 16:28:17 -0300 Subject: [PATCH 039/138] Update readme.md --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 7de1cbe..a2b815f 100644 --- a/readme.md +++ b/readme.md @@ -9,7 +9,7 @@ My personal Nix configuration for multiple NixOS hosts, home-manager users, misc - Features: Desktop, AI tools, Bluetooth, Dev environment, Gaming, Virtualization (libvirtd), Podman - Storage: Ephemeral root with LUKS encryption -- **io** - Secondary desktop (x86_64) +- **io** - Laptop workstation (x86_64) - Features: Desktop, AI tools, Bluetooth, Dev environment, Podman - Storage: Ephemeral root with LUKS encryption From 5906fa6f3656db778ff9e9e09b510b5091286fa7 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 16:31:52 -0300 Subject: [PATCH 040/138] fix forgejo's ssh domain --- hosts/trantor/forgejo.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix index 227bcb4..25acf4e 100644 --- a/hosts/trantor/forgejo.nix +++ b/hosts/trantor/forgejo.nix @@ -20,7 +20,7 @@ in DOMAIN = "git.baduhai.dev"; ROOT_URL = "https://git.baduhai.dev"; OFFLINE_MODE = true; # disable use of CDNs - SSH_DOMAIN = "baduhai.dev"; + SSH_DOMAIN = "git.baduhai.dev"; }; log.LEVEL = "Warn"; mailer.ENABLED = false; From ae6d46012baec67e00c58328fbb5148da6cfad53 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 16:57:17 -0300 Subject: [PATCH 041/138] fail2ban: fix config; forgejo: repository path and persistency --- hosts/trantor/fail2ban.nix | 20 -------------------- hosts/trantor/forgejo.nix | 34 ++++++++++++++++++++++++---------- hosts/trantor/openssh.nix | 2 +- 3 files changed, 25 insertions(+), 31 deletions(-) diff --git a/hosts/trantor/fail2ban.nix b/hosts/trantor/fail2ban.nix index 4ef1bbc..bc05139 100644 --- a/hosts/trantor/fail2ban.nix +++ b/hosts/trantor/fail2ban.nix @@ -12,7 +12,6 @@ "192.168.0.0/16" "100.64.0.0/10" ]; - bantime = "1h"; bantime-increment = { enable = true; @@ -20,24 +19,5 @@ maxtime = "10000h"; overalljails = true; }; - - jails.forgejo = { - settings = { - enabled = true; - filter = "forgejo"; - backend = "systemd"; - maxretry = 10; - findtime = "1h"; - bantime = "15m"; - }; - }; }; - - # Custom fail2ban filter for Forgejo using systemd journal - environment.etc."fail2ban/filter.d/forgejo.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - journalmatch = _SYSTEMD_UNIT=forgejo.service - failregex = Failed authentication attempt for .+ from :\d+: - ignoreregex = - ''); } diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix index 25acf4e..fdfa64a 100644 --- a/hosts/trantor/forgejo.nix +++ b/hosts/trantor/forgejo.nix @@ -4,15 +4,16 @@ inputs, ... }: + let utils = import ../../utils.nix { inherit inputs lib; }; inherit (utils) mkNginxVHosts; in + { services = { forgejo = { enable = true; - repositoryRoot = "/data/forgejo"; settings = { session.COOKIE_SECURE = true; server = { @@ -42,17 +43,30 @@ in settings = { enabled = true; filter = "forgejo"; - logpath = "${config.services.forgejo.stateDir}/log/forgejo.log"; - maxretry = 10; - findtime = "1h"; - bantime = "15m"; + maxretry = 3; + findtime = "10m"; + bantime = "1h"; }; }; }; - environment.etc."fail2ban/filter.d/forgejo.conf".text = '' - [Definition] - failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from - ignoreregex = - ''; + environment = { + etc."fail2ban/filter.d/forgejo.conf".text = '' + [Definition] + failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from + ignoreregex = + journalmatch = _SYSTEMD_UNIT=forgejo.service + ''; + + persistence.main.directories = [ + { + directory = config.services.forgejo.stateDir; + inherit (config.services.forgejo) user group; + mode = "0700"; + } + ]; + }; + + # Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories + systemd.services.forgejo.serviceConfig.PrivateMounts = lib.mkForce false; } diff --git a/hosts/trantor/openssh.nix b/hosts/trantor/openssh.nix index 51d8795..704b3df 100644 --- a/hosts/trantor/openssh.nix +++ b/hosts/trantor/openssh.nix @@ -14,7 +14,7 @@ port = "ssh"; filter = "sshd"; logpath = "/var/log/auth.log"; - maxretry = 5; + maxretry = 3; findtime = "10m"; bantime = "1h"; }; From bb0ea2769656f6278e632ad65310bc57d6569513 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 19:01:37 -0300 Subject: [PATCH 042/138] niri keybinds --- users/modules/desktop/niri.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 4d18e6a..08bcc4a 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -167,10 +167,6 @@ in Mod+L { focus-column-right; } Mod+J { focus-window-or-workspace-down; } Mod+K { focus-window-or-workspace-up; } - Ctrl+Alt+J { focus-workspace-down; } - Ctrl+Alt+K { focus-workspace-up; } - Ctrl+Alt+Down { focus-workspace-down; } - Ctrl+Alt+Up { focus-workspace-up; } Mod+Ctrl+Left { move-column-left; } Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } From b602a78bb33f941deaa4d74c911ab9b8e8574f82 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 10 Nov 2025 07:51:29 -0300 Subject: [PATCH 043/138] vicinae as a launcher --- flake.lock | 71 ++++++++++++++++++++++++++++++- flake.nix | 2 + users/modules/desktop/desktop.nix | 8 +++- users/modules/desktop/niri.nix | 4 +- 4 files changed, 81 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 3b994bf..893a87d 100644 --- a/flake.lock +++ b/flake.lock @@ -299,6 +299,24 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_8" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "fromYaml": { "flake": false, "locked": { @@ -647,6 +665,22 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1762111121, + "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1755615617, "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", @@ -877,6 +911,7 @@ "noctalia": "noctalia", "stylix": "stylix", "terranix": "terranix", + "vicinae": "vicinae", "zen-browser": "zen-browser" } }, @@ -1060,6 +1095,21 @@ "type": "github" } }, + "systems_8": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "terranix": { "inputs": { "flake-parts": "flake-parts_3", @@ -1202,6 +1252,25 @@ "type": "github" } }, + "vicinae": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_10" + }, + "locked": { + "lastModified": 1762709887, + "narHash": "sha256-8BoGGsWfkS/2ODBSCYd5HJNFGuLY8fFl27rXmWClXQw=", + "owner": "vicinaehq", + "repo": "vicinae", + "rev": "54722e36137d8273ef0a5db37776fb8302c79238", + "type": "github" + }, + "original": { + "owner": "vicinaehq", + "repo": "vicinae", + "type": "github" + } + }, "xwayland-satellite-stable": { "flake": false, "locked": { @@ -1238,7 +1307,7 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_11" }, "locked": { "lastModified": 1762131860, diff --git a/flake.nix b/flake.nix index af148c1..c5c3880 100644 --- a/flake.nix +++ b/flake.nix @@ -51,6 +51,8 @@ }; nix-ai-tools.url = "github:numtide/nix-ai-tools"; + + vicinae.url = "github:vicinaehq/vicinae"; }; outputs = diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index df6f380..6940e1f 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -1,15 +1,21 @@ { - config, inputs, pkgs, ... }: { + imports = [ inputs.vicinae.homeManagerModules.default ]; + fonts.fontconfig.enable = true; home.packages = with pkgs; [ xwayland-satellite ]; + services.vicinae = { + enable = true; + autoStart = true; + }; + programs = { ghostty = { diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 08bcc4a..09767e6 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -140,7 +140,7 @@ in } binds { - Alt+Space { spawn "noctalia-shell" "ipc" "call" "launcher" "toggle"; } + Alt+Space repeat=false { spawn "vicinae" "toggle"; } XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; } XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; } XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; } @@ -150,7 +150,7 @@ in XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } - Mod+V { spawn "noctalia-shell" "ipc" "call" "launcher" "clipboard"; } + Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; } Mod+Shift+L { spawn "noctalia-shell" "ipc" "call" "lockScreen" "toggle"; } Mod+Return { spawn "ghostty"; } Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } From e95ba0215b47cdabb5a05749baea80146bea95ec Mon Sep 17 00:00:00 2001 From: William Date: Mon, 10 Nov 2025 11:04:55 -0300 Subject: [PATCH 044/138] new ssh key for himalia --- hosts/modules/common/users.nix | 3 ++- terranix/oci/trantor.nix | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/hosts/modules/common/users.nix b/hosts/modules/common/users.nix index 0572153..7dd6490 100644 --- a/hosts/modules/common/users.nix +++ b/hosts/modules/common/users.nix @@ -10,8 +10,9 @@ "wheel" ]; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" ]; hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; }; diff --git a/terranix/oci/trantor.nix b/terranix/oci/trantor.nix index bb06585..170ad04 100644 --- a/terranix/oci/trantor.nix +++ b/terranix/oci/trantor.nix @@ -53,6 +53,7 @@ ssh_public_keys = { default = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" ]; From 489af5a79fe4b563018c39b9d1862a816eebec6b Mon Sep 17 00:00:00 2001 From: William Date: Mon, 10 Nov 2025 11:46:54 -0300 Subject: [PATCH 045/138] new noctalia ipc command --- users/modules/desktop/niri.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 09767e6..0cb5db8 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -151,7 +151,7 @@ in XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; } - Mod+Shift+L { spawn "noctalia-shell" "ipc" "call" "lockScreen" "toggle"; } + Mod+Shift+L repeat=false { spawn "noctalia-shell" "ipc" "call" "lockScreen" "lock"; } Mod+Return { spawn "ghostty"; } Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } Mod+W repeat=false { toggle-overview; } From 0925a66f2218434b3bb70cd0f14b440db7b5fbc7 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 13 Nov 2025 14:26:35 -0300 Subject: [PATCH 046/138] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nix-ai-tools': 'github:numtide/nix-ai-tools/aaee8f2df1325c7f212d769515092162bcac31a7?narHash=sha256-aWt5CgOsQiiq%2BcaxF0iqp56kfHRkv8Tnz0X9DhJeBEE%3D' (2025-11-06) → 'github:numtide/nix-ai-tools/58d5d222d6802a75c1ed637d049ea438d199051a?narHash=sha256-pQ2XzsB/n8E5FWYnICZu/BzkKy8a50EzmUGTCo5SeHg%3D' (2025-11-13) • Updated input 'nix-ai-tools/nixpkgs': 'github:NixOS/nixpkgs/b3d51a0365f6695e7dd5cdf3e180604530ed33b4?narHash=sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw%3D' (2025-11-02) → 'github:NixOS/nixpkgs/9da7f1cf7f8a6e2a7cb3001b048546c92a8258b4?narHash=sha256-SlybxLZ1/e4T2lb1czEtWVzDCVSTvk9WLwGhmxFmBxI%3D' (2025-11-11) • Updated input 'nix-ai-tools/treefmt-nix': 'github:numtide/treefmt-nix/97a30861b13c3731a84e09405414398fbf3e109f?narHash=sha256-aF5fvoZeoXNPxT0bejFUBXeUjXfHLSL7g%2BmjR/p5TEg%3D' (2025-11-06) → 'github:numtide/treefmt-nix/5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4?narHash=sha256-AlEObg0syDl%2BSpi4LsZIBrjw%2BsnSVU4T8MOeuZJUJjM%3D' (2025-11-12) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 893a87d..1a520bd 100644 --- a/flake.lock +++ b/flake.lock @@ -511,11 +511,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1762442079, - "narHash": "sha256-aWt5CgOsQiiq+caxF0iqp56kfHRkv8Tnz0X9DhJeBEE=", + "lastModified": 1763040477, + "narHash": "sha256-pQ2XzsB/n8E5FWYnICZu/BzkKy8a50EzmUGTCo5SeHg=", "owner": "numtide", "repo": "nix-ai-tools", - "rev": "aaee8f2df1325c7f212d769515092162bcac31a7", + "rev": "58d5d222d6802a75c1ed637d049ea438d199051a", "type": "github" }, "original": { @@ -746,11 +746,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1762111121, - "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "lastModified": 1762844143, + "narHash": "sha256-SlybxLZ1/e4T2lb1czEtWVzDCVSTvk9WLwGhmxFmBxI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "rev": "9da7f1cf7f8a6e2a7cb3001b048546c92a8258b4", "type": "github" }, "original": { @@ -1221,11 +1221,11 @@ ] }, "locked": { - "lastModified": 1762410071, - "narHash": "sha256-aF5fvoZeoXNPxT0bejFUBXeUjXfHLSL7g+mjR/p5TEg=", + "lastModified": 1762938485, + "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "97a30861b13c3731a84e09405414398fbf3e109f", + "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4", "type": "github" }, "original": { From eebacb0f1fb1107076f5bd3cebafd95216ab1bad Mon Sep 17 00:00:00 2001 From: William Date: Thu, 13 Nov 2025 19:16:08 -0300 Subject: [PATCH 047/138] add power profiles daemon to io --- hosts/io/services.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/io/services.nix b/hosts/io/services.nix index 90fb737..df41a6f 100644 --- a/hosts/io/services.nix +++ b/hosts/io/services.nix @@ -49,6 +49,7 @@ }; }; upower.enable = true; + power-profiles-daemon.enable = true; }; # TODO: remove once gmodena/nix-flatpak/issues/45 fixed From 1dc55be5e1c4784b14e6eb655029528abf0cdcd1 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 18 Nov 2025 19:09:57 -0300 Subject: [PATCH 048/138] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nix-ai-tools': 'github:numtide/nix-ai-tools/58d5d222d6802a75c1ed637d049ea438d199051a?narHash=sha256-pQ2XzsB/n8E5FWYnICZu/BzkKy8a50EzmUGTCo5SeHg%3D' (2025-11-13) → 'github:numtide/nix-ai-tools/a2dfa932ed37e5b6224b39b4982c85cd8ebcca14?narHash=sha256-n6bChFrCf2/uHzTsZdABUt1%2BUa3n0jinNfamHd5DmBA%3D' (2025-11-17) • Updated input 'nix-ai-tools/blueprint': 'github:numtide/blueprint/633af1961cae8e02bc6195e6e599a6b09bf75217?narHash=sha256-wTQzbbQ6XHtvNJVuhJj%2BytZDRyNtwUKbrIfIvMvKNfQ%3D' (2025-10-28) → 'github:numtide/blueprint/5a9bba070f801d63e2af3c9ef00b86b212429f4f?narHash=sha256-O9Y%2BWer8wOh%2BN%2B4kcCK5p/VLrXyX%2Bktk0/s3HdZvJzk%3D' (2025-11-16) • Updated input 'nix-ai-tools/nixpkgs': 'github:NixOS/nixpkgs/9da7f1cf7f8a6e2a7cb3001b048546c92a8258b4?narHash=sha256-SlybxLZ1/e4T2lb1czEtWVzDCVSTvk9WLwGhmxFmBxI%3D' (2025-11-11) → 'github:NixOS/nixpkgs/85a6c4a07faa12aaccd81b36ba9bfc2bec974fa1?narHash=sha256-3YJkOBrFpmcusnh7i8GXXEyh7qZG/8F5z5%2B717550Hk%3D' (2025-11-16) --- flake.lock | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index 1a520bd..27c3580 100644 --- a/flake.lock +++ b/flake.lock @@ -100,11 +100,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1761645416, - "narHash": "sha256-wTQzbbQ6XHtvNJVuhJj+ytZDRyNtwUKbrIfIvMvKNfQ=", + "lastModified": 1763308703, + "narHash": "sha256-O9Y+Wer8wOh+N+4kcCK5p/VLrXyX+ktk0/s3HdZvJzk=", "owner": "numtide", "repo": "blueprint", - "rev": "633af1961cae8e02bc6195e6e599a6b09bf75217", + "rev": "5a9bba070f801d63e2af3c9ef00b86b212429f4f", "type": "github" }, "original": { @@ -511,11 +511,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1763040477, - "narHash": "sha256-pQ2XzsB/n8E5FWYnICZu/BzkKy8a50EzmUGTCo5SeHg=", + "lastModified": 1763412165, + "narHash": "sha256-n6bChFrCf2/uHzTsZdABUt1+Ua3n0jinNfamHd5DmBA=", "owner": "numtide", "repo": "nix-ai-tools", - "rev": "58d5d222d6802a75c1ed637d049ea438d199051a", + "rev": "a2dfa932ed37e5b6224b39b4982c85cd8ebcca14", "type": "github" }, "original": { @@ -746,16 +746,16 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1762844143, - "narHash": "sha256-SlybxLZ1/e4T2lb1czEtWVzDCVSTvk9WLwGhmxFmBxI=", + "lastModified": 1763312402, + "narHash": "sha256-3YJkOBrFpmcusnh7i8GXXEyh7qZG/8F5z5+717550Hk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9da7f1cf7f8a6e2a7cb3001b048546c92a8258b4", + "rev": "85a6c4a07faa12aaccd81b36ba9bfc2bec974fa1", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } From 53bce23a05b974de409f31ab033de1117f89ed44 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 27 Nov 2025 19:16:59 -0300 Subject: [PATCH 049/138] allow vm interface in firewall --- hosts/modules/libvirtd.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/modules/libvirtd.nix b/hosts/modules/libvirtd.nix index 41cfa27..aa2ae71 100644 --- a/hosts/modules/libvirtd.nix +++ b/hosts/modules/libvirtd.nix @@ -5,6 +5,8 @@ programs.virt-manager.enable = true; + networking.firewall.trustedInterfaces = [ "virbr0" ]; + users.users.user.extraGroups = [ "libvirt" "libvirtd" From b80fe6604ed6c2692e2fefffa2b731221ca1cc53 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 30 Nov 2025 09:46:19 -0300 Subject: [PATCH 050/138] add collabora office flatpak --- hosts/modules/desktop/desktop.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 03ec04b..55f19da 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -87,6 +87,15 @@ flatpak = { enable = true; packages = [ + ### Office & Productivity ### + rec { + appId = "com.collabora.Office"; + sha256 = "1im6s8p6wvj2hblr4mhn1g2rry77giccsi6mk76nk8d6bjp1fwa4"; + bundle = "${pkgs.fetchurl { + url = "https://cdn.collaboraoffice.com/collaboraoffice-v25.04.7.2_final.flatpak"; + inherit sha256; + }}"; + } ### Graphics & Design ### "com.boxy_svg.BoxySVG" rec { From fdf14765fd8bf4efd3031d7e17fd6e272ab33d1a Mon Sep 17 00:00:00 2001 From: William Date: Sun, 30 Nov 2025 09:46:47 -0300 Subject: [PATCH 051/138] cleaner shared services file --- shared/services.nix | 29 ++++++++++++----------------- utils.nix | 14 ++++++++++++-- 2 files changed, 24 insertions(+), 19 deletions(-) diff --git a/shared/services.nix b/shared/services.nix index 44f9208..1173b3b 100644 --- a/shared/services.nix +++ b/shared/services.nix @@ -1,48 +1,43 @@ # Shared service definitions for cross-host configuration -# Used by: -# - alexandria: DNS server (LAN) + service hosting (vaultwarden, nextcloud, jellyfin, kanidm) -# - trantor: DNS server (Tailnet) + service hosting (forgejo) { + # Host IP definitions + hosts = { + alexandria = { + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + }; + trantor = { + tailscaleIP = "100.108.5.90"; + }; + }; + + # Service definitions - IPs are inherited from host services = [ { name = "kanidm"; domain = "auth.baduhai.dev"; host = "alexandria"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - port = 8443; } { name = "vaultwarden"; domain = "pass.baduhai.dev"; host = "alexandria"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - port = 8222; } { name = "forgejo"; domain = "git.baduhai.dev"; host = "trantor"; public = true; - tailscaleIP = "100.108.5.90"; - port = 3000; } { name = "nextcloud"; domain = "cloud.baduhai.dev"; host = "alexandria"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - port = 443; } { name = "jellyfin"; domain = "jellyfin.baduhai.dev"; host = "alexandria"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - port = 8096; } ]; } diff --git a/utils.nix b/utils.nix index 8c20ab9..e65837c 100644 --- a/utils.nix +++ b/utils.nix @@ -11,11 +11,21 @@ let # Import shared service definitions sharedServices = import ./shared/services.nix; + + # Enrich services with host IP information + enrichedServices = builtins.map (svc: + let + hostInfo = sharedServices.hosts.${svc.host} or {}; + in + svc // lib.optionalAttrs (hostInfo ? lanIP) { inherit (hostInfo) lanIP; } + // lib.optionalAttrs (hostInfo ? tailscaleIP) { inherit (hostInfo) tailscaleIP; } + ) sharedServices.services; in { - # Re-export shared services for use in host configs - inherit (sharedServices) services; + # Re-export enriched services and hosts for use in host configs + services = enrichedServices; + inherit (sharedServices) hosts; # Tag-based host configuration system mkHost = { From 52169c319cfe17113522e36fdad334cfb951c765 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 30 Nov 2025 09:59:31 -0300 Subject: [PATCH 052/138] collabora is now the online office suite --- hosts/modules/desktop/desktop.nix | 2 -- users/modules/desktop/desktop.nix | 18 +++++++++--------- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 55f19da..cbb4fa0 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -31,8 +31,6 @@ aspellDicts.en aspellDicts.en-computers aspellDicts.pt_BR - libreoffice - onlyoffice-desktopeditors papers presenterm rnote diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index 6940e1f..0d95c56 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -100,17 +100,17 @@ "text/x-log" = "Helix.desktop"; "application/x-shellscript" = "Helix.desktop"; "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = - "onlyoffice-desktopeditors.desktop"; # DOCX + "com.collabora.Office.desktop"; # DOCX "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = - "onlyoffice-desktopeditors.desktop"; # XLSX + "com.collabora.Office.desktop"; # XLSX "application/vnd.openxmlformats-officedocument.presentationml.presentation" = - "onlyoffice-desktopeditors.desktop"; # PPTX - "application/vnd.oasis.opendocument.text" = "onlyoffice-desktopeditors.desktop"; # ODT - "application/vnd.oasis.opendocument.spreadsheet" = "onlyoffice-desktopeditors.desktop"; # ODS - "application/vnd.oasis.opendocument.presentation" = "onlyoffice-desktopeditors.desktop"; # ODP - "application/msword" = "onlyoffice-desktopeditors.desktop"; # DOC - "application/vnd.ms-excel" = "onlyoffice-desktopeditors.desktop"; # XLS - "application/vnd.ms-powerpoint" = "onlyoffice-desktopeditors.desktop"; # PPT + "com.collabora.Office.desktop"; # PPTX + "application/vnd.oasis.opendocument.text" = "com.collabora.Office.desktop"; # ODT + "application/vnd.oasis.opendocument.spreadsheet" = "com.collabora.Office.desktop"; # ODS + "application/vnd.oasis.opendocument.presentation" = "com.collabora.Office.desktop"; # ODP + "application/msword" = "com.collabora.Office.desktop"; # DOC + "application/vnd.ms-excel" = "com.collabora.Office.desktop"; # XLS + "application/vnd.ms-powerpoint" = "com.collabora.Office.desktop"; # PPT "application/zip" = "org.gnome.FileRoller.desktop"; "application/x-tar" = "org.gnome.FileRoller.desktop"; "application/x-compressed-tar" = "org.gnome.FileRoller.desktop"; From dc618a8d2853dbd344910cdaed22dac5371e965a Mon Sep 17 00:00:00 2001 From: William Date: Sun, 14 Dec 2025 11:01:03 -0300 Subject: [PATCH 053/138] update nixpkgs-stable to 25.11 --- flake.nix | 2 +- nixosConfigurations.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index c5c3880..d65e9d8 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ flake-parts.url = "github:hercules-ci/flake-parts"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05"; + nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11"; home-manager = { url = "github:nix-community/home-manager/master"; diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index c4969c1..43a0bba 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -38,7 +38,7 @@ in alexandria = mkHost { hostname = "alexandria"; tags = [ - # "server" TODO: uncomment when 25.11 is out. + "server" "fwupd" ]; }; From 7a0353280e49356d2641dc82630f08cd19baaed0 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 14 Dec 2025 11:02:15 -0300 Subject: [PATCH 054/138] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/9ba0d85de3eaa7afeab493fed622008b6e4924f5?narHash=sha256-lsNWuj4Z%2BpE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94%3D' (2025-10-28) → 'github:ryantm/agenix/fcdea223397448d35d9b31f798479227e80183f6?narHash=sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L%2BVSybPfiIgzU8lbQ%3D' (2025-11-08) • Updated input 'deploy-rs': 'github:serokell/deploy-rs/125ae9e3ecf62fb2c0fd4f2d894eb971f1ecaed2?narHash=sha256-N9gBKUmjwRKPxAafXEk1EGadfk2qDZPBQp4vXWPHINQ%3D' (2025-09-01) → 'github:serokell/deploy-rs/9c870f63e28ec1e83305f7f6cb73c941e699f74f?narHash=sha256-9I2H9x5We6Pl%2BDBYHjR1s3UT8wgwcpAH03kn9CqtdQc%3D' (2025-11-04) • Updated input 'disko': 'github:nix-community/disko/6f4cf5abbe318e4cd1e879506f6eeafd83f7b998?narHash=sha256-XOpKBp6HLzzMCbzW50TEuXN35zN5WGQREC7n34DcNMM%3D' (2025-10-31) → 'github:nix-community/disko/be1a6b8a05afdd5d5fa69fcaf3c4ead7014c9fd8?narHash=sha256-MjrytR2kiHYUnzX11cXaD31tS7kKdhM1KFaac0%2BKAig%3D' (2025-12-14) • Updated input 'disko/nixpkgs': 'github:NixOS/nixpkgs/dab3a6e781554f965bde3def0aa2fda4eb8f1708?narHash=sha256-lFNVsu/mHLq3q11MuGkMhUUoSXEdQjCHvpReaGP1S2k%3D' (2025-07-15) → 'github:NixOS/nixpkgs/a8d610af3f1a5fb71e23e08434d8d61a466fc942?narHash=sha256-v5afmLjn/uyD9EQuPBn7nZuaZVV9r%2BJerayK/4wvdWA%3D' (2025-11-20) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/0010412d62a25d959151790968765a70c436598b?narHash=sha256-z5PlZ47j50VNF3R%2BIMS9LmzI5fYRGY/Z5O5tol1c9I4%3D' (2025-11-01) → 'github:hercules-ci/flake-parts/5635c32d666a59ec9a55cab87e898889869f7b71?narHash=sha256-MhA7wmo/7uogLxiewwRRmIax70g6q1U/YemqTGoFHlM%3D' (2025-12-11) • Updated input 'home-manager': 'github:nix-community/home-manager/8c824254b1ed9e797f6235fc3c62f365893c561a?narHash=sha256-I%2B8yE5HVR2SFcHnW0771psQ/zn0qVzsKHY/gUM0nEVM%3D' (2025-11-03) → 'github:nix-community/home-manager/58bf3ecb2d0bba7bdf363fc8a6c4d49b4d509d03?narHash=sha256-yeCxFV/905Wr91yKt5zrVvK6O2CVXWRMSrxqlAZnLp0%3D' (2025-12-14) • Updated input 'niri-flake': 'github:sodiboo/niri-flake/df17789929ac80f4157b15724450db6a303a6dc9?narHash=sha256-U3SDbk7tIwLChpvb3FL66o8V0byaQ2RGMiy/3oLdxTI%3D' (2025-11-03) → 'github:sodiboo/niri-flake/ded1462ebc03ed723f0f9f5514e72469da687817?narHash=sha256-P9kQIIPSCqmKyHD/9wFZ4ezlqofnAzYBmolSF1f5xog%3D' (2025-12-14) • Updated input 'niri-flake/niri-unstable': 'github:YaLTeR/niri/a2ca2b3c866bc781b12c334a9f949b3db6d7c943?narHash=sha256-anRlNG6t7esBbF1%2BALDeathVBSclA0PEL52Vo0WnN5g%3D' (2025-11-03) → 'github:YaLTeR/niri/7c0898570ca5bd3f10fbf4cf2f8a00edc48d787b?narHash=sha256-Erk%2BypR8N%2BrCvjMdUB1N/v4jtm4QRH9k7r/9zh2HyC8%3D' (2025-12-14) • Updated input 'niri-flake/nixpkgs': 'github:NixOS/nixpkgs/2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15?narHash=sha256-kJ8lIZsiPOmbkJypG%2BB5sReDXSD1KGu2VEPNqhRa/ew%3D' (2025-10-31) → 'github:NixOS/nixpkgs/2fbfb1d73d239d2402a8fe03963e37aab15abe8b?narHash=sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0%3D' (2025-12-11) • Updated input 'niri-flake/nixpkgs-stable': 'github:NixOS/nixpkgs/3de8f8d73e35724bf9abef41f1bdbedda1e14a31?narHash=sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo%3D' (2025-11-01) → 'github:NixOS/nixpkgs/28bb483c11a1214a73f9fd2d9928a6e2ea86ec71?narHash=sha256-9Wx53UK0z8Di5iesJID0tS1dRKwGxI4i7tsSanOHhF0%3D' (2025-12-13) • Updated input 'niri-flake/xwayland-satellite-unstable': 'github:Supreeeme/xwayland-satellite/0728d59ff6463a502e001fb090f6eb92dbc04756?narHash=sha256-fBrUszJXmB4MY%2Bwf3QsCnqWHcz7u7fLq0QMAWCltIQg%3D' (2025-10-28) → 'github:Supreeeme/xwayland-satellite/f0ad674b7009a6afd80cea59d4fbf975dd68ee95?narHash=sha256-HtTPbV6z6AJPg2d0bHaJKFrnNha%2BSEbHvbJafKAQ614%3D' (2025-12-10) • Updated input 'nix-ai-tools': 'github:numtide/nix-ai-tools/a2dfa932ed37e5b6224b39b4982c85cd8ebcca14?narHash=sha256-n6bChFrCf2/uHzTsZdABUt1%2BUa3n0jinNfamHd5DmBA%3D' (2025-11-17) → 'github:numtide/nix-ai-tools/053759f30ef14cbd87c0a1a1d3e7c729ca0db83f?narHash=sha256-VPcX5z0A58pcbRb3I42fBig3zTPm9a71iwrfgkte2J4%3D' (2025-12-14) • Updated input 'nix-ai-tools/nixpkgs': 'github:NixOS/nixpkgs/85a6c4a07faa12aaccd81b36ba9bfc2bec974fa1?narHash=sha256-3YJkOBrFpmcusnh7i8GXXEyh7qZG/8F5z5%2B717550Hk%3D' (2025-11-16) → 'github:NixOS/nixpkgs/23735a82a828372c4ef92c660864e82fbe2f5fbe?narHash=sha256-yqHBL2wYGwjGL2GUF2w3tofWl8qO9tZEuI4wSqbCrtE%3D' (2025-12-13) • Updated input 'nix-index-database': 'github:nix-community/nix-index-database/359ff6333a7b0b60819d4c20ed05a3a1f726771f?narHash=sha256-Pu1v3mlFhRzZiSxVHb2/i/f5yeYyRNqr0RvEUJ4UgHo%3D' (2025-11-02) → 'github:nix-community/nix-index-database/82befcf7dc77c909b0f2a09f5da910ec95c5b78f?narHash=sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws%3D' (2025-12-09) • Updated input 'nixos-cli': 'github:nix-community/nixos-cli/5c259f72ae1eaa00b99354d81130d8fddb7f9a7a?narHash=sha256-IUm2nkbKlDkG94ruTmIYLERpBn6gXydm3scZIKzpcKs%3D' (2025-11-01) → 'github:nix-community/nixos-cli/a2019789319c1678be8dc68ecf34c83f948e7475?narHash=sha256-ToKVLDYAzKyStJgCA7W%2BRZObvwABK9fQ8i1wLUUOdLM%3D' (2025-12-11) • Added input 'nixos-cli/flake-parts': 'github:hercules-ci/flake-parts/2cccadc7357c0ba201788ae99c4dfa90728ef5e0?narHash=sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q%3D' (2025-11-21) • Added input 'nixos-cli/flake-parts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/719359f4562934ae99f5443f20aa06c2ffff91fc?narHash=sha256-b0yj6kfvO8ApcSE%2BQmA6mUfu8IYG6/uU28OFn4PaC8M%3D' (2025-10-29) • Updated input 'nixos-cli/nixpkgs': 'github:NixOS/nixpkgs/a7fc11be66bdfb5cdde611ee5ce381c183da8386?narHash=sha256-QoJjGd4NstnyOG4mm4KXF%2BweBzA2AH/7gn1Pmpfcb0A%3D' (2025-10-31) → 'github:NixOS/nixpkgs/23258e03aaa49b3a68597e3e50eb0cbce7e42e9d?narHash=sha256-nA5ywiGKl76atrbdZ5Aucd8SjF/v8ew9b9QsC%2BMKL14%3D' (2025-11-30) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15?narHash=sha256-kJ8lIZsiPOmbkJypG%2BB5sReDXSD1KGu2VEPNqhRa/ew%3D' (2025-10-31) → 'github:nixos/nixpkgs/2fbfb1d73d239d2402a8fe03963e37aab15abe8b?narHash=sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0%3D' (2025-12-11) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/3de8f8d73e35724bf9abef41f1bdbedda1e14a31?narHash=sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo%3D' (2025-11-01) → 'github:nixos/nixpkgs/28bb483c11a1214a73f9fd2d9928a6e2ea86ec71?narHash=sha256-9Wx53UK0z8Di5iesJID0tS1dRKwGxI4i7tsSanOHhF0%3D' (2025-12-13) • Updated input 'noctalia': 'github:noctalia-dev/noctalia-shell/5ca5aa602f58a8e0e73fedbef351f1cdf8cbe981?narHash=sha256-gHfzrTDSnNC5yRJwkZfP55fPHUc8DuB4OQEIBSQSs18%3D' (2025-11-03) → 'github:noctalia-dev/noctalia-shell/04852ccdc10ab7e289a4bd6f5987972196744e9d?narHash=sha256-4CUoczVKiEEGCVl4qw3jo9YRCpX6d53hw0KMptdaFCQ%3D' (2025-12-14) • Removed input 'noctalia/quickshell' • Removed input 'noctalia/quickshell/nixpkgs' • Removed input 'noctalia/systems' • Updated input 'stylix': 'github:danth/stylix/8c0640d5722a02178c8ee80a62c5f019cab4b3c1?narHash=sha256-wGiL2K3kAyBBmIZpJEskaSIgyzzpg0zwfvri%2BSy6/CI%3D' (2025-11-02) → 'github:danth/stylix/dd14de4432a94e93e10d0159f1d411487e435e1e?narHash=sha256-sDG%2Bc73xEnIw1pFNRWffKDnTWiTuyZiEP%2BIub0D3mWA%3D' (2025-12-11) • Updated input 'stylix/base16-helix': 'github:tinted-theming/base16-helix/27cf1e66e50abc622fb76a3019012dc07c678fac?narHash=sha256-0CQM%2BFkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM%3D' (2025-07-20) → 'github:tinted-theming/base16-helix/d646af9b7d14bff08824538164af99d0c521b185?narHash=sha256-m82fGUYns4uHd%2BZTdoLX2vlHikzwzdu2s2rYM2bNwzw%3D' (2025-10-17) • Updated input 'stylix/firefox-gnome-theme': 'github:rafaelmardojai/firefox-gnome-theme/0909cfe4a2af8d358ad13b20246a350e14c2473d?narHash=sha256-lizRM2pj6PHrR25yimjyFn04OS4wcdbc38DCdBVa2rk%3D' (2025-09-17) → 'github:rafaelmardojai/firefox-gnome-theme/66b7c635763d8e6eb86bd766de5a1e1fbfcc1047?narHash=sha256-OkFLrD3pFR952TrjQi1%2BVdj604KLcMnkpa7lkW7XskI%3D' (2025-12-03) • Updated input 'stylix/flake-parts': 'github:hercules-ci/flake-parts/4524271976b625a4a605beefd893f270620fd751?narHash=sha256-%2BuWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw%3D' (2025-09-01) → 'github:hercules-ci/flake-parts/2cccadc7357c0ba201788ae99c4dfa90728ef5e0?narHash=sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q%3D' (2025-11-21) • Updated input 'stylix/gnome-shell': 'github:GNOME/gnome-shell/8c88f917db0f1f0d80fa55206c863d3746fa18d0?narHash=sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0%3D' (2025-05-25) → 'gitlab:GNOME/gnome-shell/c0e1ad9f0f703fd0519033b8f46c3267aab51a22?host=gitlab.gnome.org&narHash=sha256-bTmNn3Q4tMQ0J/P0O5BfTQwqEnCiQIzOGef9/aqAZvk%3D' (2025-11-30) • Updated input 'stylix/nixpkgs': 'github:NixOS/nixpkgs/e643668fd71b949c53f8626614b21ff71a07379d?narHash=sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o%3D' (2025-09-24) → 'github:NixOS/nixpkgs/2d293cbfa5a793b4c50d17c05ef9e385b90edf6c?narHash=sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4%3D' (2025-11-30) • Updated input 'stylix/nur': 'github:nix-community/NUR/ba8d9c98f5f4630bcb0e815ab456afd90c930728?narHash=sha256-VLx0z396gDCGSiowLMFz5XRO/XuNV%2B4EnDYjdJhHvUk%3D' (2025-09-27) → 'github:nix-community/NUR/1d9616689e98beded059ad0384b9951e967a17fa?narHash=sha256-mCBl7MD1WZ7yCG6bR9MmpPO2VydpNkWFgnslJRIT1YU%3D' (2025-12-03) • Updated input 'stylix/tinted-schemes': 'github:tinted-theming/schemes/317a5e10c35825a6c905d912e480dfe8e71c7559?narHash=sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St%2BUrqkM%3D' (2025-09-12) → 'github:tinted-theming/schemes/0f6be815d258e435c9b137befe5ef4ff24bea32c?narHash=sha256-Hju0WtMf3iForxtOwXqGp3Ynipo0EYx1AqMKLPp9BJw%3D' (2025-11-23) • Updated input 'stylix/tinted-tmux': 'github:tinted-theming/tinted-tmux/d217ba31c846006e9e0ae70775b0ee0f00aa6b1e?narHash=sha256-n5ZJgmzGZXOD9pZdAl1OnBu3PIqD%2BX3vEBUGbTi4JiI%3D' (2025-09-14) → 'github:tinted-theming/tinted-tmux/edf89a780e239263cc691a987721f786ddc4f6aa?narHash=sha256-lbSVPqLEk2SqMrnpvWuKYGCaAlfWFMA6MVmcOFJjdjE%3D' (2025-11-30) • Updated input 'stylix/tinted-zed': 'github:tinted-theming/base16-zed/824fe0aacf82b3c26690d14e8d2cedd56e18404e?narHash=sha256-4EFOUyLj85NRL3OacHoLGEo0wjiRJzfsXtR4CZWAn6w%3D' (2025-09-14) → 'github:tinted-theming/base16-zed/907dbba5fb8cf69ebfd90b00813418a412d0a29a?narHash=sha256-rCD/pAhkMdCx6blsFwxIyvBJbPZZ1oL2sVFrH07lmqg%3D' (2025-11-30) • Updated input 'terranix': 'github:terranix/terranix/a79a47b4617dfb92184e2e5b8f5aa6fc06c659c8?narHash=sha256-J1L1yP29NVBJO04LA/JGM6kwhnjeNhEsX0tLFnuN3FI%3D' (2025-11-03) → 'github:terranix/terranix/3b5947a48da5694094b301a3b1ef7b22ec8b19fc?narHash=sha256-iVS4sxVgGn%2BT74rGJjEJbzx%2BkjsuaP3wdQVXBNJ79A0%3D' (2025-11-06) • Updated input 'vicinae': 'github:vicinaehq/vicinae/54722e36137d8273ef0a5db37776fb8302c79238?narHash=sha256-8BoGGsWfkS/2ODBSCYd5HJNFGuLY8fFl27rXmWClXQw%3D' (2025-11-09) → 'github:vicinaehq/vicinae/32cf6b1f82e007cddba9c9ae037eff670219cd55?narHash=sha256-etv2HJA9OWvTkjnrjaNSqvebu9gWLIGPYb9PWr4qkfM%3D' (2025-12-09) • Removed input 'vicinae/flake-utils' • Removed input 'vicinae/flake-utils/systems' • Added input 'vicinae/systems': 'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e?narHash=sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768%3D' (2023-04-09) • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/10e69cb268b1d3dc91135e72f5462b2acfbcc3aa?narHash=sha256-sIPhzkDrfe6ptthZiwoxQyO6rKd9PgJnl%2BLOyythQkI%3D' (2025-11-03) → 'github:0xc000022070/zen-browser-flake/463d3f091ad2b0ba2a4982f4181d22e452b2659d?narHash=sha256-rAWVEEbfWZKTaiqBA/ogkeHvbzlkDHZjZPHbjWUnpw8%3D' (2025-12-14) • Updated input 'zen-browser/home-manager': 'github:nix-community/home-manager/e8c19a3cec2814c754f031ab3ae7316b64da085b?narHash=sha256-S%2BwmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR%2Bkw%3D' (2025-07-15) → 'github:nix-community/home-manager/827f2a23373a774a8805f84ca5344654c31f354b?narHash=sha256-RYHN8O/Aja59XDji6WSJZPkJpYVUfpSkyH%2BPEupBJqM%3D' (2025-11-12) • Updated input 'zen-browser/nixpkgs': 'github:nixos/nixpkgs/20075955deac2583bb12f07151c2df830ef346b4?narHash=sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs%2BStOp19xNsbqdOg%3D' (2025-08-19) → 'github:nixos/nixpkgs/c5ae371f1a6a7fd27823bc500d9390b38c05fa55?narHash=sha256-4PqRErxfe%2B2toFJFgcRKZ0UI9NSIOJa%2B7RXVtBhy4KE%3D' (2025-11-12) --- flake.lock | 328 +++++++++++++++++++++++++---------------------------- 1 file changed, 154 insertions(+), 174 deletions(-) diff --git a/flake.lock b/flake.lock index 27c3580..6920bc0 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1761656077, - "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=", + "lastModified": 1762618334, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5", + "rev": "fcdea223397448d35d9b31f798479227e80183f6", "type": "github" }, "original": { @@ -61,11 +61,11 @@ "base16-helix": { "flake": false, "locked": { - "lastModified": 1752979451, - "narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=", + "lastModified": 1760703920, + "narHash": "sha256-m82fGUYns4uHd+ZTdoLX2vlHikzwzdu2s2rYM2bNwzw=", "owner": "tinted-theming", "repo": "base16-helix", - "rev": "27cf1e66e50abc622fb76a3019012dc07c678fac", + "rev": "d646af9b7d14bff08824538164af99d0c521b185", "type": "github" }, "original": { @@ -142,11 +142,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1756719547, - "narHash": "sha256-N9gBKUmjwRKPxAafXEk1EGadfk2qDZPBQp4vXWPHINQ=", + "lastModified": 1762286984, + "narHash": "sha256-9I2H9x5We6Pl+DBYHjR1s3UT8wgwcpAH03kn9CqtdQc=", "owner": "serokell", "repo": "deploy-rs", - "rev": "125ae9e3ecf62fb2c0fd4f2d894eb971f1ecaed2", + "rev": "9c870f63e28ec1e83305f7f6cb73c941e699f74f", "type": "github" }, "original": { @@ -160,11 +160,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1761899396, - "narHash": "sha256-XOpKBp6HLzzMCbzW50TEuXN35zN5WGQREC7n34DcNMM=", + "lastModified": 1765688338, + "narHash": "sha256-MjrytR2kiHYUnzX11cXaD31tS7kKdhM1KFaac0+KAig=", "owner": "nix-community", "repo": "disko", - "rev": "6f4cf5abbe318e4cd1e879506f6eeafd83f7b998", + "rev": "be1a6b8a05afdd5d5fa69fcaf3c4ead7014c9fd8", "type": "github" }, "original": { @@ -176,11 +176,11 @@ "firefox-gnome-theme": { "flake": false, "locked": { - "lastModified": 1758112371, - "narHash": "sha256-lizRM2pj6PHrR25yimjyFn04OS4wcdbc38DCdBVa2rk=", + "lastModified": 1764724327, + "narHash": "sha256-OkFLrD3pFR952TrjQi1+Vdj604KLcMnkpa7lkW7XskI=", "owner": "rafaelmardojai", "repo": "firefox-gnome-theme", - "rev": "0909cfe4a2af8d358ad13b20246a350e14c2473d", + "rev": "66b7c635763d8e6eb86bd766de5a1e1fbfcc1047", "type": "github" }, "original": { @@ -226,11 +226,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1762040540, - "narHash": "sha256-z5PlZ47j50VNF3R+IMS9LmzI5fYRGY/Z5O5tol1c9I4=", + "lastModified": 1765495779, + "narHash": "sha256-MhA7wmo/7uogLxiewwRRmIax70g6q1U/YemqTGoFHlM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "0010412d62a25d959151790968765a70c436598b", + "rev": "5635c32d666a59ec9a55cab87e898889869f7b71", "type": "github" }, "original": { @@ -241,17 +241,14 @@ }, "flake-parts_2": { "inputs": { - "nixpkgs-lib": [ - "stylix", - "nixpkgs" - ] + "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1756770412, - "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "lastModified": 1763759067, + "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "4524271976b625a4a605beefd893f270620fd751", + "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", "type": "github" }, "original": { @@ -261,6 +258,27 @@ } }, "flake-parts_3": { + "inputs": { + "nixpkgs-lib": [ + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1763759067, + "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "terranix", @@ -299,24 +317,6 @@ "type": "github" } }, - "flake-utils_2": { - "inputs": { - "systems": "systems_8" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "fromYaml": { "flake": false, "locked": { @@ -336,18 +336,20 @@ "gnome-shell": { "flake": false, "locked": { - "lastModified": 1748186689, - "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", + "host": "gitlab.gnome.org", + "lastModified": 1764524476, + "narHash": "sha256-bTmNn3Q4tMQ0J/P0O5BfTQwqEnCiQIzOGef9/aqAZvk=", "owner": "GNOME", "repo": "gnome-shell", - "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", - "type": "github" + "rev": "c0e1ad9f0f703fd0519033b8f46c3267aab51a22", + "type": "gitlab" }, "original": { + "host": "gitlab.gnome.org", "owner": "GNOME", - "ref": "48.2", + "ref": "gnome-49", "repo": "gnome-shell", - "type": "github" + "type": "gitlab" } }, "home-manager": { @@ -378,11 +380,11 @@ ] }, "locked": { - "lastModified": 1762178366, - "narHash": "sha256-I+8yE5HVR2SFcHnW0771psQ/zn0qVzsKHY/gUM0nEVM=", + "lastModified": 1765682243, + "narHash": "sha256-yeCxFV/905Wr91yKt5zrVvK6O2CVXWRMSrxqlAZnLp0=", "owner": "nix-community", "repo": "home-manager", - "rev": "8c824254b1ed9e797f6235fc3c62f365893c561a", + "rev": "58bf3ecb2d0bba7bdf363fc8a6c4d49b4d509d03", "type": "github" }, "original": { @@ -400,11 +402,11 @@ ] }, "locked": { - "lastModified": 1752603129, - "narHash": "sha256-S+wmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR+kw=", + "lastModified": 1762964643, + "narHash": "sha256-RYHN8O/Aja59XDji6WSJZPkJpYVUfpSkyH+PEupBJqM=", "owner": "nix-community", "repo": "home-manager", - "rev": "e8c19a3cec2814c754f031ab3ae7316b64da085b", + "rev": "827f2a23373a774a8805f84ca5344654c31f354b", "type": "github" }, "original": { @@ -458,11 +460,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1762152856, - "narHash": "sha256-U3SDbk7tIwLChpvb3FL66o8V0byaQ2RGMiy/3oLdxTI=", + "lastModified": 1765714461, + "narHash": "sha256-P9kQIIPSCqmKyHD/9wFZ4ezlqofnAzYBmolSF1f5xog=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "df17789929ac80f4157b15724450db6a303a6dc9", + "rev": "ded1462ebc03ed723f0f9f5514e72469da687817", "type": "github" }, "original": { @@ -491,11 +493,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1762146685, - "narHash": "sha256-anRlNG6t7esBbF1+ALDeathVBSclA0PEL52Vo0WnN5g=", + "lastModified": 1765687800, + "narHash": "sha256-Erk+ypR8N+rCvjMdUB1N/v4jtm4QRH9k7r/9zh2HyC8=", "owner": "YaLTeR", "repo": "niri", - "rev": "a2ca2b3c866bc781b12c334a9f949b3db6d7c943", + "rev": "7c0898570ca5bd3f10fbf4cf2f8a00edc48d787b", "type": "github" }, "original": { @@ -511,11 +513,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1763412165, - "narHash": "sha256-n6bChFrCf2/uHzTsZdABUt1+Ua3n0jinNfamHd5DmBA=", + "lastModified": 1765719830, + "narHash": "sha256-VPcX5z0A58pcbRb3I42fBig3zTPm9a71iwrfgkte2J4=", "owner": "numtide", "repo": "nix-ai-tools", - "rev": "a2dfa932ed37e5b6224b39b4982c85cd8ebcca14", + "rev": "053759f30ef14cbd87c0a1a1d3e7c729ca0db83f", "type": "github" }, "original": { @@ -547,11 +549,11 @@ ] }, "locked": { - "lastModified": 1762055842, - "narHash": "sha256-Pu1v3mlFhRzZiSxVHb2/i/f5yeYyRNqr0RvEUJ4UgHo=", + "lastModified": 1765267181, + "narHash": "sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "359ff6333a7b0b60819d4c20ed05a3a1f726771f", + "rev": "82befcf7dc77c909b0f2a09f5da910ec95c5b78f", "type": "github" }, "original": { @@ -584,15 +586,16 @@ "nixos-cli": { "inputs": { "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts_2", "nix-options-doc": "nix-options-doc", "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1761970410, - "narHash": "sha256-IUm2nkbKlDkG94ruTmIYLERpBn6gXydm3scZIKzpcKs=", + "lastModified": 1765423663, + "narHash": "sha256-ToKVLDYAzKyStJgCA7W+RZObvwABK9fQ8i1wLUUOdLM=", "owner": "nix-community", "repo": "nixos-cli", - "rev": "5c259f72ae1eaa00b99354d81130d8fddb7f9a7a", + "rev": "a2019789319c1678be8dc68ecf34c83f948e7475", "type": "github" }, "original": { @@ -632,34 +635,49 @@ "type": "github" } }, + "nixpkgs-lib_2": { + "locked": { + "lastModified": 1761765539, + "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { - "lastModified": 1761999846, - "narHash": "sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo=", + "lastModified": 1765608474, + "narHash": "sha256-9Wx53UK0z8Di5iesJID0tS1dRKwGxI4i7tsSanOHhF0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3de8f8d73e35724bf9abef41f1bdbedda1e14a31", + "rev": "28bb483c11a1214a73f9fd2d9928a6e2ea86ec71", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1761999846, - "narHash": "sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo=", + "lastModified": 1765608474, + "narHash": "sha256-9Wx53UK0z8Di5iesJID0tS1dRKwGxI4i7tsSanOHhF0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3de8f8d73e35724bf9abef41f1bdbedda1e14a31", + "rev": "28bb483c11a1214a73f9fd2d9928a6e2ea86ec71", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "repo": "nixpkgs", "type": "github" } @@ -682,11 +700,11 @@ }, "nixpkgs_11": { "locked": { - "lastModified": 1755615617, - "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", + "lastModified": 1762977756, + "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "20075955deac2583bb12f07151c2df830ef346b4", + "rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55", "type": "github" }, "original": { @@ -698,11 +716,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1752596105, - "narHash": "sha256-lFNVsu/mHLq3q11MuGkMhUUoSXEdQjCHvpReaGP1S2k=", + "lastModified": 1763618868, + "narHash": "sha256-v5afmLjn/uyD9EQuPBn7nZuaZVV9r+JerayK/4wvdWA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dab3a6e781554f965bde3def0aa2fda4eb8f1708", + "rev": "a8d610af3f1a5fb71e23e08434d8d61a466fc942", "type": "github" }, "original": { @@ -730,11 +748,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1761907660, - "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", + "lastModified": 1765472234, + "narHash": "sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", + "rev": "2fbfb1d73d239d2402a8fe03963e37aab15abe8b", "type": "github" }, "original": { @@ -746,11 +764,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1763312402, - "narHash": "sha256-3YJkOBrFpmcusnh7i8GXXEyh7qZG/8F5z5+717550Hk=", + "lastModified": 1765644376, + "narHash": "sha256-yqHBL2wYGwjGL2GUF2w3tofWl8qO9tZEuI4wSqbCrtE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "85a6c4a07faa12aaccd81b36ba9bfc2bec974fa1", + "rev": "23735a82a828372c4ef92c660864e82fbe2f5fbe", "type": "github" }, "original": { @@ -778,11 +796,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1761880412, - "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", + "lastModified": 1764527385, + "narHash": "sha256-nA5ywiGKl76atrbdZ5Aucd8SjF/v8ew9b9QsC+MKL14=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386", + "rev": "23258e03aaa49b3a68597e3e50eb0cbce7e42e9d", "type": "github" }, "original": { @@ -794,11 +812,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1761907660, - "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", + "lastModified": 1765472234, + "narHash": "sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", + "rev": "2fbfb1d73d239d2402a8fe03963e37aab15abe8b", "type": "github" }, "original": { @@ -810,11 +828,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1758690382, - "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", + "lastModified": 1764517877, + "narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e643668fd71b949c53f8626614b21ff71a07379d", + "rev": "2d293cbfa5a793b4c50d17c05ef9e385b90edf6c", "type": "github" }, "original": { @@ -828,16 +846,14 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ], - "quickshell": "quickshell", - "systems": "systems_5" + ] }, "locked": { - "lastModified": 1762156721, - "narHash": "sha256-gHfzrTDSnNC5yRJwkZfP55fPHUc8DuB4OQEIBSQSs18=", + "lastModified": 1765720248, + "narHash": "sha256-4CUoczVKiEEGCVl4qw3jo9YRCpX6d53hw0KMptdaFCQ=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "5ca5aa602f58a8e0e73fedbef351f1cdf8cbe981", + "rev": "04852ccdc10ab7e289a4bd6f5987972196744e9d", "type": "github" }, "original": { @@ -858,11 +874,11 @@ ] }, "locked": { - "lastModified": 1758998580, - "narHash": "sha256-VLx0z396gDCGSiowLMFz5XRO/XuNV+4EnDYjdJhHvUk=", + "lastModified": 1764773531, + "narHash": "sha256-mCBl7MD1WZ7yCG6bR9MmpPO2VydpNkWFgnslJRIT1YU=", "owner": "nix-community", "repo": "NUR", - "rev": "ba8d9c98f5f4630bcb0e815ab456afd90c930728", + "rev": "1d9616689e98beded059ad0384b9951e967a17fa", "type": "github" }, "original": { @@ -871,27 +887,6 @@ "type": "github" } }, - "quickshell": { - "inputs": { - "nixpkgs": [ - "noctalia", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1761821581, - "narHash": "sha256-nLuc6jA7z+H/6bHPEBSOYPbz7RtvNCZiTKmYItJuBmM=", - "ref": "refs/heads/master", - "rev": "db1777c20b936a86528c1095cbcb1ebd92801402", - "revCount": 699, - "type": "git", - "url": "https://git.outfoxxed.me/outfoxxed/quickshell" - }, - "original": { - "type": "git", - "url": "https://git.outfoxxed.me/outfoxxed/quickshell" - } - }, "root": { "inputs": { "agenix": "agenix", @@ -965,11 +960,11 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts_3", "gnome-shell": "gnome-shell", "nixpkgs": "nixpkgs_9", "nur": "nur", - "systems": "systems_6", + "systems": "systems_5", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -977,11 +972,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1762101397, - "narHash": "sha256-wGiL2K3kAyBBmIZpJEskaSIgyzzpg0zwfvri+Sy6/CI=", + "lastModified": 1765474444, + "narHash": "sha256-sDG+c73xEnIw1pFNRWffKDnTWiTuyZiEP+Iub0D3mWA=", "owner": "danth", "repo": "stylix", - "rev": "8c0640d5722a02178c8ee80a62c5f019cab4b3c1", + "rev": "dd14de4432a94e93e10d0159f1d411487e435e1e", "type": "github" }, "original": { @@ -1095,35 +1090,20 @@ "type": "github" } }, - "systems_8": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "terranix": { "inputs": { - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_4", "nixpkgs": [ "nixpkgs" ], - "systems": "systems_7" + "systems": "systems_6" }, "locked": { - "lastModified": 1762161791, - "narHash": "sha256-J1L1yP29NVBJO04LA/JGM6kwhnjeNhEsX0tLFnuN3FI=", + "lastModified": 1762472226, + "narHash": "sha256-iVS4sxVgGn+T74rGJjEJbzx+kjsuaP3wdQVXBNJ79A0=", "owner": "terranix", "repo": "terranix", - "rev": "a79a47b4617dfb92184e2e5b8f5aa6fc06c659c8", + "rev": "3b5947a48da5694094b301a3b1ef7b22ec8b19fc", "type": "github" }, "original": { @@ -1168,11 +1148,11 @@ "tinted-schemes": { "flake": false, "locked": { - "lastModified": 1757716333, - "narHash": "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM=", + "lastModified": 1763914658, + "narHash": "sha256-Hju0WtMf3iForxtOwXqGp3Ynipo0EYx1AqMKLPp9BJw=", "owner": "tinted-theming", "repo": "schemes", - "rev": "317a5e10c35825a6c905d912e480dfe8e71c7559", + "rev": "0f6be815d258e435c9b137befe5ef4ff24bea32c", "type": "github" }, "original": { @@ -1184,11 +1164,11 @@ "tinted-tmux": { "flake": false, "locked": { - "lastModified": 1757811970, - "narHash": "sha256-n5ZJgmzGZXOD9pZdAl1OnBu3PIqD+X3vEBUGbTi4JiI=", + "lastModified": 1764465359, + "narHash": "sha256-lbSVPqLEk2SqMrnpvWuKYGCaAlfWFMA6MVmcOFJjdjE=", "owner": "tinted-theming", "repo": "tinted-tmux", - "rev": "d217ba31c846006e9e0ae70775b0ee0f00aa6b1e", + "rev": "edf89a780e239263cc691a987721f786ddc4f6aa", "type": "github" }, "original": { @@ -1200,11 +1180,11 @@ "tinted-zed": { "flake": false, "locked": { - "lastModified": 1757811247, - "narHash": "sha256-4EFOUyLj85NRL3OacHoLGEo0wjiRJzfsXtR4CZWAn6w=", + "lastModified": 1764464512, + "narHash": "sha256-rCD/pAhkMdCx6blsFwxIyvBJbPZZ1oL2sVFrH07lmqg=", "owner": "tinted-theming", "repo": "base16-zed", - "rev": "824fe0aacf82b3c26690d14e8d2cedd56e18404e", + "rev": "907dbba5fb8cf69ebfd90b00813418a412d0a29a", "type": "github" }, "original": { @@ -1254,15 +1234,15 @@ }, "vicinae": { "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_10", + "systems": "systems_7" }, "locked": { - "lastModified": 1762709887, - "narHash": "sha256-8BoGGsWfkS/2ODBSCYd5HJNFGuLY8fFl27rXmWClXQw=", + "lastModified": 1765272078, + "narHash": "sha256-etv2HJA9OWvTkjnrjaNSqvebu9gWLIGPYb9PWr4qkfM=", "owner": "vicinaehq", "repo": "vicinae", - "rev": "54722e36137d8273ef0a5db37776fb8302c79238", + "rev": "32cf6b1f82e007cddba9c9ae037eff670219cd55", "type": "github" }, "original": { @@ -1291,11 +1271,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1761622056, - "narHash": "sha256-fBrUszJXmB4MY+wf3QsCnqWHcz7u7fLq0QMAWCltIQg=", + "lastModified": 1765343581, + "narHash": "sha256-HtTPbV6z6AJPg2d0bHaJKFrnNha+SEbHvbJafKAQ614=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "0728d59ff6463a502e001fb090f6eb92dbc04756", + "rev": "f0ad674b7009a6afd80cea59d4fbf975dd68ee95", "type": "github" }, "original": { @@ -1310,11 +1290,11 @@ "nixpkgs": "nixpkgs_11" }, "locked": { - "lastModified": 1762131860, - "narHash": "sha256-sIPhzkDrfe6ptthZiwoxQyO6rKd9PgJnl+LOyythQkI=", + "lastModified": 1765715981, + "narHash": "sha256-rAWVEEbfWZKTaiqBA/ogkeHvbzlkDHZjZPHbjWUnpw8=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "10e69cb268b1d3dc91135e72f5462b2acfbcc3aa", + "rev": "463d3f091ad2b0ba2a4982f4181d22e452b2659d", "type": "github" }, "original": { From 106198878c82360240d1fcdb7de9afc542f38d32 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 16 Dec 2025 07:14:29 -0300 Subject: [PATCH 055/138] virtualisation usb passthrough --- hosts/modules/libvirtd.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hosts/modules/libvirtd.nix b/hosts/modules/libvirtd.nix index aa2ae71..6bd154f 100644 --- a/hosts/modules/libvirtd.nix +++ b/hosts/modules/libvirtd.nix @@ -1,7 +1,10 @@ { ... }: { - virtualisation.libvirtd.enable = true; + virtualisation = { + libvirtd.enable = true; + spiceUSBRedirection.enable = true; + }; programs.virt-manager.enable = true; From 97b0b01a48f0de1197bd9cdd88800dd12c0aeb65 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 16 Dec 2025 08:09:57 -0300 Subject: [PATCH 056/138] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nix-ai-tools': 'github:numtide/nix-ai-tools/053759f30ef14cbd87c0a1a1d3e7c729ca0db83f?narHash=sha256-VPcX5z0A58pcbRb3I42fBig3zTPm9a71iwrfgkte2J4%3D' (2025-12-14) → 'github:numtide/llm-agents.nix/9ee377d02d7e50e2903d9c7fa53138aebd9ae944?narHash=sha256-yrECdmBoMhUAA8FqUJ1LbtDjuwn%2B38OkFgRrwbEq/DU%3D' (2025-12-16) • Updated input 'nix-ai-tools/nixpkgs': 'github:NixOS/nixpkgs/23735a82a828372c4ef92c660864e82fbe2f5fbe?narHash=sha256-yqHBL2wYGwjGL2GUF2w3tofWl8qO9tZEuI4wSqbCrtE%3D' (2025-12-13) → 'github:NixOS/nixpkgs/09b8fda8959d761445f12b55f380d90375a1d6bb?narHash=sha256-aq%2BdQoaPONOSjtFIBnAXseDm9TUhIbe215TPmkfMYww%3D' (2025-12-15) --- flake.lock | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index 6920bc0..fe378cf 100644 --- a/flake.lock +++ b/flake.lock @@ -513,16 +513,16 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1765719830, - "narHash": "sha256-VPcX5z0A58pcbRb3I42fBig3zTPm9a71iwrfgkte2J4=", + "lastModified": 1765854155, + "narHash": "sha256-yrECdmBoMhUAA8FqUJ1LbtDjuwn+38OkFgRrwbEq/DU=", "owner": "numtide", - "repo": "nix-ai-tools", - "rev": "053759f30ef14cbd87c0a1a1d3e7c729ca0db83f", + "repo": "llm-agents.nix", + "rev": "9ee377d02d7e50e2903d9c7fa53138aebd9ae944", "type": "github" }, "original": { "owner": "numtide", - "repo": "nix-ai-tools", + "repo": "llm-agents.nix", "type": "github" } }, @@ -764,11 +764,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1765644376, - "narHash": "sha256-yqHBL2wYGwjGL2GUF2w3tofWl8qO9tZEuI4wSqbCrtE=", + "lastModified": 1765772535, + "narHash": "sha256-aq+dQoaPONOSjtFIBnAXseDm9TUhIbe215TPmkfMYww=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "23735a82a828372c4ef92c660864e82fbe2f5fbe", + "rev": "09b8fda8959d761445f12b55f380d90375a1d6bb", "type": "github" }, "original": { From 7a0fa96129fa886b0191ba623faf589ae890f6b5 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 16 Dec 2025 10:18:38 -0300 Subject: [PATCH 057/138] claude-desktop package --- flake.nix | 2 +- hosts/modules/ai.nix | 13 ++- overlays.nix | 1 + packages.nix | 11 +- packages/claude-desktop.nix | 221 ++++++++++++++++++++++++++++++++++++ 5 files changed, 239 insertions(+), 9 deletions(-) create mode 100644 packages/claude-desktop.nix diff --git a/flake.nix b/flake.nix index d65e9d8..20210f2 100644 --- a/flake.nix +++ b/flake.nix @@ -50,7 +50,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nix-ai-tools.url = "github:numtide/nix-ai-tools"; + nix-ai-tools.url = "github:numtide/llm-agents.nix"; vicinae.url = "github:vicinaehq/vicinae"; }; diff --git a/hosts/modules/ai.nix b/hosts/modules/ai.nix index e2dd9d2..b80ac38 100644 --- a/hosts/modules/ai.nix +++ b/hosts/modules/ai.nix @@ -1,10 +1,11 @@ { inputs, pkgs, ... }: { - environment.systemPackages = with inputs.nix-ai-tools.packages.${pkgs.system}; [ - claude-desktop - claude-code - claudebox - opencode - ]; + environment.systemPackages = + (with pkgs; [claude-desktop]) ++ + (with inputs.nix-ai-tools.packages.${pkgs.system}; [ + claude-code + claudebox + opencode + ]); } diff --git a/overlays.nix b/overlays.nix index eab4edf..b8f807f 100644 --- a/overlays.nix +++ b/overlays.nix @@ -4,6 +4,7 @@ flake.overlays = { default = final: prev: { base16-schemes = inputs.self.packages.${final.system}.base16-schemes; + claude-desktop = inputs.self.packages.${final.system}.claude-desktop; fastfetch = inputs.self.packages.${final.system}.fastfetch; hm-cli = inputs.self.packages.${final.system}.hm-cli; kwrite = inputs.self.packages.${final.system}.kwrite; diff --git a/packages.nix b/packages.nix index 46979f8..bf0319e 100644 --- a/packages.nix +++ b/packages.nix @@ -1,11 +1,18 @@ -{ ... }: +{ inputs, ... }: { perSystem = - { pkgs, system, ... }: + { system, ... }: + let + pkgs = import inputs.nixpkgs { + inherit system; + config.allowUnfree = true; + }; + in { packages = { base16-schemes = pkgs.callPackage ./packages/base16-schemes.nix { }; + claude-desktop = pkgs.callPackage ./packages/claude-desktop.nix { }; fastfetch = pkgs.callPackage ./packages/fastfetch.nix { }; hm-cli = pkgs.callPackage ./packages/hm-cli.nix { }; kwrite = pkgs.callPackage ./packages/kwrite.nix { }; diff --git a/packages/claude-desktop.nix b/packages/claude-desktop.nix new file mode 100644 index 0000000..e72fc37 --- /dev/null +++ b/packages/claude-desktop.nix @@ -0,0 +1,221 @@ +{ + lib, + stdenv, + fetchurl, + makeWrapper, + makeDesktopItem, + copyDesktopItems, + p7zip, + unzip, + electron, + nodejs, + asar, + graphicsmagick, +}: + +let + pname = "claude-desktop"; + version = "1.0.1768"; # Updated based on extracted nupkg + + srcs.x86_64-linux = fetchurl { + url = "https://downloads.claude.ai/releases/win32/x64/1.0.1768/Claude-67d01376d0e9d08b328455f6db9e63b0d603506a.exe"; + hash = "sha256-x76Qav38ya3ObpWIq3dDowo79LgvVquMfaZeH8M1LUk=;"; + }; + + src = + srcs.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); + + # Stub implementation for claude-native module + claudeNativeStub = '' + // Stub implementation of claude-native using KeyboardKey enum values + const KeyboardKey = { + Backspace: 43, Tab: 280, Enter: 261, Shift: 272, Control: 61, Alt: 40, + CapsLock: 56, Escape: 85, Space: 276, PageUp: 251, PageDown: 250, + End: 83, Home: 154, LeftArrow: 175, UpArrow: 282, RightArrow: 262, + DownArrow: 81, Delete: 79, Meta: 187 + }; + Object.freeze(KeyboardKey); + module.exports = { + getWindowsVersion: () => "10.0.0", + setWindowEffect: () => {}, + removeWindowEffect: () => {}, + getIsMaximized: () => false, + flashFrame: () => {}, + clearFlashFrame: () => {}, + showNotification: () => {}, + setProgressBar: () => {}, + clearProgressBar: () => {}, + setOverlayIcon: () => {}, + clearOverlayIcon: () => {}, + KeyboardKey + }; + ''; + +in +stdenv.mkDerivation rec { + inherit pname version src; + + nativeBuildInputs = [ + makeWrapper + copyDesktopItems + p7zip + unzip + nodejs + graphicsmagick + ]; + + buildInputs = [ + electron + ]; + + desktopItems = [ + (makeDesktopItem { + name = "claude-desktop"; + desktopName = "Claude"; + comment = "AI assistant from Anthropic"; + exec = "claude-desktop %u"; + icon = "claude-desktop"; + categories = [ + "Network" + "Chat" + "Office" + ]; + mimeTypes = [ "x-scheme-handler/claude" ]; + startupNotify = true; + startupWMClass = "Claude"; + }) + ]; + + unpackPhase = '' + runHook preUnpack + + # Extract the Windows installer - use -y to auto-overwrite + 7z x -y $src -o./extracted + + # The installer contains a NuGet package + if [ -f ./extracted/AnthropicClaude-*-full.nupkg ]; then + echo "Found NuGet package, extracting..." + # NuGet packages are just zip files + unzip -q ./extracted/AnthropicClaude-*-full.nupkg -d ./nupkg + + # Extract app.asar to modify it + if [ -f ./nupkg/lib/net45/resources/app.asar ]; then + echo "Extracting app.asar..." + ${asar}/bin/asar extract ./nupkg/lib/net45/resources/app.asar ./app + + # Also copy the unpacked resources + if [ -d ./nupkg/lib/net45/resources/app.asar.unpacked ]; then + cp -r ./nupkg/lib/net45/resources/app.asar.unpacked/* ./app/ + fi + + # Copy additional resources + mkdir -p ./app/resources + mkdir -p ./app/resources/i18n + cp ./nupkg/lib/net45/resources/Tray* ./app/resources/ || true + cp ./nupkg/lib/net45/resources/*-*.json ./app/resources/i18n/ || true + fi + else + echo "NuGet package not found" + ls -la ./extracted/ + exit 1 + fi + + runHook postUnpack + ''; + + buildPhase = '' + runHook preBuild + + # Replace the Windows-specific claude-native module with a stub + if [ -d ./app/node_modules/claude-native ]; then + echo "Replacing claude-native module with Linux stub..." + rm -rf ./app/node_modules/claude-native/*.node + cat > ./app/node_modules/claude-native/index.js << 'EOF' + ${claudeNativeStub} + EOF + fi + + # Fix the title bar detection (from aaddrick script) + echo "Fixing title bar detection..." + SEARCH_BASE="./app/.vite/renderer/main_window/assets" + if [ -d "$SEARCH_BASE" ]; then + TARGET_FILE=$(find "$SEARCH_BASE" -type f -name "MainWindowPage-*.js" | head -1) + if [ -n "$TARGET_FILE" ]; then + echo "Found target file: $TARGET_FILE" + # Replace patterns like 'if(!VAR1 && VAR2)' with 'if(VAR1 && VAR2)' + sed -i -E 's/if\(!([a-zA-Z]+)[[:space:]]*&&[[:space:]]*([a-zA-Z]+)\)/if(\1 \&\& \2)/g' "$TARGET_FILE" + echo "Title bar fix applied" + fi + fi + + runHook postBuild + ''; + + installPhase = '' + runHook preInstall + + mkdir -p $out/lib/claude-desktop + + # Repack the modified app as app.asar + cd ./app + ${asar}/bin/asar pack . ../app.asar + cd .. + + # Copy resources + mkdir -p $out/lib/claude-desktop/resources + cp ./app.asar $out/lib/claude-desktop/resources/ + + # Create app.asar.unpacked directory with the stub + mkdir -p $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native + cat > $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native/index.js << 'EOF' + ${claudeNativeStub} + EOF + + # Copy other resources + if [ -d ./nupkg/lib/net45/resources ]; then + cp ./nupkg/lib/net45/resources/*.png $out/lib/claude-desktop/resources/ 2>/dev/null || true + cp ./nupkg/lib/net45/resources/*.ico $out/lib/claude-desktop/resources/ 2>/dev/null || true + cp ./nupkg/lib/net45/resources/*.json $out/lib/claude-desktop/resources/ 2>/dev/null || true + fi + + # Create wrapper script + makeWrapper ${electron}/bin/electron $out/bin/claude-desktop \ + --add-flags "$out/lib/claude-desktop/resources/app.asar" \ + --set DISABLE_AUTOUPDATER 1 \ + --set NODE_ENV production + + # Extract and install icons in multiple sizes + if [ -f ./extracted/setupIcon.ico ]; then + echo "Converting and installing icons..." + # Count frames in the ICO file and extract each one + frame_count=$(gm identify ./extracted/setupIcon.ico | wc -l) + for i in $(seq 0 $((frame_count - 1))); do + gm convert "./extracted/setupIcon.ico[$i]" "./extracted/setupIcon-$i.png" 2>/dev/null || true + done + + # Loop through converted icons and install them by size + for img in ./extracted/setupIcon-*.png; do + if [ -f "$img" ]; then + size=$(gm identify -format "%wx%h" "$img") + # Skip smallest icons (16x16 and 32x32) as they're too low quality + if [ "$size" != "16x16" ] && [ "$size" != "32x32" ]; then + mkdir -p "$out/share/icons/hicolor/$size/apps" + cp "$img" "$out/share/icons/hicolor/$size/apps/claude-desktop.png" + fi + fi + done + fi + + runHook postInstall + ''; + + meta = with lib; { + description = "Claude Desktop - AI assistant from Anthropic"; + homepage = "https://claude.ai"; + license = licenses.unfree; + sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; + maintainers = with maintainers; [ ]; + platforms = [ "x86_64-linux" ]; + mainProgram = "claude-desktop"; + }; +} From 1e0013b58e763926209a56bbe3948a4a3f690f6f Mon Sep 17 00:00:00 2001 From: William Date: Thu, 8 Jan 2026 14:03:23 -0300 Subject: [PATCH 058/138] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'deploy-rs': 'github:serokell/deploy-rs/9c870f63e28ec1e83305f7f6cb73c941e699f74f?narHash=sha256-9I2H9x5We6Pl%2BDBYHjR1s3UT8wgwcpAH03kn9CqtdQc%3D' (2025-11-04) → 'github:serokell/deploy-rs/d5eff7f948535b9c723d60cd8239f8f11ddc90fa?narHash=sha256-znKOwPXQnt3o7lDb3hdf19oDo0BLP4MfBOYiWkEHoik%3D' (2025-12-18) • Updated input 'disko': 'github:nix-community/disko/be1a6b8a05afdd5d5fa69fcaf3c4ead7014c9fd8?narHash=sha256-MjrytR2kiHYUnzX11cXaD31tS7kKdhM1KFaac0%2BKAig%3D' (2025-12-14) → 'github:nix-community/disko/916506443ecd0d0b4a0f4cf9d40a3c22ce39b378?narHash=sha256-P0kM%2B5o%2BDKnB6raXgFEk3azw8Wqg5FL6wyl9jD%2BG5a4%3D' (2025-12-19) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/5635c32d666a59ec9a55cab87e898889869f7b71?narHash=sha256-MhA7wmo/7uogLxiewwRRmIax70g6q1U/YemqTGoFHlM%3D' (2025-12-11) → 'github:hercules-ci/flake-parts/250481aafeb741edfe23d29195671c19b36b6dca?narHash=sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY%3D' (2026-01-05) • Updated input 'flake-parts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/719359f4562934ae99f5443f20aa06c2ffff91fc?narHash=sha256-b0yj6kfvO8ApcSE%2BQmA6mUfu8IYG6/uU28OFn4PaC8M%3D' (2025-10-29) → 'github:nix-community/nixpkgs.lib/2075416fcb47225d9b68ac469a5c4801a9c4dd85?narHash=sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo%3D' (2025-12-14) • Updated input 'home-manager': 'github:nix-community/home-manager/58bf3ecb2d0bba7bdf363fc8a6c4d49b4d509d03?narHash=sha256-yeCxFV/905Wr91yKt5zrVvK6O2CVXWRMSrxqlAZnLp0%3D' (2025-12-14) → 'github:nix-community/home-manager/92394f9deafa80b9de95d7e0f10de78d39ff0564?narHash=sha256-clGZcCXX4VLLdzFDu2YRflI%2BoKWbv41x0w0G06h88L0%3D' (2026-01-08) • Updated input 'impermanence': 'github:nix-community/impermanence/4b3e914cdf97a5b536a889e939fb2fd2b043a170?narHash=sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI%3D' (2025-01-25) → 'github:nix-community/impermanence/82e5bc4508cab9e8d5a136626276eb5bbce5e9c5?narHash=sha256-iyrn9AcPZCoyxX4OT8eMkBsjG7SRUQXXS/V1JzxS7rA%3D' (2026-01-07) • Added input 'impermanence/home-manager': 'github:nix-community/home-manager/7419250703fd5eb50e99bdfb07a86671939103ea?narHash=sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ%3D' (2025-05-23) • Added input 'impermanence/home-manager/nixpkgs': follows 'impermanence/nixpkgs' • Added input 'impermanence/nixpkgs': 'github:nixos/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D' (2025-05-23) • Updated input 'niri-flake': 'github:sodiboo/niri-flake/ded1462ebc03ed723f0f9f5514e72469da687817?narHash=sha256-P9kQIIPSCqmKyHD/9wFZ4ezlqofnAzYBmolSF1f5xog%3D' (2025-12-14) → 'github:sodiboo/niri-flake/a789aa1512a9157d5d3392b27e60621fd0d83438?narHash=sha256-HLr9k8g1Geq40PLsNw7I5N8TZkBYtQVjkgDPV/Kehxk%3D' (2026-01-08) • Updated input 'niri-flake/niri-unstable': 'github:YaLTeR/niri/7c0898570ca5bd3f10fbf4cf2f8a00edc48d787b?narHash=sha256-Erk%2BypR8N%2BrCvjMdUB1N/v4jtm4QRH9k7r/9zh2HyC8%3D' (2025-12-14) → 'github:YaLTeR/niri/10df9f4717cbd4efd20ae796eb6b0aa400127bdc?narHash=sha256-qS4tdG2iUQwSld9dTH1gk8GcIOrRi9umMgPv8MGDIA0%3D' (2026-01-07) • Updated input 'niri-flake/nixpkgs': 'github:NixOS/nixpkgs/2fbfb1d73d239d2402a8fe03963e37aab15abe8b?narHash=sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0%3D' (2025-12-11) → 'github:NixOS/nixpkgs/5912c1772a44e31bf1c63c0390b90501e5026886?narHash=sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4%3D' (2026-01-07) • Updated input 'niri-flake/nixpkgs-stable': 'github:NixOS/nixpkgs/28bb483c11a1214a73f9fd2d9928a6e2ea86ec71?narHash=sha256-9Wx53UK0z8Di5iesJID0tS1dRKwGxI4i7tsSanOHhF0%3D' (2025-12-13) → 'github:NixOS/nixpkgs/d351d0653aeb7877273920cd3e823994e7579b0b?narHash=sha256-r4GVX%2BFToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE%3D' (2026-01-07) • Updated input 'niri-flake/xwayland-satellite-unstable': 'github:Supreeeme/xwayland-satellite/f0ad674b7009a6afd80cea59d4fbf975dd68ee95?narHash=sha256-HtTPbV6z6AJPg2d0bHaJKFrnNha%2BSEbHvbJafKAQ614%3D' (2025-12-10) → 'github:Supreeeme/xwayland-satellite/74cf1a95a35fd7aec76432bc2cd9b310e0d908c5?narHash=sha256-0PgS7M1SV6JCN3MugFZPaP8J%2BMr2o7lSDFTPVYZSIAY%3D' (2026-01-07) • Updated input 'nix-ai-tools': 'github:numtide/llm-agents.nix/9ee377d02d7e50e2903d9c7fa53138aebd9ae944?narHash=sha256-yrECdmBoMhUAA8FqUJ1LbtDjuwn%2B38OkFgRrwbEq/DU%3D' (2025-12-16) → 'github:numtide/llm-agents.nix/1e0eaa265ba27a04f89b3265583bdf7da54a3972?narHash=sha256-Wo1jRV29yb3NwWf1hG80rmhrTC5x3F%2Bbvj5u/fvxMW4%3D' (2026-01-08) • Updated input 'nix-ai-tools/blueprint': 'github:numtide/blueprint/5a9bba070f801d63e2af3c9ef00b86b212429f4f?narHash=sha256-O9Y%2BWer8wOh%2BN%2B4kcCK5p/VLrXyX%2Bktk0/s3HdZvJzk%3D' (2025-11-16) → 'github:numtide/blueprint/0ed984d51a3031065925ab08812a5434f40b93d4?narHash=sha256-BJDu7dIMauO2nYRSL4aI8wDNtEm2KOb7lDKP3hxdrpo%3D' (2026-01-02) • Updated input 'nix-ai-tools/nixpkgs': 'github:NixOS/nixpkgs/09b8fda8959d761445f12b55f380d90375a1d6bb?narHash=sha256-aq%2BdQoaPONOSjtFIBnAXseDm9TUhIbe215TPmkfMYww%3D' (2025-12-15) → 'github:NixOS/nixpkgs/16c7794d0a28b5a37904d55bcca36003b9109aaa?narHash=sha256-fFUnEYMla8b7UKjijLnMe%2BoVFOz6HjijGGNS1l7dYaQ%3D' (2026-01-02) • Updated input 'nix-ai-tools/treefmt-nix': 'github:numtide/treefmt-nix/5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4?narHash=sha256-AlEObg0syDl%2BSpi4LsZIBrjw%2BsnSVU4T8MOeuZJUJjM%3D' (2025-11-12) → 'github:numtide/treefmt-nix/778a1d691f1ef45dd68c661715c5bf8cbf131c80?narHash=sha256-QfX6g3Wj2vQe7oBJEbTf0npvC6sJoDbF9hb2%2BgM5tf8%3D' (2026-01-07) • Updated input 'nixos-cli': 'github:nix-community/nixos-cli/a2019789319c1678be8dc68ecf34c83f948e7475?narHash=sha256-ToKVLDYAzKyStJgCA7W%2BRZObvwABK9fQ8i1wLUUOdLM%3D' (2025-12-11) → 'github:nix-community/nixos-cli/b68f36728504f1017591a9e296237a867e52156d?narHash=sha256-V/4vkr/tTJ50dh57GEKZbEikex%2BGqOVVF2SVYwLcSmQ%3D' (2026-01-02) • Updated input 'nixos-cli/flake-compat': 'github:edolstra/flake-compat/f387cd2afec9419c8ee37694406ca490c3f34ee5?narHash=sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4%3D' (2025-10-27) → 'github:edolstra/flake-compat/5edf11c44bc78a0d334f6334cdaf7d60d732daab?narHash=sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns%3D' (2025-12-29) • Updated input 'nixos-cli/flake-parts': 'github:hercules-ci/flake-parts/2cccadc7357c0ba201788ae99c4dfa90728ef5e0?narHash=sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q%3D' (2025-11-21) → 'github:hercules-ci/flake-parts/a34fae9c08a15ad73f295041fec82323541400a9?narHash=sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw%3D' (2025-12-15) • Updated input 'nixos-cli/flake-parts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/719359f4562934ae99f5443f20aa06c2ffff91fc?narHash=sha256-b0yj6kfvO8ApcSE%2BQmA6mUfu8IYG6/uU28OFn4PaC8M%3D' (2025-10-29) → 'github:nix-community/nixpkgs.lib/2075416fcb47225d9b68ac469a5c4801a9c4dd85?narHash=sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo%3D' (2025-12-14) • Removed input 'nixos-cli/nix-options-doc' • Removed input 'nixos-cli/nix-options-doc/flake-utils' • Removed input 'nixos-cli/nix-options-doc/flake-utils/systems' • Removed input 'nixos-cli/nix-options-doc/nixpkgs' • Removed input 'nixos-cli/nix-options-doc/rust-overlay' • Removed input 'nixos-cli/nix-options-doc/rust-overlay/nixpkgs' • Updated input 'nixos-cli/nixpkgs': 'github:NixOS/nixpkgs/23258e03aaa49b3a68597e3e50eb0cbce7e42e9d?narHash=sha256-nA5ywiGKl76atrbdZ5Aucd8SjF/v8ew9b9QsC%2BMKL14%3D' (2025-11-30) → 'github:NixOS/nixpkgs/f665af0cdb70ed27e1bd8f9fdfecaf451260fc55?narHash=sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8%3D' (2025-12-31) • Added input 'nixos-cli/optnix': 'github:water-sucks/optnix/01facc3de860bf479723bf19535586564e59fe73?narHash=sha256-33VCCXiEnEL9N2wVxo9FHLwL8KWH6qk%2BMNRcSThOPWs%3D' (2025-12-11) • Added input 'nixos-cli/optnix/flake-compat': 'github:edolstra/flake-compat/9100a0f413b0c601e0533d1d94ffd501ce2e7885?narHash=sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX%2BfjA8Xf8PUmqCY%3D' (2025-05-12) • Added input 'nixos-cli/optnix/nixpkgs': 'github:NixOS/nixpkgs/647e5c14cbd5067f44ac86b74f014962df460840?narHash=sha256-JVZl8NaVRYb0%2B381nl7LvPE%2BA774/dRpif01FKLrYFQ%3D' (2025-09-28) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/2fbfb1d73d239d2402a8fe03963e37aab15abe8b?narHash=sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0%3D' (2025-12-11) → 'github:nixos/nixpkgs/5912c1772a44e31bf1c63c0390b90501e5026886?narHash=sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4%3D' (2026-01-07) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/28bb483c11a1214a73f9fd2d9928a6e2ea86ec71?narHash=sha256-9Wx53UK0z8Di5iesJID0tS1dRKwGxI4i7tsSanOHhF0%3D' (2025-12-13) → 'github:nixos/nixpkgs/d351d0653aeb7877273920cd3e823994e7579b0b?narHash=sha256-r4GVX%2BFToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE%3D' (2026-01-07) • Updated input 'noctalia': 'github:noctalia-dev/noctalia-shell/04852ccdc10ab7e289a4bd6f5987972196744e9d?narHash=sha256-4CUoczVKiEEGCVl4qw3jo9YRCpX6d53hw0KMptdaFCQ%3D' (2025-12-14) → 'github:noctalia-dev/noctalia-shell/6a61bf185c1b9a508377bde924db58ff53ef2d93?narHash=sha256-/fDWzjo%2BukaTCBzxycwyR5xB10/4N%2Bi9wBfTOFNfYHQ%3D' (2026-01-08) • Updated input 'stylix': 'github:danth/stylix/dd14de4432a94e93e10d0159f1d411487e435e1e?narHash=sha256-sDG%2Bc73xEnIw1pFNRWffKDnTWiTuyZiEP%2BIub0D3mWA%3D' (2025-12-11) → 'github:danth/stylix/a525e4774f2576e0f10b8b183c2dfaf7d165c052?narHash=sha256-5/hrrHMZuwwJXqLb86MBElPKS61Efe%2BhgGkVvpbzJM4%3D' (2026-01-08) • Updated input 'stylix/base16-fish': 'github:tomyun/base16-fish/23ae20a0093dca0d7b39d76ba2401af0ccf9c561?narHash=sha256-l9xHIy%2B85FN%2BbEo6yquq2IjD1rSg9fjfjpyGP1W8YXo%3D' (2025-08-05) → 'github:tomyun/base16-fish/86cbea4dca62e08fb7fd83a70e96472f92574782?narHash=sha256-XCUQLoLfBJ8saWms2HCIj4NEN%2BxNsWBlU1NrEPcQG4s%3D' (2025-12-15) • Updated input 'stylix/firefox-gnome-theme': 'github:rafaelmardojai/firefox-gnome-theme/66b7c635763d8e6eb86bd766de5a1e1fbfcc1047?narHash=sha256-OkFLrD3pFR952TrjQi1%2BVdj604KLcMnkpa7lkW7XskI%3D' (2025-12-03) → 'github:rafaelmardojai/firefox-gnome-theme/f7ffd917ac0d253dbd6a3bf3da06888f57c69f92?narHash=sha256-1XPewtGMi%2B9wN9Ispoluxunw/RwozuTRVuuQOmxzt%2BA%3D' (2025-12-04) • Updated input 'stylix/flake-parts': 'github:hercules-ci/flake-parts/2cccadc7357c0ba201788ae99c4dfa90728ef5e0?narHash=sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q%3D' (2025-11-21) → 'github:hercules-ci/flake-parts/250481aafeb741edfe23d29195671c19b36b6dca?narHash=sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY%3D' (2026-01-05) • Updated input 'stylix/gnome-shell': 'gitlab:GNOME/gnome-shell/c0e1ad9f0f703fd0519033b8f46c3267aab51a22?host=gitlab.gnome.org&narHash=sha256-bTmNn3Q4tMQ0J/P0O5BfTQwqEnCiQIzOGef9/aqAZvk%3D' (2025-11-30) → 'gitlab:GNOME/gnome-shell/ef02db02bf0ff342734d525b5767814770d85b49?host=gitlab.gnome.org&narHash=sha256-eFujfIUQDgWnSJBablOuG%2B32hCai192yRdrNHTv0a%2Bs%3D' (2026-01-06) • Updated input 'stylix/nixpkgs': 'github:NixOS/nixpkgs/2d293cbfa5a793b4c50d17c05ef9e385b90edf6c?narHash=sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4%3D' (2025-11-30) → 'github:NixOS/nixpkgs/5912c1772a44e31bf1c63c0390b90501e5026886?narHash=sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4%3D' (2026-01-07) • Updated input 'stylix/nur': 'github:nix-community/NUR/1d9616689e98beded059ad0384b9951e967a17fa?narHash=sha256-mCBl7MD1WZ7yCG6bR9MmpPO2VydpNkWFgnslJRIT1YU%3D' (2025-12-03) → 'github:nix-community/NUR/dead29c804adc928d3a69dfe7f9f12d0eec1f1a4?narHash=sha256-ZKqhk772%2Bv/bujjhla9VABwcvz%2BhB2IaRyeLT6CFnT0%3D' (2026-01-07) • Updated input 'stylix/tinted-schemes': 'github:tinted-theming/schemes/0f6be815d258e435c9b137befe5ef4ff24bea32c?narHash=sha256-Hju0WtMf3iForxtOwXqGp3Ynipo0EYx1AqMKLPp9BJw%3D' (2025-11-23) → 'github:tinted-theming/schemes/2800e2b8ac90f678d7e4acebe4fa253f602e05b2?narHash=sha256-%2BW1EB79Jl0/gm4JqmO0Nuc5C7hRdp4vfsV/VdzI%2Bdes%3D' (2026-01-06) • Updated input 'stylix/tinted-tmux': 'github:tinted-theming/tinted-tmux/edf89a780e239263cc691a987721f786ddc4f6aa?narHash=sha256-lbSVPqLEk2SqMrnpvWuKYGCaAlfWFMA6MVmcOFJjdjE%3D' (2025-11-30) → 'github:tinted-theming/tinted-tmux/3c32729ccae99be44fe8a125d20be06f8d7d8184?narHash=sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU%3D' (2026-01-04) • Updated input 'stylix/tinted-zed': 'github:tinted-theming/base16-zed/907dbba5fb8cf69ebfd90b00813418a412d0a29a?narHash=sha256-rCD/pAhkMdCx6blsFwxIyvBJbPZZ1oL2sVFrH07lmqg%3D' (2025-11-30) → 'github:tinted-theming/base16-zed/11abb0b282ad3786a2aae088d3a01c60916f2e40?narHash=sha256-wVOj0qyil8m%2BouSsVZcNjl5ZR%2B1GdOOAooAatQXHbuU%3D' (2026-01-04) • Updated input 'vicinae': 'github:vicinaehq/vicinae/32cf6b1f82e007cddba9c9ae037eff670219cd55?narHash=sha256-etv2HJA9OWvTkjnrjaNSqvebu9gWLIGPYb9PWr4qkfM%3D' (2025-12-09) → 'github:vicinaehq/vicinae/aab965dcf29529c5fab67b9c2fb5f8168f76fa1b?narHash=sha256-OPBgcM2ZzbVEUS6lwRpJo2JBfiRK8TmYVSmZImEW2gA%3D' (2026-01-07) • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/463d3f091ad2b0ba2a4982f4181d22e452b2659d?narHash=sha256-rAWVEEbfWZKTaiqBA/ogkeHvbzlkDHZjZPHbjWUnpw8%3D' (2025-12-14) → 'github:0xc000022070/zen-browser-flake/8b2302d8c10369c9135552cc892da75cff5ddb03?narHash=sha256-5ysv8EuVAgDoYmNuXEUNf7vBzdeRaFxeIlIndv5HMvs%3D' (2026-01-07) • Updated input 'zen-browser/home-manager': 'github:nix-community/home-manager/827f2a23373a774a8805f84ca5344654c31f354b?narHash=sha256-RYHN8O/Aja59XDji6WSJZPkJpYVUfpSkyH%2BPEupBJqM%3D' (2025-11-12) → 'github:nix-community/home-manager/e4e78a2cbeaddd07ab7238971b16468cc1d14daf?narHash=sha256-GKgwu5//R%2BcLdKysZjGqvUEEOGXXLdt93sNXeb2M/Lk%3D' (2025-12-30) • Updated input 'zen-browser/nixpkgs': 'github:nixos/nixpkgs/c5ae371f1a6a7fd27823bc500d9390b38c05fa55?narHash=sha256-4PqRErxfe%2B2toFJFgcRKZ0UI9NSIOJa%2B7RXVtBhy4KE%3D' (2025-11-12) → 'github:nixos/nixpkgs/c0b0e0fddf73fd517c3471e546c0df87a42d53f4?narHash=sha256-coBu0ONtFzlwwVBzmjacUQwj3G%2BlybcZ1oeNSQkgC0M%3D' (2025-12-28) --- flake.lock | 450 ++++++++++++++++++++++++++--------------------------- 1 file changed, 225 insertions(+), 225 deletions(-) diff --git a/flake.lock b/flake.lock index fe378cf..081c9fd 100644 --- a/flake.lock +++ b/flake.lock @@ -44,17 +44,17 @@ "base16-fish": { "flake": false, "locked": { - "lastModified": 1754405784, - "narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=", + "lastModified": 1765809053, + "narHash": "sha256-XCUQLoLfBJ8saWms2HCIj4NEN+xNsWBlU1NrEPcQG4s=", "owner": "tomyun", "repo": "base16-fish", - "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", + "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", "type": "github" }, "original": { "owner": "tomyun", "repo": "base16-fish", - "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", + "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", "type": "github" } }, @@ -100,11 +100,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1763308703, - "narHash": "sha256-O9Y+Wer8wOh+N+4kcCK5p/VLrXyX+ktk0/s3HdZvJzk=", + "lastModified": 1767386128, + "narHash": "sha256-BJDu7dIMauO2nYRSL4aI8wDNtEm2KOb7lDKP3hxdrpo=", "owner": "numtide", "repo": "blueprint", - "rev": "5a9bba070f801d63e2af3c9ef00b86b212429f4f", + "rev": "0ed984d51a3031065925ab08812a5434f40b93d4", "type": "github" }, "original": { @@ -142,11 +142,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1762286984, - "narHash": "sha256-9I2H9x5We6Pl+DBYHjR1s3UT8wgwcpAH03kn9CqtdQc=", + "lastModified": 1766051518, + "narHash": "sha256-znKOwPXQnt3o7lDb3hdf19oDo0BLP4MfBOYiWkEHoik=", "owner": "serokell", "repo": "deploy-rs", - "rev": "9c870f63e28ec1e83305f7f6cb73c941e699f74f", + "rev": "d5eff7f948535b9c723d60cd8239f8f11ddc90fa", "type": "github" }, "original": { @@ -160,11 +160,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1765688338, - "narHash": "sha256-MjrytR2kiHYUnzX11cXaD31tS7kKdhM1KFaac0+KAig=", + "lastModified": 1766150702, + "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", "owner": "nix-community", "repo": "disko", - "rev": "be1a6b8a05afdd5d5fa69fcaf3c4ead7014c9fd8", + "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", "type": "github" }, "original": { @@ -176,11 +176,11 @@ "firefox-gnome-theme": { "flake": false, "locked": { - "lastModified": 1764724327, - "narHash": "sha256-OkFLrD3pFR952TrjQi1+Vdj604KLcMnkpa7lkW7XskI=", + "lastModified": 1764873433, + "narHash": "sha256-1XPewtGMi+9wN9Ispoluxunw/RwozuTRVuuQOmxzt+A=", "owner": "rafaelmardojai", "repo": "firefox-gnome-theme", - "rev": "66b7c635763d8e6eb86bd766de5a1e1fbfcc1047", + "rev": "f7ffd917ac0d253dbd6a3bf3da06888f57c69f92", "type": "github" }, "original": { @@ -208,11 +208,27 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1761588595, - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", "owner": "edolstra", "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -226,11 +242,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1765495779, - "narHash": "sha256-MhA7wmo/7uogLxiewwRRmIax70g6q1U/YemqTGoFHlM=", + "lastModified": 1767609335, + "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "5635c32d666a59ec9a55cab87e898889869f7b71", + "rev": "250481aafeb741edfe23d29195671c19b36b6dca", "type": "github" }, "original": { @@ -244,11 +260,11 @@ "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1763759067, - "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", + "lastModified": 1765835352, + "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", + "rev": "a34fae9c08a15ad73f295041fec82323541400a9", "type": "github" }, "original": { @@ -265,11 +281,11 @@ ] }, "locked": { - "lastModified": 1763759067, - "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", + "lastModified": 1767609335, + "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", + "rev": "250481aafeb741edfe23d29195671c19b36b6dca", "type": "github" }, "original": { @@ -299,24 +315,6 @@ "type": "github" } }, - "flake-utils": { - "inputs": { - "systems": "systems_4" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "fromYaml": { "flake": false, "locked": { @@ -337,11 +335,11 @@ "flake": false, "locked": { "host": "gitlab.gnome.org", - "lastModified": 1764524476, - "narHash": "sha256-bTmNn3Q4tMQ0J/P0O5BfTQwqEnCiQIzOGef9/aqAZvk=", + "lastModified": 1767737596, + "narHash": "sha256-eFujfIUQDgWnSJBablOuG+32hCai192yRdrNHTv0a+s=", "owner": "GNOME", "repo": "gnome-shell", - "rev": "c0e1ad9f0f703fd0519033b8f46c3267aab51a22", + "rev": "ef02db02bf0ff342734d525b5767814770d85b49", "type": "gitlab" }, "original": { @@ -380,11 +378,11 @@ ] }, "locked": { - "lastModified": 1765682243, - "narHash": "sha256-yeCxFV/905Wr91yKt5zrVvK6O2CVXWRMSrxqlAZnLp0=", + "lastModified": 1767890644, + "narHash": "sha256-clGZcCXX4VLLdzFDu2YRflI+oKWbv41x0w0G06h88L0=", "owner": "nix-community", "repo": "home-manager", - "rev": "58bf3ecb2d0bba7bdf363fc8a6c4d49b4d509d03", + "rev": "92394f9deafa80b9de95d7e0f10de78d39ff0564", "type": "github" }, "original": { @@ -395,6 +393,27 @@ } }, "home-manager_3": { + "inputs": { + "nixpkgs": [ + "impermanence", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747978958, + "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_4": { "inputs": { "nixpkgs": [ "zen-browser", @@ -402,11 +421,11 @@ ] }, "locked": { - "lastModified": 1762964643, - "narHash": "sha256-RYHN8O/Aja59XDji6WSJZPkJpYVUfpSkyH+PEupBJqM=", + "lastModified": 1767104570, + "narHash": "sha256-GKgwu5//R+cLdKysZjGqvUEEOGXXLdt93sNXeb2M/Lk=", "owner": "nix-community", "repo": "home-manager", - "rev": "827f2a23373a774a8805f84ca5344654c31f354b", + "rev": "e4e78a2cbeaddd07ab7238971b16468cc1d14daf", "type": "github" }, "original": { @@ -416,12 +435,16 @@ } }, "impermanence": { + "inputs": { + "home-manager": "home-manager_3", + "nixpkgs": "nixpkgs_3" + }, "locked": { - "lastModified": 1737831083, - "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", + "lastModified": 1767822991, + "narHash": "sha256-iyrn9AcPZCoyxX4OT8eMkBsjG7SRUQXXS/V1JzxS7rA=", "owner": "nix-community", "repo": "impermanence", - "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", + "rev": "82e5bc4508cab9e8d5a136626276eb5bbce5e9c5", "type": "github" }, "original": { @@ -432,7 +455,7 @@ }, "niri": { "inputs": { - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "rust-overlay": "rust-overlay" }, "locked": { @@ -454,17 +477,17 @@ "inputs": { "niri-stable": "niri-stable", "niri-unstable": "niri-unstable", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nixpkgs-stable": "nixpkgs-stable", "xwayland-satellite-stable": "xwayland-satellite-stable", "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1765714461, - "narHash": "sha256-P9kQIIPSCqmKyHD/9wFZ4ezlqofnAzYBmolSF1f5xog=", + "lastModified": 1767833217, + "narHash": "sha256-HLr9k8g1Geq40PLsNw7I5N8TZkBYtQVjkgDPV/Kehxk=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "ded1462ebc03ed723f0f9f5514e72469da687817", + "rev": "a789aa1512a9157d5d3392b27e60621fd0d83438", "type": "github" }, "original": { @@ -493,11 +516,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1765687800, - "narHash": "sha256-Erk+ypR8N+rCvjMdUB1N/v4jtm4QRH9k7r/9zh2HyC8=", + "lastModified": 1767792726, + "narHash": "sha256-qS4tdG2iUQwSld9dTH1gk8GcIOrRi9umMgPv8MGDIA0=", "owner": "YaLTeR", "repo": "niri", - "rev": "7c0898570ca5bd3f10fbf4cf2f8a00edc48d787b", + "rev": "10df9f4717cbd4efd20ae796eb6b0aa400127bdc", "type": "github" }, "original": { @@ -509,15 +532,15 @@ "nix-ai-tools": { "inputs": { "blueprint": "blueprint", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1765854155, - "narHash": "sha256-yrECdmBoMhUAA8FqUJ1LbtDjuwn+38OkFgRrwbEq/DU=", + "lastModified": 1767882842, + "narHash": "sha256-Wo1jRV29yb3NwWf1hG80rmhrTC5x3F+bvj5u/fvxMW4=", "owner": "numtide", "repo": "llm-agents.nix", - "rev": "9ee377d02d7e50e2903d9c7fa53138aebd9ae944", + "rev": "1e0eaa265ba27a04f89b3265583bdf7da54a3972", "type": "github" }, "original": { @@ -562,40 +585,19 @@ "type": "github" } }, - "nix-options-doc": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_6", - "rust-overlay": "rust-overlay_2" - }, - "locked": { - "lastModified": 1742115705, - "narHash": "sha256-RfXwJPWBoWswIU68+y/XZfTWtFHd/fK14bKvOlRmfPo=", - "owner": "Thunderbottom", - "repo": "nix-options-doc", - "rev": "2caa4b5756a8666d65d70122f413e295f56886e7", - "type": "github" - }, - "original": { - "owner": "Thunderbottom", - "ref": "v0.2.0", - "repo": "nix-options-doc", - "type": "github" - } - }, "nixos-cli": { "inputs": { "flake-compat": "flake-compat_2", "flake-parts": "flake-parts_2", - "nix-options-doc": "nix-options-doc", - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_7", + "optnix": "optnix" }, "locked": { - "lastModified": 1765423663, - "narHash": "sha256-ToKVLDYAzKyStJgCA7W+RZObvwABK9fQ8i1wLUUOdLM=", + "lastModified": 1767322536, + "narHash": "sha256-V/4vkr/tTJ50dh57GEKZbEikex+GqOVVF2SVYwLcSmQ=", "owner": "nix-community", "repo": "nixos-cli", - "rev": "a2019789319c1678be8dc68ecf34c83f948e7475", + "rev": "b68f36728504f1017591a9e296237a867e52156d", "type": "github" }, "original": { @@ -622,11 +624,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1761765539, - "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", + "lastModified": 1765674936, + "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", + "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", "type": "github" }, "original": { @@ -637,11 +639,11 @@ }, "nixpkgs-lib_2": { "locked": { - "lastModified": 1761765539, - "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", + "lastModified": 1765674936, + "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", + "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", "type": "github" }, "original": { @@ -652,11 +654,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1765608474, - "narHash": "sha256-9Wx53UK0z8Di5iesJID0tS1dRKwGxI4i7tsSanOHhF0=", + "lastModified": 1767799921, + "narHash": "sha256-r4GVX+FToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "28bb483c11a1214a73f9fd2d9928a6e2ea86ec71", + "rev": "d351d0653aeb7877273920cd3e823994e7579b0b", "type": "github" }, "original": { @@ -668,11 +670,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1765608474, - "narHash": "sha256-9Wx53UK0z8Di5iesJID0tS1dRKwGxI4i7tsSanOHhF0=", + "lastModified": 1767799921, + "narHash": "sha256-r4GVX+FToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "28bb483c11a1214a73f9fd2d9928a6e2ea86ec71", + "rev": "d351d0653aeb7877273920cd3e823994e7579b0b", "type": "github" }, "original": { @@ -683,6 +685,22 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1767767207, + "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1762111121, "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", @@ -698,13 +716,13 @@ "type": "github" } }, - "nixpkgs_11": { + "nixpkgs_12": { "locked": { - "lastModified": 1762977756, - "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=", + "lastModified": 1766902085, + "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55", + "rev": "c0b0e0fddf73fd517c3471e546c0df87a42d53f4", "type": "github" }, "original": { @@ -731,6 +749,22 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1748026106, + "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1757967192, "narHash": "sha256-/aA9A/OBmnuOMgwfzdsXRusqzUpd8rQnQY8jtrHK+To=", @@ -746,13 +780,13 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { - "lastModified": 1765472234, - "narHash": "sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0=", + "lastModified": 1767767207, + "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fbfb1d73d239d2402a8fe03963e37aab15abe8b", + "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", "type": "github" }, "original": { @@ -762,13 +796,13 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { - "lastModified": 1765772535, - "narHash": "sha256-aq+dQoaPONOSjtFIBnAXseDm9TUhIbe215TPmkfMYww=", + "lastModified": 1767364772, + "narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "09b8fda8959d761445f12b55f380d90375a1d6bb", + "rev": "16c7794d0a28b5a37904d55bcca36003b9109aaa", "type": "github" }, "original": { @@ -778,29 +812,13 @@ "type": "github" } }, - "nixpkgs_6": { - "locked": { - "lastModified": 1740695751, - "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "6313551cd05425cd5b3e63fe47dbc324eabb15e4", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_7": { "locked": { - "lastModified": 1764527385, - "narHash": "sha256-nA5ywiGKl76atrbdZ5Aucd8SjF/v8ew9b9QsC+MKL14=", + "lastModified": 1767151656, + "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "23258e03aaa49b3a68597e3e50eb0cbce7e42e9d", + "rev": "f665af0cdb70ed27e1bd8f9fdfecaf451260fc55", "type": "github" }, "original": { @@ -812,31 +830,31 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1765472234, - "narHash": "sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0=", - "owner": "nixos", + "lastModified": 1759070547, + "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fbfb1d73d239d2402a8fe03963e37aab15abe8b", + "rev": "647e5c14cbd5067f44ac86b74f014962df460840", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable", + "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_9": { "locked": { - "lastModified": 1764517877, - "narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=", - "owner": "NixOS", + "lastModified": 1767767207, + "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "2d293cbfa5a793b4c50d17c05ef9e385b90edf6c", + "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "nixos", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -849,11 +867,11 @@ ] }, "locked": { - "lastModified": 1765720248, - "narHash": "sha256-4CUoczVKiEEGCVl4qw3jo9YRCpX6d53hw0KMptdaFCQ=", + "lastModified": 1767890738, + "narHash": "sha256-/fDWzjo+ukaTCBzxycwyR5xB10/4N+i9wBfTOFNfYHQ=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "04852ccdc10ab7e289a4bd6f5987972196744e9d", + "rev": "6a61bf185c1b9a508377bde924db58ff53ef2d93", "type": "github" }, "original": { @@ -874,11 +892,11 @@ ] }, "locked": { - "lastModified": 1764773531, - "narHash": "sha256-mCBl7MD1WZ7yCG6bR9MmpPO2VydpNkWFgnslJRIT1YU=", + "lastModified": 1767810917, + "narHash": "sha256-ZKqhk772+v/bujjhla9VABwcvz+hB2IaRyeLT6CFnT0=", "owner": "nix-community", "repo": "NUR", - "rev": "1d9616689e98beded059ad0384b9951e967a17fa", + "rev": "dead29c804adc928d3a69dfe7f9f12d0eec1f1a4", "type": "github" }, "original": { @@ -887,6 +905,25 @@ "type": "github" } }, + "optnix": { + "inputs": { + "flake-compat": "flake-compat_3", + "nixpkgs": "nixpkgs_8" + }, + "locked": { + "lastModified": 1765418479, + "narHash": "sha256-33VCCXiEnEL9N2wVxo9FHLwL8KWH6qk+MNRcSThOPWs=", + "owner": "water-sucks", + "repo": "optnix", + "rev": "01facc3de860bf479723bf19535586564e59fe73", + "type": "github" + }, + "original": { + "owner": "water-sucks", + "repo": "optnix", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -901,7 +938,7 @@ "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_9", "nixpkgs-stable": "nixpkgs-stable_2", "noctalia": "noctalia", "stylix": "stylix", @@ -931,28 +968,6 @@ "type": "github" } }, - "rust-overlay_2": { - "inputs": { - "nixpkgs": [ - "nixos-cli", - "nix-options-doc", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1740796337, - "narHash": "sha256-FuoXrXZPoJEZQ3PF7t85tEpfBVID9JQIOnVKMNfTAb0=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "bbac9527bc6b28b6330b13043d0e76eac11720dc", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, "stylix": { "inputs": { "base16": "base16", @@ -962,9 +977,9 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_3", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_10", "nur": "nur", - "systems": "systems_5", + "systems": "systems_4", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -972,11 +987,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1765474444, - "narHash": "sha256-sDG+c73xEnIw1pFNRWffKDnTWiTuyZiEP+Iub0D3mWA=", + "lastModified": 1767886384, + "narHash": "sha256-5/hrrHMZuwwJXqLb86MBElPKS61Efe+hgGkVvpbzJM4=", "owner": "danth", "repo": "stylix", - "rev": "dd14de4432a94e93e10d0159f1d411487e435e1e", + "rev": "a525e4774f2576e0f10b8b183c2dfaf7d165c052", "type": "github" }, "original": { @@ -1075,28 +1090,13 @@ "type": "github" } }, - "systems_7": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "terranix": { "inputs": { "flake-parts": "flake-parts_4", "nixpkgs": [ "nixpkgs" ], - "systems": "systems_6" + "systems": "systems_5" }, "locked": { "lastModified": 1762472226, @@ -1148,11 +1148,11 @@ "tinted-schemes": { "flake": false, "locked": { - "lastModified": 1763914658, - "narHash": "sha256-Hju0WtMf3iForxtOwXqGp3Ynipo0EYx1AqMKLPp9BJw=", + "lastModified": 1767710407, + "narHash": "sha256-+W1EB79Jl0/gm4JqmO0Nuc5C7hRdp4vfsV/VdzI+des=", "owner": "tinted-theming", "repo": "schemes", - "rev": "0f6be815d258e435c9b137befe5ef4ff24bea32c", + "rev": "2800e2b8ac90f678d7e4acebe4fa253f602e05b2", "type": "github" }, "original": { @@ -1164,11 +1164,11 @@ "tinted-tmux": { "flake": false, "locked": { - "lastModified": 1764465359, - "narHash": "sha256-lbSVPqLEk2SqMrnpvWuKYGCaAlfWFMA6MVmcOFJjdjE=", + "lastModified": 1767489635, + "narHash": "sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU=", "owner": "tinted-theming", "repo": "tinted-tmux", - "rev": "edf89a780e239263cc691a987721f786ddc4f6aa", + "rev": "3c32729ccae99be44fe8a125d20be06f8d7d8184", "type": "github" }, "original": { @@ -1180,11 +1180,11 @@ "tinted-zed": { "flake": false, "locked": { - "lastModified": 1764464512, - "narHash": "sha256-rCD/pAhkMdCx6blsFwxIyvBJbPZZ1oL2sVFrH07lmqg=", + "lastModified": 1767488740, + "narHash": "sha256-wVOj0qyil8m+ouSsVZcNjl5ZR+1GdOOAooAatQXHbuU=", "owner": "tinted-theming", "repo": "base16-zed", - "rev": "907dbba5fb8cf69ebfd90b00813418a412d0a29a", + "rev": "11abb0b282ad3786a2aae088d3a01c60916f2e40", "type": "github" }, "original": { @@ -1201,11 +1201,11 @@ ] }, "locked": { - "lastModified": 1762938485, - "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=", + "lastModified": 1767801790, + "narHash": "sha256-QfX6g3Wj2vQe7oBJEbTf0npvC6sJoDbF9hb2+gM5tf8=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4", + "rev": "778a1d691f1ef45dd68c661715c5bf8cbf131c80", "type": "github" }, "original": { @@ -1234,15 +1234,15 @@ }, "vicinae": { "inputs": { - "nixpkgs": "nixpkgs_10", - "systems": "systems_7" + "nixpkgs": "nixpkgs_11", + "systems": "systems_6" }, "locked": { - "lastModified": 1765272078, - "narHash": "sha256-etv2HJA9OWvTkjnrjaNSqvebu9gWLIGPYb9PWr4qkfM=", + "lastModified": 1767815010, + "narHash": "sha256-OPBgcM2ZzbVEUS6lwRpJo2JBfiRK8TmYVSmZImEW2gA=", "owner": "vicinaehq", "repo": "vicinae", - "rev": "32cf6b1f82e007cddba9c9ae037eff670219cd55", + "rev": "aab965dcf29529c5fab67b9c2fb5f8168f76fa1b", "type": "github" }, "original": { @@ -1271,11 +1271,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1765343581, - "narHash": "sha256-HtTPbV6z6AJPg2d0bHaJKFrnNha+SEbHvbJafKAQ614=", + "lastModified": 1767830382, + "narHash": "sha256-0PgS7M1SV6JCN3MugFZPaP8J+Mr2o7lSDFTPVYZSIAY=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "f0ad674b7009a6afd80cea59d4fbf975dd68ee95", + "rev": "74cf1a95a35fd7aec76432bc2cd9b310e0d908c5", "type": "github" }, "original": { @@ -1286,15 +1286,15 @@ }, "zen-browser": { "inputs": { - "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_11" + "home-manager": "home-manager_4", + "nixpkgs": "nixpkgs_12" }, "locked": { - "lastModified": 1765715981, - "narHash": "sha256-rAWVEEbfWZKTaiqBA/ogkeHvbzlkDHZjZPHbjWUnpw8=", + "lastModified": 1767763594, + "narHash": "sha256-5ysv8EuVAgDoYmNuXEUNf7vBzdeRaFxeIlIndv5HMvs=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "463d3f091ad2b0ba2a4982f4181d22e452b2659d", + "rev": "8b2302d8c10369c9135552cc892da75cff5ddb03", "type": "github" }, "original": { From 4e05b20fa645abc480bb32fc9f178c0e928166cf Mon Sep 17 00:00:00 2001 From: William Date: Thu, 8 Jan 2026 14:44:05 -0300 Subject: [PATCH 059/138] added neededForBoot to /persistent --- hosts/modules/ephemeral.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/modules/ephemeral.nix b/hosts/modules/ephemeral.nix index cad5f41..e962a89 100644 --- a/hosts/modules/ephemeral.nix +++ b/hosts/modules/ephemeral.nix @@ -16,6 +16,8 @@ rootSubvolume = "@root"; }; + fileSystems."/persistent".neededForBoot = true; + environment.persistence.main = { persistentStoragePath = "/persistent"; files = [ From 14b58b346e06b3fdb1b0bf7fca844d4f3d10b220 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 8 Jan 2026 14:44:36 -0300 Subject: [PATCH 060/138] nixfmt-rfc-style is now nixfmt; programs.adb no longer a thing --- devShells.nix | 2 +- hosts/modules/dev.nix | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/devShells.nix b/devShells.nix index f7e9627..1c93cf3 100644 --- a/devShells.nix +++ b/devShells.nix @@ -9,7 +9,7 @@ inputs.agenix.packages.${system}.default deploy-rs nil - nixfmt-rfc-style + nixfmt ]; }; }; diff --git a/hosts/modules/dev.nix b/hosts/modules/dev.nix index c4cca78..d9c31f7 100644 --- a/hosts/modules/dev.nix +++ b/hosts/modules/dev.nix @@ -2,18 +2,17 @@ { environment.systemPackages = with pkgs; [ + android-tools bat lazygit fd fzf glow - nixfmt-rfc-style + nixfmt nix-init nix-output-monitor ripgrep ]; - programs.adb.enable = true; - users.users.user.extraGroups = [ "adbusers" ]; } From b8f9e8a19c7dac004605923d1c769783fffd3e1c Mon Sep 17 00:00:00 2001 From: William Date: Tue, 20 Jan 2026 15:42:26 -0300 Subject: [PATCH 061/138] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'disko': 'github:nix-community/disko/916506443ecd0d0b4a0f4cf9d40a3c22ce39b378?narHash=sha256-P0kM%2B5o%2BDKnB6raXgFEk3azw8Wqg5FL6wyl9jD%2BG5a4%3D' (2025-12-19) → 'github:nix-community/disko/00395d188e3594a1507f214a2f15d4ce5c07cb28?narHash=sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q%3D' (2026-01-20) • Updated input 'disko/nixpkgs': 'github:NixOS/nixpkgs/a8d610af3f1a5fb71e23e08434d8d61a466fc942?narHash=sha256-v5afmLjn/uyD9EQuPBn7nZuaZVV9r%2BJerayK/4wvdWA%3D' (2025-11-20) → 'github:NixOS/nixpkgs/3327b113f2ef698d380df83fbccefad7e83d7769?narHash=sha256-MJwOjrIISfOpdI9x4C%2B5WFQXvHtOuj5mqLZ4TMEtk1M%3D' (2026-01-17) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/250481aafeb741edfe23d29195671c19b36b6dca?narHash=sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY%3D' (2026-01-05) → 'github:hercules-ci/flake-parts/80daad04eddbbf5a4d883996a73f3f542fa437ac?narHash=sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY%3D' (2026-01-11) • Updated input 'home-manager': 'github:nix-community/home-manager/92394f9deafa80b9de95d7e0f10de78d39ff0564?narHash=sha256-clGZcCXX4VLLdzFDu2YRflI%2BoKWbv41x0w0G06h88L0%3D' (2026-01-08) → 'github:nix-community/home-manager/63a87808f5f9b6e4195a1d33f6ea25d23f4aa0df?narHash=sha256-zyMpWHqcpKVmRc1W2NEK7DAuyVJZV62Jdjqudg70b1k%3D' (2026-01-20) • Updated input 'impermanence': 'github:nix-community/impermanence/82e5bc4508cab9e8d5a136626276eb5bbce5e9c5?narHash=sha256-iyrn9AcPZCoyxX4OT8eMkBsjG7SRUQXXS/V1JzxS7rA%3D' (2026-01-07) → 'github:nix-community/impermanence/0d633a69480bb3a3e2f18c080d34a8fa81da6395?narHash=sha256-6nY0ixjGjPQCL%2B/sUC1B1MRiO1LOI3AkRSIywm3i3bE%3D' (2026-01-19) • Updated input 'impermanence/home-manager': 'github:nix-community/home-manager/7419250703fd5eb50e99bdfb07a86671939103ea?narHash=sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ%3D' (2025-05-23) → 'github:nix-community/home-manager/c47b2cc64a629f8e075de52e4742de688f930dc6?narHash=sha256-kkgA32s/f4jaa4UG%2B2f8C225Qvclxnqs76mf8zvTVPg%3D' (2026-01-16) • Updated input 'impermanence/nixpkgs': 'github:nixos/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D' (2025-05-23) → 'github:nixos/nixpkgs/e4bae1bd10c9c57b2cf517953ab70060a828ee6f?narHash=sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc%3D' (2026-01-16) • Updated input 'niri-flake': 'github:sodiboo/niri-flake/a789aa1512a9157d5d3392b27e60621fd0d83438?narHash=sha256-HLr9k8g1Geq40PLsNw7I5N8TZkBYtQVjkgDPV/Kehxk%3D' (2026-01-08) → 'github:sodiboo/niri-flake/6581f5458309233622c1b73c8902dcaea7be16eb?narHash=sha256-ct4qxmFJeJbaJKiOnXOZmRmVmk7TpT%2BlohuTgTr%2BkYQ%3D' (2026-01-20) • Updated input 'niri-flake/niri-unstable': 'github:YaLTeR/niri/10df9f4717cbd4efd20ae796eb6b0aa400127bdc?narHash=sha256-qS4tdG2iUQwSld9dTH1gk8GcIOrRi9umMgPv8MGDIA0%3D' (2026-01-07) → 'github:YaLTeR/niri/d7184a04b904e07113f4623610775ae78d32394c?narHash=sha256-Ub8eed4DsfIDWyg30xEe%2B8bSxL/z5Af/gCjmvJ0V/Hs%3D' (2026-01-17) • Updated input 'niri-flake/nixpkgs': 'github:NixOS/nixpkgs/5912c1772a44e31bf1c63c0390b90501e5026886?narHash=sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4%3D' (2026-01-07) → 'github:NixOS/nixpkgs/e4bae1bd10c9c57b2cf517953ab70060a828ee6f?narHash=sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc%3D' (2026-01-16) • Updated input 'niri-flake/nixpkgs-stable': 'github:NixOS/nixpkgs/d351d0653aeb7877273920cd3e823994e7579b0b?narHash=sha256-r4GVX%2BFToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE%3D' (2026-01-07) → 'github:NixOS/nixpkgs/77ef7a29d276c6d8303aece3444d61118ef71ac2?narHash=sha256-XsM7GP3jHlephymxhDE%2B/TKKO1Q16phz/vQiLBGhpF4%3D' (2026-01-18) • Updated input 'niri-flake/xwayland-satellite-unstable': 'github:Supreeeme/xwayland-satellite/74cf1a95a35fd7aec76432bc2cd9b310e0d908c5?narHash=sha256-0PgS7M1SV6JCN3MugFZPaP8J%2BMr2o7lSDFTPVYZSIAY%3D' (2026-01-07) → 'github:Supreeeme/xwayland-satellite/ed1cef792b4def3321ff9ab5479df09609f17a69?narHash=sha256-C1JbyJ3ftogmN3vmLNfyPtnJw2wY64TiUTIhFtk1Leg%3D' (2026-01-18) • Updated input 'nix-ai-tools': 'github:numtide/llm-agents.nix/1e0eaa265ba27a04f89b3265583bdf7da54a3972?narHash=sha256-Wo1jRV29yb3NwWf1hG80rmhrTC5x3F%2Bbvj5u/fvxMW4%3D' (2026-01-08) → 'github:numtide/llm-agents.nix/78f3fdc13ef903475aa5bfc0f85eeefaa36af837?narHash=sha256-gFoGvnW2YDWsxKD56kdiXbhh9vBPAU3yusssbXF0UMo%3D' (2026-01-20) • Updated input 'nix-ai-tools/nixpkgs': 'github:NixOS/nixpkgs/16c7794d0a28b5a37904d55bcca36003b9109aaa?narHash=sha256-fFUnEYMla8b7UKjijLnMe%2BoVFOz6HjijGGNS1l7dYaQ%3D' (2026-01-02) → 'github:NixOS/nixpkgs/bde09022887110deb780067364a0818e89258968?narHash=sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo%2Bw8KsY4%3D' (2026-01-19) • Updated input 'nix-ai-tools/treefmt-nix': 'github:numtide/treefmt-nix/778a1d691f1ef45dd68c661715c5bf8cbf131c80?narHash=sha256-QfX6g3Wj2vQe7oBJEbTf0npvC6sJoDbF9hb2%2BgM5tf8%3D' (2026-01-07) → 'github:numtide/treefmt-nix/e96d59dff5c0d7fddb9d113ba108f03c3ef99eca?narHash=sha256-67vyT1%2BxClLldnumAzCTBvU0jLZ1YBcf4vANRWP3%2BAk%3D' (2026-01-11) • Updated input 'nix-flatpak': 'github:gmodena/nix-flatpak/62f636b87ef6050760a8cb325cadb90674d1e23e?narHash=sha256-0bBqT%2B3XncgF8F03RFAamw9vdf0VmaDoIJLTGkjfQZs%3D' (2025-08-09) → 'github:gmodena/nix-flatpak/123fe29340a5b8671367055b75a6e7c320d6f89a?narHash=sha256-Sbh037scxKFm7xL0ahgSCw%2BX2/5ZKeOwI2clqrYr9j4%3D' (2026-01-17) • Updated input 'nixos-cli': 'github:nix-community/nixos-cli/b68f36728504f1017591a9e296237a867e52156d?narHash=sha256-V/4vkr/tTJ50dh57GEKZbEikex%2BGqOVVF2SVYwLcSmQ%3D' (2026-01-02) → 'github:nix-community/nixos-cli/5e79001c7a8b556c3c61d4ef38f0f0fa1187ee90?narHash=sha256-6w1Mhg6%2B46LlaheCa1O/jIk02ukerZ7DdUf9GlQVGxc%3D' (2026-01-18) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/5912c1772a44e31bf1c63c0390b90501e5026886?narHash=sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4%3D' (2026-01-07) → 'github:nixos/nixpkgs/e4bae1bd10c9c57b2cf517953ab70060a828ee6f?narHash=sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc%3D' (2026-01-16) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/d351d0653aeb7877273920cd3e823994e7579b0b?narHash=sha256-r4GVX%2BFToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE%3D' (2026-01-07) → 'github:nixos/nixpkgs/77ef7a29d276c6d8303aece3444d61118ef71ac2?narHash=sha256-XsM7GP3jHlephymxhDE%2B/TKKO1Q16phz/vQiLBGhpF4%3D' (2026-01-18) • Updated input 'noctalia': 'github:noctalia-dev/noctalia-shell/6a61bf185c1b9a508377bde924db58ff53ef2d93?narHash=sha256-/fDWzjo%2BukaTCBzxycwyR5xB10/4N%2Bi9wBfTOFNfYHQ%3D' (2026-01-08) → 'github:noctalia-dev/noctalia-shell/1ef5c0eb307e8a4f30dfa6bcc75cf90ae8c6af46?narHash=sha256-T4H/VMjGwBuHEIrPYWfXQ73XV0foCuFGgH7k3SNSJDo%3D' (2026-01-20) • Updated input 'stylix': 'github:danth/stylix/a525e4774f2576e0f10b8b183c2dfaf7d165c052?narHash=sha256-5/hrrHMZuwwJXqLb86MBElPKS61Efe%2BhgGkVvpbzJM4%3D' (2026-01-08) → 'github:danth/stylix/06684f00cfbee14da96fd4307b966884de272d3a?narHash=sha256-3%2Bh7OxqfrPIB/tRsiZXWE9sCbTm7NQN5Ie428p%2BS6BA%3D' (2026-01-18) • Updated input 'vicinae': 'github:vicinaehq/vicinae/aab965dcf29529c5fab67b9c2fb5f8168f76fa1b?narHash=sha256-OPBgcM2ZzbVEUS6lwRpJo2JBfiRK8TmYVSmZImEW2gA%3D' (2026-01-07) → 'github:vicinaehq/vicinae/934bc0ad47be6dbd6498a0dac655c4613fd0ab27?narHash=sha256-u5bWDuwk6oieTnvm1YjNotcYK8iJSddH5%2BS68%2BX4TSc%3D' (2026-01-19) • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/8b2302d8c10369c9135552cc892da75cff5ddb03?narHash=sha256-5ysv8EuVAgDoYmNuXEUNf7vBzdeRaFxeIlIndv5HMvs%3D' (2026-01-07) → 'github:0xc000022070/zen-browser-flake/37149a5b77e8fd2b5332e8cec9edf39ca5b8e8bc?narHash=sha256-w10iy/aqd5LtD78NDWWG%2BeKGzkb%2BcGhAAo7PVciLbWE%3D' (2026-01-20) • Updated input 'zen-browser/home-manager': 'github:nix-community/home-manager/e4e78a2cbeaddd07ab7238971b16468cc1d14daf?narHash=sha256-GKgwu5//R%2BcLdKysZjGqvUEEOGXXLdt93sNXeb2M/Lk%3D' (2025-12-30) → 'github:nix-community/home-manager/b4d88c9ac42ae1a745283f6547701da43b6e9f9b?narHash=sha256-cJbFn17oyg6qAraLr%2BNVeNJrXsrzJdrudkzI4H2iTcg%3D' (2026-01-14) • Updated input 'zen-browser/nixpkgs': 'github:nixos/nixpkgs/c0b0e0fddf73fd517c3471e546c0df87a42d53f4?narHash=sha256-coBu0ONtFzlwwVBzmjacUQwj3G%2BlybcZ1oeNSQkgC0M%3D' (2025-12-28) → 'github:nixos/nixpkgs/ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38?narHash=sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs%3D' (2026-01-11) --- flake.lock | 150 ++++++++++++++++++++++++++--------------------------- 1 file changed, 75 insertions(+), 75 deletions(-) diff --git a/flake.lock b/flake.lock index 081c9fd..b5b63cf 100644 --- a/flake.lock +++ b/flake.lock @@ -160,11 +160,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1766150702, - "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", + "lastModified": 1768923567, + "narHash": "sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q=", "owner": "nix-community", "repo": "disko", - "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", + "rev": "00395d188e3594a1507f214a2f15d4ce5c07cb28", "type": "github" }, "original": { @@ -242,11 +242,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1767609335, - "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "250481aafeb741edfe23d29195671c19b36b6dca", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", "type": "github" }, "original": { @@ -378,11 +378,11 @@ ] }, "locked": { - "lastModified": 1767890644, - "narHash": "sha256-clGZcCXX4VLLdzFDu2YRflI+oKWbv41x0w0G06h88L0=", + "lastModified": 1768927746, + "narHash": "sha256-zyMpWHqcpKVmRc1W2NEK7DAuyVJZV62Jdjqudg70b1k=", "owner": "nix-community", "repo": "home-manager", - "rev": "92394f9deafa80b9de95d7e0f10de78d39ff0564", + "rev": "63a87808f5f9b6e4195a1d33f6ea25d23f4aa0df", "type": "github" }, "original": { @@ -400,11 +400,11 @@ ] }, "locked": { - "lastModified": 1747978958, - "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", + "lastModified": 1768598210, + "narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=", "owner": "nix-community", "repo": "home-manager", - "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", + "rev": "c47b2cc64a629f8e075de52e4742de688f930dc6", "type": "github" }, "original": { @@ -421,11 +421,11 @@ ] }, "locked": { - "lastModified": 1767104570, - "narHash": "sha256-GKgwu5//R+cLdKysZjGqvUEEOGXXLdt93sNXeb2M/Lk=", + "lastModified": 1768434960, + "narHash": "sha256-cJbFn17oyg6qAraLr+NVeNJrXsrzJdrudkzI4H2iTcg=", "owner": "nix-community", "repo": "home-manager", - "rev": "e4e78a2cbeaddd07ab7238971b16468cc1d14daf", + "rev": "b4d88c9ac42ae1a745283f6547701da43b6e9f9b", "type": "github" }, "original": { @@ -440,11 +440,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1767822991, - "narHash": "sha256-iyrn9AcPZCoyxX4OT8eMkBsjG7SRUQXXS/V1JzxS7rA=", + "lastModified": 1768835187, + "narHash": "sha256-6nY0ixjGjPQCL+/sUC1B1MRiO1LOI3AkRSIywm3i3bE=", "owner": "nix-community", "repo": "impermanence", - "rev": "82e5bc4508cab9e8d5a136626276eb5bbce5e9c5", + "rev": "0d633a69480bb3a3e2f18c080d34a8fa81da6395", "type": "github" }, "original": { @@ -483,11 +483,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1767833217, - "narHash": "sha256-HLr9k8g1Geq40PLsNw7I5N8TZkBYtQVjkgDPV/Kehxk=", + "lastModified": 1768877436, + "narHash": "sha256-ct4qxmFJeJbaJKiOnXOZmRmVmk7TpT+lohuTgTr+kYQ=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "a789aa1512a9157d5d3392b27e60621fd0d83438", + "rev": "6581f5458309233622c1b73c8902dcaea7be16eb", "type": "github" }, "original": { @@ -516,11 +516,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1767792726, - "narHash": "sha256-qS4tdG2iUQwSld9dTH1gk8GcIOrRi9umMgPv8MGDIA0=", + "lastModified": 1768678265, + "narHash": "sha256-Ub8eed4DsfIDWyg30xEe+8bSxL/z5Af/gCjmvJ0V/Hs=", "owner": "YaLTeR", "repo": "niri", - "rev": "10df9f4717cbd4efd20ae796eb6b0aa400127bdc", + "rev": "d7184a04b904e07113f4623610775ae78d32394c", "type": "github" }, "original": { @@ -536,11 +536,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1767882842, - "narHash": "sha256-Wo1jRV29yb3NwWf1hG80rmhrTC5x3F+bvj5u/fvxMW4=", + "lastModified": 1768922080, + "narHash": "sha256-gFoGvnW2YDWsxKD56kdiXbhh9vBPAU3yusssbXF0UMo=", "owner": "numtide", "repo": "llm-agents.nix", - "rev": "1e0eaa265ba27a04f89b3265583bdf7da54a3972", + "rev": "78f3fdc13ef903475aa5bfc0f85eeefaa36af837", "type": "github" }, "original": { @@ -551,11 +551,11 @@ }, "nix-flatpak": { "locked": { - "lastModified": 1754777568, - "narHash": "sha256-0bBqT+3XncgF8F03RFAamw9vdf0VmaDoIJLTGkjfQZs=", + "lastModified": 1768656715, + "narHash": "sha256-Sbh037scxKFm7xL0ahgSCw+X2/5ZKeOwI2clqrYr9j4=", "owner": "gmodena", "repo": "nix-flatpak", - "rev": "62f636b87ef6050760a8cb325cadb90674d1e23e", + "rev": "123fe29340a5b8671367055b75a6e7c320d6f89a", "type": "github" }, "original": { @@ -593,11 +593,11 @@ "optnix": "optnix" }, "locked": { - "lastModified": 1767322536, - "narHash": "sha256-V/4vkr/tTJ50dh57GEKZbEikex+GqOVVF2SVYwLcSmQ=", + "lastModified": 1768778579, + "narHash": "sha256-6w1Mhg6+46LlaheCa1O/jIk02ukerZ7DdUf9GlQVGxc=", "owner": "nix-community", "repo": "nixos-cli", - "rev": "b68f36728504f1017591a9e296237a867e52156d", + "rev": "5e79001c7a8b556c3c61d4ef38f0f0fa1187ee90", "type": "github" }, "original": { @@ -654,11 +654,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1767799921, - "narHash": "sha256-r4GVX+FToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE=", + "lastModified": 1768773494, + "narHash": "sha256-XsM7GP3jHlephymxhDE+/TKKO1Q16phz/vQiLBGhpF4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d351d0653aeb7877273920cd3e823994e7579b0b", + "rev": "77ef7a29d276c6d8303aece3444d61118ef71ac2", "type": "github" }, "original": { @@ -670,11 +670,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1767799921, - "narHash": "sha256-r4GVX+FToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE=", + "lastModified": 1768773494, + "narHash": "sha256-XsM7GP3jHlephymxhDE+/TKKO1Q16phz/vQiLBGhpF4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d351d0653aeb7877273920cd3e823994e7579b0b", + "rev": "77ef7a29d276c6d8303aece3444d61118ef71ac2", "type": "github" }, "original": { @@ -718,11 +718,11 @@ }, "nixpkgs_12": { "locked": { - "lastModified": 1766902085, - "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=", + "lastModified": 1768127708, + "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c0b0e0fddf73fd517c3471e546c0df87a42d53f4", + "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38", "type": "github" }, "original": { @@ -734,11 +734,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1763618868, - "narHash": "sha256-v5afmLjn/uyD9EQuPBn7nZuaZVV9r+JerayK/4wvdWA=", + "lastModified": 1768661221, + "narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a8d610af3f1a5fb71e23e08434d8d61a466fc942", + "rev": "3327b113f2ef698d380df83fbccefad7e83d7769", "type": "github" }, "original": { @@ -750,11 +750,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1748026106, - "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", + "lastModified": 1768564909, + "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", + "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", "type": "github" }, "original": { @@ -782,11 +782,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1767767207, - "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", + "lastModified": 1768564909, + "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", + "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", "type": "github" }, "original": { @@ -798,11 +798,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1767364772, - "narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=", + "lastModified": 1768783163, + "narHash": "sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo+w8KsY4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "16c7794d0a28b5a37904d55bcca36003b9109aaa", + "rev": "bde09022887110deb780067364a0818e89258968", "type": "github" }, "original": { @@ -846,11 +846,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1767767207, - "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", + "lastModified": 1768564909, + "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", + "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", "type": "github" }, "original": { @@ -867,11 +867,11 @@ ] }, "locked": { - "lastModified": 1767890738, - "narHash": "sha256-/fDWzjo+ukaTCBzxycwyR5xB10/4N+i9wBfTOFNfYHQ=", + "lastModified": 1768924718, + "narHash": "sha256-T4H/VMjGwBuHEIrPYWfXQ73XV0foCuFGgH7k3SNSJDo=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "6a61bf185c1b9a508377bde924db58ff53ef2d93", + "rev": "1ef5c0eb307e8a4f30dfa6bcc75cf90ae8c6af46", "type": "github" }, "original": { @@ -987,11 +987,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1767886384, - "narHash": "sha256-5/hrrHMZuwwJXqLb86MBElPKS61Efe+hgGkVvpbzJM4=", + "lastModified": 1768744881, + "narHash": "sha256-3+h7OxqfrPIB/tRsiZXWE9sCbTm7NQN5Ie428p+S6BA=", "owner": "danth", "repo": "stylix", - "rev": "a525e4774f2576e0f10b8b183c2dfaf7d165c052", + "rev": "06684f00cfbee14da96fd4307b966884de272d3a", "type": "github" }, "original": { @@ -1201,11 +1201,11 @@ ] }, "locked": { - "lastModified": 1767801790, - "narHash": "sha256-QfX6g3Wj2vQe7oBJEbTf0npvC6sJoDbF9hb2+gM5tf8=", + "lastModified": 1768158989, + "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "778a1d691f1ef45dd68c661715c5bf8cbf131c80", + "rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca", "type": "github" }, "original": { @@ -1238,11 +1238,11 @@ "systems": "systems_6" }, "locked": { - "lastModified": 1767815010, - "narHash": "sha256-OPBgcM2ZzbVEUS6lwRpJo2JBfiRK8TmYVSmZImEW2gA=", + "lastModified": 1768856963, + "narHash": "sha256-u5bWDuwk6oieTnvm1YjNotcYK8iJSddH5+S68+X4TSc=", "owner": "vicinaehq", "repo": "vicinae", - "rev": "aab965dcf29529c5fab67b9c2fb5f8168f76fa1b", + "rev": "934bc0ad47be6dbd6498a0dac655c4613fd0ab27", "type": "github" }, "original": { @@ -1271,11 +1271,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1767830382, - "narHash": "sha256-0PgS7M1SV6JCN3MugFZPaP8J+Mr2o7lSDFTPVYZSIAY=", + "lastModified": 1768765571, + "narHash": "sha256-C1JbyJ3ftogmN3vmLNfyPtnJw2wY64TiUTIhFtk1Leg=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "74cf1a95a35fd7aec76432bc2cd9b310e0d908c5", + "rev": "ed1cef792b4def3321ff9ab5479df09609f17a69", "type": "github" }, "original": { @@ -1290,11 +1290,11 @@ "nixpkgs": "nixpkgs_12" }, "locked": { - "lastModified": 1767763594, - "narHash": "sha256-5ysv8EuVAgDoYmNuXEUNf7vBzdeRaFxeIlIndv5HMvs=", + "lastModified": 1768919538, + "narHash": "sha256-w10iy/aqd5LtD78NDWWG+eKGzkb+cGhAAo7PVciLbWE=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "8b2302d8c10369c9135552cc892da75cff5ddb03", + "rev": "37149a5b77e8fd2b5332e8cec9edf39ca5b8e8bc", "type": "github" }, "original": { From 815524d513a3d807bd9e0d2e9414e27c05cb2bf2 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 26 Jan 2026 17:40:31 -0300 Subject: [PATCH 062/138] add hytale --- hosts/modules/gaming.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/hosts/modules/gaming.nix b/hosts/modules/gaming.nix index 5aef14e..00a4ffa 100644 --- a/hosts/modules/gaming.nix +++ b/hosts/modules/gaming.nix @@ -31,5 +31,13 @@ "io.mrarm.mcpelauncher" "net.retrodeck.retrodeck" "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08" + rec { + appId = "com.hypixel.HytaleLauncher"; + sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv"; + bundle = "${pkgs.fetchurl { + url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak"; + inherit sha256; + }}"; + } ]; } From c6c444ae8f1d82a0a2a0c78ed72c24b9e8bb2e90 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 28 Jan 2026 18:41:52 -0300 Subject: [PATCH 063/138] updaet some apckage names --- hosts/modules/desktop/desktop.nix | 9 +-------- hosts/modules/gaming.nix | 2 +- users/modules/desktop/desktop.nix | 6 ++++-- users/modules/gaming.nix | 32 +++++++++++++++++++++++++++++-- 4 files changed, 36 insertions(+), 13 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index cbb4fa0..7510c02 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -86,14 +86,7 @@ enable = true; packages = [ ### Office & Productivity ### - rec { - appId = "com.collabora.Office"; - sha256 = "1im6s8p6wvj2hblr4mhn1g2rry77giccsi6mk76nk8d6bjp1fwa4"; - bundle = "${pkgs.fetchurl { - url = "https://cdn.collaboraoffice.com/collaboraoffice-v25.04.7.2_final.flatpak"; - inherit sha256; - }}"; - } + "com.collabora.Office" ### Graphics & Design ### "com.boxy_svg.BoxySVG" rec { diff --git a/hosts/modules/gaming.nix b/hosts/modules/gaming.nix index 00a4ffa..0f00fe3 100644 --- a/hosts/modules/gaming.nix +++ b/hosts/modules/gaming.nix @@ -30,7 +30,7 @@ "io.itch.itch" "io.mrarm.mcpelauncher" "net.retrodeck.retrodeck" - "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08" + "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08" rec { appId = "com.hypixel.HytaleLauncher"; sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv"; diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index 0d95c56..fd3d306 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -13,11 +13,13 @@ services.vicinae = { enable = true; - autoStart = true; + systemd = { + enable = true; + autoStart = true; + }; }; programs = { - ghostty = { enable = true; settings = { diff --git a/users/modules/gaming.nix b/users/modules/gaming.nix index df33b11..48825ab 100644 --- a/users/modules/gaming.nix +++ b/users/modules/gaming.nix @@ -1,5 +1,33 @@ -{ ... }: +{ config, ... }: { - programs.mangohud.enable = true; + programs.mangohud = { + enable = true; + enableSessionWide = true; + settings = { + position = "top-left"; + fps = true; + frametime = false; + frame_timing = false; + gpu_stats = true; + gpu_temp = true; + gpu_power = true; + cpu_stats = true; + cpu_temp = true; + cpu_power = true; + ram = true; + vram = true; + gamemode = false; + vkbasalt = false; + version = false; + engine_version = false; + vulkan_driver = false; + wine = false; + time = false; + fps_sampling_period = 500; + toggle_hud = "Shift_L+F12"; + toggle_logging = "Ctrl_L+F2"; + output_folder = "${config.home.homeDirectory}/.local/share/mangohud"; + }; + }; } From a4698d2a6287d9207e4ef16fbf13ebf2274fad46 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 1 Feb 2026 19:44:19 -0300 Subject: [PATCH 064/138] libvirt for io --- nixosConfigurations.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index 43a0bba..8367438 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -30,6 +30,7 @@ in "bluetooth" "dev" "ephemeral" + "libvirtd" "networkmanager" "podman" ]; From dd3f08827a18a8386899ad76433448232285b368 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 14:34:11 -0300 Subject: [PATCH 065/138] niri overview wallpaper --- users/modules/desktop/niri.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 0cb5db8..58a7aaf 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -106,11 +106,7 @@ in spawn-at-startup "noctalia-shell" "-d" layer-rule { - match namespace="^wallpaper$" - place-within-backdrop true - } - layer-rule { - match namespace="^quickshell-overview$" + match namespace="^noctalia-overview*" place-within-backdrop true } From 2c2eba13997184aaea74ba58b25175940fe2de83 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 14:34:47 -0300 Subject: [PATCH 066/138] stylix: everything should be opaque --- users/modules/stylix.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix index f1c7e44..6b34e43 100644 --- a/users/modules/stylix.nix +++ b/users/modules/stylix.nix @@ -28,7 +28,7 @@ }; opacity = { applications = 1.0; - desktop = 0.8; + desktop = 1.0; popups = config.stylix.opacity.desktop; terminal = 1.0; }; From b94d17d05d18aa9ddc00759f79cf344077d4d04f Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:05 -0300 Subject: [PATCH 067/138] add aspects/constants.nix Defines flake options for hosts, services, and lib utilities. Services are automatically enriched with host IP information. Co-Authored-By: Claude Opus 4.5 --- aspects/constants.nix | 166 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 166 insertions(+) create mode 100644 aspects/constants.nix diff --git a/aspects/constants.nix b/aspects/constants.nix new file mode 100644 index 0000000..633cff6 --- /dev/null +++ b/aspects/constants.nix @@ -0,0 +1,166 @@ +{ lib, config, ... }: + +let + # Host submodule type + hostType = lib.types.submodule { + options = { + lanIP = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "LAN IP address for the host"; + }; + tailscaleIP = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Tailscale IP address for the host"; + }; + }; + }; + + # Service submodule type + serviceType = lib.types.submodule { + options = { + name = lib.mkOption { + type = lib.types.str; + description = "Service name"; + }; + domain = lib.mkOption { + type = lib.types.str; + description = "Domain name for the service"; + }; + host = lib.mkOption { + type = lib.types.str; + description = "Host where the service runs"; + }; + public = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether the service is publicly accessible"; + }; + lanIP = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "LAN IP address (inherited from host)"; + }; + tailscaleIP = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Tailscale IP address (inherited from host)"; + }; + }; + }; + + # Raw services list before enrichment + rawServices = [ + { + name = "kanidm"; + domain = "auth.baduhai.dev"; + host = "alexandria"; + } + { + name = "vaultwarden"; + domain = "pass.baduhai.dev"; + host = "alexandria"; + } + { + name = "forgejo"; + domain = "git.baduhai.dev"; + host = "trantor"; + public = true; + } + { + name = "nextcloud"; + domain = "cloud.baduhai.dev"; + host = "alexandria"; + } + { + name = "jellyfin"; + domain = "jellyfin.baduhai.dev"; + host = "alexandria"; + } + ]; + + # Enrich services with host IP information + enrichServices = hosts: services: + map (svc: + let + hostInfo = hosts.${svc.host} or {}; + in + svc // { + lanIP = hostInfo.lanIP or null; + tailscaleIP = hostInfo.tailscaleIP or null; + } + ) services; + +in +{ + options.flake = { + hosts = lib.mkOption { + type = lib.types.attrsOf hostType; + default = {}; + description = "Host definitions with IP addresses"; + }; + + services = lib.mkOption { + type = lib.types.listOf serviceType; + default = []; + description = "Service definitions with enriched host information"; + }; + + lib = lib.mkOption { + type = lib.types.attrsOf lib.types.raw; + default = {}; + description = "Utility functions for flake configuration"; + }; + }; + + config.flake = { + hosts = { + alexandria = { + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + }; + trantor = { + tailscaleIP = "100.108.5.90"; + }; + }; + + services = enrichServices config.flake.hosts rawServices; + + lib = { + # Nginx virtual host utilities + mkNginxVHosts = { domains }: + let + mkVHostConfig = domain: vhostConfig: + lib.recursiveUpdate { + useACMEHost = domain; + forceSSL = true; + kTLS = true; + } vhostConfig; + in + lib.mapAttrs mkVHostConfig domains; + + # Split DNS utilities for unbound + # Generates unbound view config from a list of DNS entries + mkSplitDNS = entries: + let + tailscaleData = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') entries; + lanData = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') entries; + in + [ + { + name = "tailscale"; + view-first = true; + local-zone = ''"baduhai.dev." transparent''; + local-data = tailscaleData; + } + { + name = "lan"; + view-first = true; + local-zone = ''"baduhai.dev." transparent''; + local-data = lanData; + } + ]; + }; + }; +} From 0f193778c2f38ee554a8847aafa854ec4e586ee3 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:22 -0300 Subject: [PATCH 068/138] add aspects/common/ NixOS modules Migrates common NixOS configuration to dendritic aspect pattern: boot, console, firewall, locale, nix, openssh, programs, security, services, tailscale, users Co-Authored-By: Claude Opus 4.5 --- aspects/common/boot.nix | 21 ++++++++++++++++++ aspects/common/console.nix | 9 ++++++++ aspects/common/firewall.nix | 9 ++++++++ aspects/common/locale.nix | 22 +++++++++++++++++++ aspects/common/nix.nix | 39 ++++++++++++++++++++++++++++++++++ aspects/common/openssh.nix | 12 +++++++++++ aspects/common/programs.nix | 41 ++++++++++++++++++++++++++++++++++++ aspects/common/security.nix | 14 ++++++++++++ aspects/common/services.nix | 10 +++++++++ aspects/common/tailscale.nix | 9 ++++++++ aspects/common/users.nix | 25 ++++++++++++++++++++++ 11 files changed, 211 insertions(+) create mode 100644 aspects/common/boot.nix create mode 100644 aspects/common/console.nix create mode 100644 aspects/common/firewall.nix create mode 100644 aspects/common/locale.nix create mode 100644 aspects/common/nix.nix create mode 100644 aspects/common/openssh.nix create mode 100644 aspects/common/programs.nix create mode 100644 aspects/common/security.nix create mode 100644 aspects/common/services.nix create mode 100644 aspects/common/tailscale.nix create mode 100644 aspects/common/users.nix diff --git a/aspects/common/boot.nix b/aspects/common/boot.nix new file mode 100644 index 0000000..109d6f2 --- /dev/null +++ b/aspects/common/boot.nix @@ -0,0 +1,21 @@ +{ ... }: +{ + flake.modules.nixos.common-boot = { pkgs, ... }: { + boot = { + loader = { + timeout = 1; + efi.canTouchEfiVariables = true; + systemd-boot = { + enable = true; + editor = false; + consoleMode = "max"; + sortKey = "aa"; + netbootxyz = { + enable = true; + sortKey = "zz"; + }; + }; + }; + }; + }; +} diff --git a/aspects/common/console.nix b/aspects/common/console.nix new file mode 100644 index 0000000..6f6be9f --- /dev/null +++ b/aspects/common/console.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + flake.modules.nixos.common-console = { ... }: { + console = { + useXkbConfig = true; + earlySetup = true; + }; + }; +} diff --git a/aspects/common/firewall.nix b/aspects/common/firewall.nix new file mode 100644 index 0000000..af1a8f7 --- /dev/null +++ b/aspects/common/firewall.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + flake.modules.nixos.common-firewall = { ... }: { + networking = { + firewall.enable = true; + nftables.enable = true; + }; + }; +} diff --git a/aspects/common/locale.nix b/aspects/common/locale.nix new file mode 100644 index 0000000..2b91759 --- /dev/null +++ b/aspects/common/locale.nix @@ -0,0 +1,22 @@ +{ ... }: +{ + flake.modules.nixos.common-locale = { ... }: { + time.timeZone = "America/Bahia"; + + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocaleSettings = { + LC_ADDRESS = "pt_BR.utf8"; + LC_COLLATE = "pt_BR.utf8"; + LC_IDENTIFICATION = "pt_BR.utf8"; + LC_MEASUREMENT = "pt_BR.utf8"; + LC_MONETARY = "pt_BR.utf8"; + LC_NAME = "pt_BR.utf8"; + LC_NUMERIC = "pt_BR.utf8"; + LC_PAPER = "pt_BR.utf8"; + LC_TELEPHONE = "pt_BR.utf8"; + LC_TIME = "en_IE.utf8"; + }; + }; + }; +} diff --git a/aspects/common/nix.nix b/aspects/common/nix.nix new file mode 100644 index 0000000..414c315 --- /dev/null +++ b/aspects/common/nix.nix @@ -0,0 +1,39 @@ +{ ... }: +{ + flake.modules.nixos.common-nix = { inputs, ... }: { + imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; + + nix = { + settings = { + auto-optimise-store = true; + connect-timeout = 10; + log-lines = 25; + min-free = 128000000; + max-free = 1000000000; + trusted-users = [ "@wheel" ]; + }; + extraOptions = "experimental-features = nix-command flakes"; + gc = { + automatic = true; + options = "--delete-older-than 8d"; + }; + }; + + nixpkgs.config = { + allowUnfree = true; + enableParallelBuilding = true; + buildManPages = false; + buildDocs = false; + }; + + services.nixos-cli = { + enable = true; + config = { + use_nvd = true; + ignore_dirty_tree = true; + }; + }; + + system.stateVersion = "22.11"; + }; +} diff --git a/aspects/common/openssh.nix b/aspects/common/openssh.nix new file mode 100644 index 0000000..c515d81 --- /dev/null +++ b/aspects/common/openssh.nix @@ -0,0 +1,12 @@ +{ ... }: +{ + flake.modules.nixos.common-openssh = { ... }: { + services.openssh = { + enable = true; + settings.PermitRootLogin = "no"; + extraConfig = '' + PrintLastLog no + ''; + }; + }; +} diff --git a/aspects/common/programs.nix b/aspects/common/programs.nix new file mode 100644 index 0000000..a3233e9 --- /dev/null +++ b/aspects/common/programs.nix @@ -0,0 +1,41 @@ +{ ... }: +{ + flake.modules.nixos.common-programs = { lib, pkgs, ... }: { + environment = { + systemPackages = with pkgs; [ + ### Dev Tools ### + git + ### System Utilities ### + btop + fastfetch + helix + nixos-firewall-tool + nvd + sysz + tmux + wget + yazi + ]; + shellAliases = { + cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; + ls = "${lib.getExe pkgs.eza} --icons --group-directories-first"; + tree = "ls --tree"; + }; + }; + + programs = { + command-not-found.enable = false; + fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + if set -q SSH_CONNECTION + export TERM=xterm-256color + clear + fastfetch + end + ''; + }; + }; + }; +} diff --git a/aspects/common/security.nix b/aspects/common/security.nix new file mode 100644 index 0000000..b63074b --- /dev/null +++ b/aspects/common/security.nix @@ -0,0 +1,14 @@ +{ ... }: +{ + flake.modules.nixos.common-security = { ... }: { + security = { + unprivilegedUsernsClone = true; # Needed for rootless podman + sudo = { + wheelNeedsPassword = false; + extraConfig = '' + Defaults lecture = never + ''; + }; + }; + }; +} diff --git a/aspects/common/services.nix b/aspects/common/services.nix new file mode 100644 index 0000000..befdbb9 --- /dev/null +++ b/aspects/common/services.nix @@ -0,0 +1,10 @@ +{ ... }: +{ + flake.modules.nixos.common-services = { ... }: { + services = { + dbus.implementation = "broker"; + irqbalance.enable = true; + fstrim.enable = true; + }; + }; +} diff --git a/aspects/common/tailscale.nix b/aspects/common/tailscale.nix new file mode 100644 index 0000000..13eb82a --- /dev/null +++ b/aspects/common/tailscale.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + flake.modules.nixos.common-tailscale = { ... }: { + services.tailscale = { + enable = true; + extraUpFlags = [ "--operator=user" ]; + }; + }; +} diff --git a/aspects/common/users.nix b/aspects/common/users.nix new file mode 100644 index 0000000..e911663 --- /dev/null +++ b/aspects/common/users.nix @@ -0,0 +1,25 @@ +{ ... }: +{ + flake.modules.nixos.common-users = { pkgs, ... }: { + users.users = { + user = { + isNormalUser = true; + shell = pkgs.fish; + extraGroups = [ + "networkmanager" + "wheel" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + ]; + hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; + }; + root = { + shell = pkgs.fish; + hashedPassword = "!"; + }; + }; + }; +} From 37f2d5f64a7b4c4ccb342b35c2d3761537cc3aad Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:22 -0300 Subject: [PATCH 069/138] add aspects/desktop/ modules Desktop-specific NixOS and home-manager configuration: boot, desktop, niri, nix, services Co-Authored-By: Claude Opus 4.5 --- aspects/desktop/boot.nix | 30 ++++ aspects/desktop/desktop.nix | 292 +++++++++++++++++++++++++++++++++++ aspects/desktop/niri.nix | 220 ++++++++++++++++++++++++++ aspects/desktop/nix.nix | 17 ++ aspects/desktop/services.nix | 19 +++ 5 files changed, 578 insertions(+) create mode 100644 aspects/desktop/boot.nix create mode 100644 aspects/desktop/desktop.nix create mode 100644 aspects/desktop/niri.nix create mode 100644 aspects/desktop/nix.nix create mode 100644 aspects/desktop/services.nix diff --git a/aspects/desktop/boot.nix b/aspects/desktop/boot.nix new file mode 100644 index 0000000..bd98184 --- /dev/null +++ b/aspects/desktop/boot.nix @@ -0,0 +1,30 @@ +{ inputs, ... }: +{ + flake.modules.nixos.desktop-boot = { config, lib, pkgs, ... }: { + # Import parent aspect for inheritance + imports = [ inputs.self.modules.nixos.common-boot ]; + + boot = { + plymouth.enable = true; + initrd.systemd.enable = true; + loader.efi.efiSysMountPoint = "/boot/efi"; + kernelPackages = pkgs.linuxPackages_xanmod_latest; + extraModprobeConfig = '' + options bluetooth disable_ertm=1 + ''; + kernel.sysctl = { + "net.ipv4.tcp_mtu_probing" = 1; + }; + kernelParams = [ + "quiet" + "splash" + "i2c-dev" + "i2c-piix4" + "loglevel=3" + "udev.log_priority=3" + "rd.udev.log_level=3" + "rd.systemd.show_status=false" + ]; + }; + }; +} diff --git a/aspects/desktop/desktop.nix b/aspects/desktop/desktop.nix new file mode 100644 index 0000000..f2298e7 --- /dev/null +++ b/aspects/desktop/desktop.nix @@ -0,0 +1,292 @@ +{ + inputs, + ... +}: +{ + flake.modules = { + nixos.desktop-desktop = { config, lib, pkgs, ... }: { + imports = [ + inputs.niri-flake.nixosModules.niri + inputs.nix-flatpak.nixosModules.nix-flatpak + ]; + + environment = { + sessionVariables = { + KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir + NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland + }; + systemPackages = with pkgs; [ + ### Web ### + bitwarden-desktop + fragments + nextcloud-client + tor-browser + vesktop + inputs.zen-browser.packages."${system}".default + ### Office & Productivity ### + aspell + aspellDicts.de + aspellDicts.en + aspellDicts.en-computers + aspellDicts.pt_BR + papers + presenterm + rnote + ### Graphics & Design ### + gimp + inkscape + plasticity + ### System Utilities ### + adwaita-icon-theme + ghostty + gnome-disk-utility + junction + libfido2 + mission-center + nautilus + p7zip + rclone + toggleaudiosink + unrar + ### Media ### + decibels + loupe + obs-studio + showtime + ]; + }; + + services = { + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + wireplumber.enable = true; + }; + greetd = { + enable = true; + settings = { + default_session = { + command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; + user = "greeter"; + }; + } + // lib.optionalAttrs (config.networking.hostName == "io") { + initial_session = { + command = "${config.programs.niri.package}/bin/niri-session"; + user = "user"; + }; + }; + }; + flatpak = { + enable = true; + packages = [ + ### Office & Productivity ### + "com.collabora.Office" + ### Graphics & Design ### + "com.boxy_svg.BoxySVG" + rec { + appId = "io.github.softfever.OrcaSlicer"; + sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; + bundle = "${pkgs.fetchurl { + url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; + inherit sha256; + }}"; + } + ### System Utilities ### + "com.github.tchx84.Flatseal" + "com.rustdesk.RustDesk" + ]; + uninstallUnmanaged = true; + update.auto.enable = true; + }; + gvfs.enable = true; + }; + + security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority + + users = { + users.greeter = { + isSystemUser = true; + group = "greeter"; + }; + groups.greeter = { }; + }; + + programs = { + niri = { + enable = true; + package = inputs.niri.packages.${pkgs.system}.niri; + }; + kdeconnect = { + enable = true; + package = pkgs.valent; + }; + dconf.enable = true; + appimage = { + enable = true; + binfmt = true; + }; + }; + + niri-flake.cache.enable = false; + + fonts = { + fontDir.enable = true; + packages = with pkgs; [ + corefonts + inter + nerd-fonts.fira-code + noto-fonts-cjk-sans + noto-fonts-color-emoji + roboto + ]; + }; + + xdg.portal = { + extraPortals = with pkgs; [ + xdg-desktop-portal-gnome + xdg-desktop-portal-gtk + ]; + config = { + common.default = "*"; + niri.default = [ + "gtk" + "gnome" + ]; + }; + }; + }; + + homeManager.desktop-desktop = { config, lib, pkgs, inputs, ... }: { + imports = [ inputs.vicinae.homeManagerModules.default ]; + + fonts.fontconfig.enable = true; + + home.packages = with pkgs; [ xwayland-satellite ]; + + services.vicinae = { + enable = true; + systemd = { + enable = true; + autoStart = true; + }; + }; + + programs = { + ghostty = { + enable = true; + settings = { + cursor-style = "block"; + shell-integration-features = "no-cursor"; + cursor-style-blink = false; + custom-shader = "${builtins.fetchurl { + url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; + sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; + }}"; + bell-features = ""; + gtk-titlebar-style = "tabs"; + keybind = [ "shift+enter=text:\\x1b\\r" ]; + }; + }; + + password-store = { + enable = true; + package = pkgs.pass-wayland; + }; + }; + + xdg = { + enable = true; + userDirs.enable = true; + mimeApps = { + enable = true; + defaultApplications = { + "text/html" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/http" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/https" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/about" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/unknown" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "image/jpeg" = "org.gnome.Loupe.desktop"; + "image/png" = "org.gnome.Loupe.desktop"; + "image/gif" = "org.gnome.Loupe.desktop"; + "image/webp" = "org.gnome.Loupe.desktop"; + "image/bmp" = "org.gnome.Loupe.desktop"; + "image/svg+xml" = "org.gnome.Loupe.desktop"; + "image/tiff" = "org.gnome.Loupe.desktop"; + "video/mp4" = "io.bassi.Showtime.desktop"; + "video/x-matroska" = "io.bassi.Showtime.desktop"; + "video/webm" = "io.bassi.Showtime.desktop"; + "video/mpeg" = "io.bassi.Showtime.desktop"; + "video/x-msvideo" = "io.bassi.Showtime.desktop"; + "video/quicktime" = "io.bassi.Showtime.desktop"; + "video/x-flv" = "io.bassi.Showtime.desktop"; + "audio/mpeg" = "io.bassi.Showtime.desktop"; + "audio/flac" = "io.bassi.Showtime.desktop"; + "audio/ogg" = "io.bassi.Showtime.desktop"; + "audio/wav" = "io.bassi.Showtime.desktop"; + "audio/mp4" = "io.bassi.Showtime.desktop"; + "audio/x-opus+ogg" = "io.bassi.Showtime.desktop"; + "application/pdf" = [ + "org.gnome.Papers.desktop" + "zen-browser.desktop" + ]; + "text/plain" = "Helix.desktop"; + "text/markdown" = "Helix.desktop"; + "text/x-log" = "Helix.desktop"; + "application/x-shellscript" = "Helix.desktop"; + "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = + "com.collabora.Office.desktop"; # DOCX + "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = + "com.collabora.Office.desktop"; # XLSX + "application/vnd.openxmlformats-officedocument.presentationml.presentation" = + "com.collabora.Office.desktop"; # PPTX + "application/vnd.oasis.opendocument.text" = "com.collabora.Office.desktop"; # ODT + "application/vnd.oasis.opendocument.spreadsheet" = "com.collabora.Office.desktop"; # ODS + "application/vnd.oasis.opendocument.presentation" = "com.collabora.Office.desktop"; # ODP + "application/msword" = "com.collabora.Office.desktop"; # DOC + "application/vnd.ms-excel" = "com.collabora.Office.desktop"; # XLS + "application/vnd.ms-powerpoint" = "com.collabora.Office.desktop"; # PPT + "application/zip" = "org.gnome.FileRoller.desktop"; + "application/x-tar" = "org.gnome.FileRoller.desktop"; + "application/x-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-bzip-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-xz-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-7z-compressed" = "org.gnome.FileRoller.desktop"; + "application/x-rar" = "org.gnome.FileRoller.desktop"; + "application/gzip" = "org.gnome.FileRoller.desktop"; + "application/x-bzip" = "org.gnome.FileRoller.desktop"; + "inode/directory" = "org.gnome.Nautilus.desktop"; + }; + }; + }; + + # Set Ghostty as default terminal + home.sessionVariables = { + TERMINAL = "ghostty"; + }; + }; + }; +} diff --git a/aspects/desktop/niri.nix b/aspects/desktop/niri.nix new file mode 100644 index 0000000..6458ab0 --- /dev/null +++ b/aspects/desktop/niri.nix @@ -0,0 +1,220 @@ +{ ... }: +{ + flake.modules.homeManager.desktop-niri = { config, lib, pkgs, inputs, hostname ? null, ... }: + let + isRotterdam = hostname == "rotterdam"; + in + { + imports = [ inputs.noctalia.homeModules.default ]; + + services.kanshi = { + enable = true; + settings = [ + { + profile.name = "default"; + profile.outputs = [ + { + criteria = "*"; + scale = 1.0; + } + ]; + } + ]; + }; + + home = { + packages = with pkgs; [ + xwayland-satellite + inputs.noctalia.packages.${pkgs.system}.default + ]; + sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; + }; + + xdg.configFile."niri/config.kdl".text = '' + input { + keyboard { + xkb { + layout "us" + variant "altgr-intl" + } + } + touchpad { + tap + dwt + drag true + drag-lock + natural-scroll + accel-speed 0.2 + accel-profile "flat" + scroll-method "two-finger" + middle-emulation + } + mouse { + natural-scroll + accel-speed 0.2 + accel-profile "flat" + } + warp-mouse-to-focus mode="center-xy" + focus-follows-mouse + } + + layout { + gaps 8 + center-focused-column "never" + auto-center-when-space-available + preset-column-widths { + ${ + if isRotterdam then + '' + proportion 0.33333 + proportion 0.5 + proportion 0.66667 + '' + else + '' + proportion 0.5 + proportion 1.0 + '' + } + } + default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } + focus-ring { + off + } + border { + width 4 + active-color "#ffc87f" + inactive-color "#505050" + urgent-color "#9b0000" + } + tab-indicator { + width 4 + gap 4 + place-within-column + } + } + + overview { + zoom 0.65 + } + + spawn-at-startup "noctalia-shell" "-d" + layer-rule { + match namespace="^noctalia-overview*" + place-within-backdrop true + } + + hotkey-overlay { + skip-at-startup + } + + prefer-no-csd + screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" + + animations { + slowdown 0.3 + } + + window-rule { + match app-id="zen" + default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; } + } + + window-rule { + geometry-corner-radius 12 + clip-to-geometry true + } + + config-notification { + disable-failed + } + + binds { + Alt+Space repeat=false { spawn "vicinae" "toggle"; } + XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; } + XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; } + XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; } + XF86MonBrightnessUp allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "increase"; } + XF86MonBrightnessDown allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "decrease"; } + XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; } + XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } + XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } + XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } + Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; } + Mod+Shift+L repeat=false { spawn "noctalia-shell" "ipc" "call" "lockScreen" "lock"; } + Mod+Return { spawn "ghostty"; } + Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } + Mod+W repeat=false { toggle-overview; } + Mod+Q { close-window; } + Alt+Shift+Q { close-window;} + Mod+Shift+Q { close-window; } + Alt+F4 { close-window; } + Mod+Left { focus-column-left; } + Mod+Down { focus-window-or-workspace-down; } + Mod+Up { focus-window-or-workspace-up; } + Mod+Right { focus-column-right; } + Mod+H { focus-column-left; } + Mod+L { focus-column-right; } + Mod+J { focus-window-or-workspace-down; } + Mod+K { focus-window-or-workspace-up; } + Mod+Ctrl+Left { move-column-left; } + Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } + Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } + Mod+Ctrl+Right { move-column-right; } + Mod+Ctrl+H { move-column-left; } + Mod+Ctrl+J { move-window-down-or-to-workspace-down; } + Mod+Ctrl+K { move-window-up-or-to-workspace-up; } + Mod+Ctrl+L { move-column-right; } + Mod+Home { focus-column-first; } + Mod+End { focus-column-last; } + Mod+Ctrl+Home { move-column-to-first; } + Mod+Ctrl+End { move-column-to-last; } + Mod+Alt+Left { focus-monitor-left; } + Mod+Alt+Down { focus-monitor-down; } + Mod+Alt+Up { focus-monitor-up; } + Mod+Alt+Right { focus-monitor-right; } + Mod+Alt+H { focus-monitor-left; } + Mod+Alt+J { focus-monitor-down; } + Mod+Alt+K { focus-monitor-up; } + Mod+Alt+L { focus-monitor-right; } + Mod+Alt+Ctrl+Left { move-column-to-monitor-left; } + Mod+Alt+Ctrl+Down { move-column-to-monitor-down; } + Mod+Alt+Ctrl+Up { move-column-to-monitor-up; } + Mod+Alt+Ctrl+Right { move-column-to-monitor-right; } + Mod+Alt+Ctrl+H { move-column-to-monitor-left; } + Mod+Alt+Ctrl+J { move-column-to-monitor-down; } + Mod+Alt+Ctrl+K { move-column-to-monitor-up; } + Mod+Alt+Ctrl+L { move-column-to-monitor-right; } + Mod+Ctrl+U { move-workspace-down; } + Mod+Ctrl+I { move-workspace-up; } + Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; } + Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; } + Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; } + Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; } + Mod+Shift+WheelScrollDown { focus-column-right; } + Mod+Shift+WheelScrollUp { focus-column-left; } + Mod+Ctrl+Shift+WheelScrollDown { move-column-right; } + Mod+Ctrl+Shift+WheelScrollUp { move-column-left; } + Mod+BracketLeft { consume-or-expel-window-left; } + Mod+BracketRight { consume-or-expel-window-right; } + Mod+Comma { consume-window-into-column; } + Mod+Period { expel-window-from-column; } + Mod+R { switch-preset-column-width; } + Mod+F { maximize-column; } + Mod+Ctrl+F { fullscreen-window; } + Mod+C { center-visible-columns; } + Mod+Ctrl+C { center-column; } + Mod+Space { toggle-window-floating; } + Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; } + Mod+T { toggle-column-tabbed-display; } + Print { screenshot-screen; } + Mod+Print { screenshot; } + Ctrl+Print { screenshot-window; } + Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } + Mod+Alt+E { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } + Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } + Mod+Ctrl+P { power-off-monitors; } + } + ''; + }; +} diff --git a/aspects/desktop/nix.nix b/aspects/desktop/nix.nix new file mode 100644 index 0000000..67cfa11 --- /dev/null +++ b/aspects/desktop/nix.nix @@ -0,0 +1,17 @@ +{ inputs, ... }: +{ + flake.modules.nixos.desktop-nix = { config, lib, pkgs, ... }: { + # Import parent aspect for inheritance + imports = [ inputs.self.modules.nixos.common-nix ]; + + environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; + + nix = { + registry.nixpkgs.flake = inputs.nixpkgs; + nixPath = [ + "nixpkgs=${inputs.nixpkgs}" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; + }; +} diff --git a/aspects/desktop/services.nix b/aspects/desktop/services.nix new file mode 100644 index 0000000..59f0a56 --- /dev/null +++ b/aspects/desktop/services.nix @@ -0,0 +1,19 @@ +{ inputs, ... }: +{ + flake.modules.nixos.desktop-services = { config, lib, pkgs, ... }: { + # Import parent aspect for inheritance + imports = [ inputs.self.modules.nixos.common-services ]; + + services = { + printing.enable = true; + udev.packages = with pkgs; [ yubikey-personalization ]; + keyd = { + enable = true; + keyboards.all = { + ids = [ "*" ]; + settings.main.capslock = "overload(meta, esc)"; + }; + }; + }; + }; +} From f5c44965a887e7e951041727ba86805a8638e735 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:22 -0300 Subject: [PATCH 070/138] add aspects/server/ NixOS modules Server-specific NixOS configuration: boot, nix, tailscale Co-Authored-By: Claude Opus 4.5 --- aspects/server/boot.nix | 10 ++++++++++ aspects/server/nix.nix | 18 ++++++++++++++++++ aspects/server/tailscale.nix | 18 ++++++++++++++++++ 3 files changed, 46 insertions(+) create mode 100644 aspects/server/boot.nix create mode 100644 aspects/server/nix.nix create mode 100644 aspects/server/tailscale.nix diff --git a/aspects/server/boot.nix b/aspects/server/boot.nix new file mode 100644 index 0000000..68397f2 --- /dev/null +++ b/aspects/server/boot.nix @@ -0,0 +1,10 @@ +# aspects/server/boot.nix +{ inputs, ... }: +{ + flake.modules.nixos.server-boot = { config, lib, pkgs, ... }: { + # Import parent aspect for inheritance + imports = [ inputs.self.modules.nixos.common-boot ]; + + boot.kernelPackages = pkgs.linuxPackages_hardened; + }; +} diff --git a/aspects/server/nix.nix b/aspects/server/nix.nix new file mode 100644 index 0000000..b22565c --- /dev/null +++ b/aspects/server/nix.nix @@ -0,0 +1,18 @@ +# aspects/server/nix.nix +{ inputs, ... }: +{ + flake.modules.nixos.server-nix = { config, lib, pkgs, ... }: { + # Import parent aspect for inheritance + imports = [ inputs.self.modules.nixos.common-nix ]; + + environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; + + nix = { + registry.nixpkgs.flake = inputs.nixpkgs-stable; + nixPath = [ + "nixpkgs=/etc/channels/nixpkgs" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; + }; +} diff --git a/aspects/server/tailscale.nix b/aspects/server/tailscale.nix new file mode 100644 index 0000000..433494c --- /dev/null +++ b/aspects/server/tailscale.nix @@ -0,0 +1,18 @@ +# aspects/server/tailscale.nix +{ inputs, ... }: +{ + flake.modules.nixos.server-tailscale = { config, lib, pkgs, ... }: { + # Import parent aspect for inheritance + imports = [ inputs.self.modules.nixos.common-tailscale ]; + + services.tailscale = { + extraSetFlags = [ "--advertise-exit-node" ]; + useRoutingFeatures = "server"; + }; + + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + }; + }; +} From a2f013c5297607c15db65e0d15db6fbb7d0ceddb Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:30 -0300 Subject: [PATCH 071/138] add aspects/cli/ home-manager modules CLI tool configurations: btop, comma, direnv, helix, hm-cli, starship, tmux Co-Authored-By: Claude Opus 4.5 --- aspects/cli/btop.nix | 13 +++++++++++ aspects/cli/comma.nix | 8 +++++++ aspects/cli/direnv.nix | 9 ++++++++ aspects/cli/helix.nix | 50 ++++++++++++++++++++++++++++++++++++++++ aspects/cli/hm-cli.nix | 11 +++++++++ aspects/cli/starship.nix | 41 ++++++++++++++++++++++++++++++++ aspects/cli/tmux.nix | 12 ++++++++++ 7 files changed, 144 insertions(+) create mode 100644 aspects/cli/btop.nix create mode 100644 aspects/cli/comma.nix create mode 100644 aspects/cli/direnv.nix create mode 100644 aspects/cli/helix.nix create mode 100644 aspects/cli/hm-cli.nix create mode 100644 aspects/cli/starship.nix create mode 100644 aspects/cli/tmux.nix diff --git a/aspects/cli/btop.nix b/aspects/cli/btop.nix new file mode 100644 index 0000000..09a815e --- /dev/null +++ b/aspects/cli/btop.nix @@ -0,0 +1,13 @@ +{ ... }: +{ + flake.modules.homeManager.cli-btop = { config, lib, pkgs, ... }: { + programs.btop = { + enable = true; + settings = { + theme_background = false; + proc_sorting = "cpu direct"; + update_ms = 500; + }; + }; + }; +} diff --git a/aspects/cli/comma.nix b/aspects/cli/comma.nix new file mode 100644 index 0000000..b8e6c2a --- /dev/null +++ b/aspects/cli/comma.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + flake.modules.homeManager.cli-comma = { config, lib, pkgs, inputs, ... }: { + imports = [ inputs.nix-index-database.homeModules.nix-index ]; + + programs.nix-index-database.comma.enable = true; + }; +} diff --git a/aspects/cli/direnv.nix b/aspects/cli/direnv.nix new file mode 100644 index 0000000..4399283 --- /dev/null +++ b/aspects/cli/direnv.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + flake.modules.homeManager.cli-direnv = { config, lib, pkgs, ... }: { + programs.direnv = { + enable = true; + nix-direnv.enable = true; + }; + }; +} diff --git a/aspects/cli/helix.nix b/aspects/cli/helix.nix new file mode 100644 index 0000000..1fa2baf --- /dev/null +++ b/aspects/cli/helix.nix @@ -0,0 +1,50 @@ +{ ... }: +{ + flake.modules.homeManager.cli-helix = { config, lib, pkgs, ... }: { + home.sessionVariables = { + EDITOR = "hx"; + }; + + programs.helix = { + enable = true; + settings = { + editor = { + file-picker.hidden = false; + idle-timeout = 0; + line-number = "relative"; + cursor-shape = { + normal = "underline"; + insert = "bar"; + select = "underline"; + }; + soft-wrap.enable = true; + auto-format = true; + indent-guides.render = true; + }; + keys.normal = { + space = { + o = "file_picker_in_current_buffer_directory"; + esc = [ + "collapse_selection" + "keep_primary_selection" + ]; + }; + }; + }; + languages = { + language = [ + { + name = "nix"; + auto-format = true; + formatter.command = "nixfmt"; + } + { + name = "typst"; + auto-format = true; + formatter.command = "typstyle -c 1000 -i"; + } + ]; + }; + }; + }; +} diff --git a/aspects/cli/hm-cli.nix b/aspects/cli/hm-cli.nix new file mode 100644 index 0000000..acee59d --- /dev/null +++ b/aspects/cli/hm-cli.nix @@ -0,0 +1,11 @@ +{ ... }: +{ + flake.modules.homeManager.cli-base = { config, lib, pkgs, ... }: { + home = { + packages = with pkgs; [ hm-cli ]; + sessionVariables = { + HM_PATH = "/etc/nixos"; + }; + }; + }; +} diff --git a/aspects/cli/starship.nix b/aspects/cli/starship.nix new file mode 100644 index 0000000..e9884a7 --- /dev/null +++ b/aspects/cli/starship.nix @@ -0,0 +1,41 @@ +{ ... }: +{ + flake.modules.homeManager.cli-starship = { config, lib, pkgs, ... }: { + programs.starship = { + enable = true; + enableBashIntegration = true; + enableFishIntegration = true; + settings = { + add_newline = false; + format = '' + $hostname$directory$git_branch$git_status$nix_shell + [ ❯ ](bold green) + ''; + right_format = "$cmd_duration$character"; + hostname = { + ssh_symbol = "󰖟 "; + }; + character = { + error_symbol = "[](red)"; + success_symbol = "[󱐋](green)"; + }; + cmd_duration = { + format = "[󰄉 $duration ]($style)"; + style = "yellow"; + min_time = 500; + }; + git_branch = { + symbol = " "; + style = "purple"; + }; + git_status.style = "red"; + nix_shell = { + format = "via [$symbol$state]($style)"; + heuristic = true; + style = "blue"; + symbol = "󱄅 "; + }; + }; + }; + }; +} diff --git a/aspects/cli/tmux.nix b/aspects/cli/tmux.nix new file mode 100644 index 0000000..078a6aa --- /dev/null +++ b/aspects/cli/tmux.nix @@ -0,0 +1,12 @@ +{ ... }: +{ + flake.modules.homeManager.cli-tmux = { config, lib, pkgs, ... }: { + programs.tmux = { + enable = true; + clock24 = true; + terminal = "xterm-256color"; + mouse = true; + keyMode = "vi"; + }; + }; +} From e6aed18d8f88374dea23468754fc98c1ec85c280 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:30 -0300 Subject: [PATCH 072/138] add aspects/shell/ home-manager modules Shell configurations: bash, fish Co-Authored-By: Claude Opus 4.5 --- aspects/shell/bash.nix | 9 +++++++++ aspects/shell/fish.nix | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 aspects/shell/bash.nix create mode 100644 aspects/shell/fish.nix diff --git a/aspects/shell/bash.nix b/aspects/shell/bash.nix new file mode 100644 index 0000000..3ec7237 --- /dev/null +++ b/aspects/shell/bash.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + flake.modules.homeManager.shell-bash = { config, lib, pkgs, ... }: { + programs.bash = { + enable = true; + historyFile = "~/.cache/bash_history"; + }; + }; +} diff --git a/aspects/shell/fish.nix b/aspects/shell/fish.nix new file mode 100644 index 0000000..e2ae9cf --- /dev/null +++ b/aspects/shell/fish.nix @@ -0,0 +1,33 @@ +{ ... }: +{ + flake.modules.homeManager.shell-fish = { config, lib, pkgs, ... }: { + programs.fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + ${lib.getExe pkgs.nix-your-shell} fish | source + ''; + loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; + plugins = [ + { + name = "bang-bang"; + src = pkgs.fetchFromGitHub { + owner = "oh-my-fish"; + repo = "plugin-bang-bang"; + rev = "f969c618301163273d0a03d002614d9a81952c1e"; + sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; + }; + } + { + name = "z"; + src = pkgs.fetchFromGitHub { + owner = "jethrokuan"; + repo = "z"; + rev = "067e867debee59aee231e789fc4631f80fa5788e"; + sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU="; + }; + } + ]; + }; + }; +} From e8e62c81e3680e0137aa640f4c0e348bec2cd3d2 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:30 -0300 Subject: [PATCH 073/138] add aspects/gaming/ modules Gaming-related NixOS and home-manager configuration: flatpak, hardware, launchers, mangohud, steam Co-Authored-By: Claude Opus 4.5 --- aspects/gaming/flatpak.nix | 23 +++++++++++++++++++ aspects/gaming/hardware.nix | 11 +++++++++ aspects/gaming/launchers.nix | 11 +++++++++ aspects/gaming/mangohud.nix | 43 ++++++++++++++++++++++++++++++++++++ aspects/gaming/steam.nix | 17 ++++++++++++++ 5 files changed, 105 insertions(+) create mode 100644 aspects/gaming/flatpak.nix create mode 100644 aspects/gaming/hardware.nix create mode 100644 aspects/gaming/launchers.nix create mode 100644 aspects/gaming/mangohud.nix create mode 100644 aspects/gaming/steam.nix diff --git a/aspects/gaming/flatpak.nix b/aspects/gaming/flatpak.nix new file mode 100644 index 0000000..ad50c7c --- /dev/null +++ b/aspects/gaming/flatpak.nix @@ -0,0 +1,23 @@ +{ ... }: + +{ + flake.modules.nixos.gaming-flatpak = { pkgs, ... }: { + services.flatpak.packages = [ + "com.github.k4zmu2a.spacecadetpinball" + "com.steamgriddb.SGDBoop" + "io.github.Foldex.AdwSteamGtk" + "io.itch.itch" + "io.mrarm.mcpelauncher" + "net.retrodeck.retrodeck" + "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08" + rec { + appId = "com.hypixel.HytaleLauncher"; + sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv"; + bundle = "${pkgs.fetchurl { + url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak"; + inherit sha256; + }}"; + } + ]; + }; +} diff --git a/aspects/gaming/hardware.nix b/aspects/gaming/hardware.nix new file mode 100644 index 0000000..f1bd75b --- /dev/null +++ b/aspects/gaming/hardware.nix @@ -0,0 +1,11 @@ +{ ... }: + +{ + flake.modules.nixos.gaming-hardware = { ... }: { + hardware = { + xpadneo.enable = true; + steam-hardware.enable = true; # Allow steam client to manage controllers + graphics.enable32Bit = true; # For OpenGL games + }; + }; +} diff --git a/aspects/gaming/launchers.nix b/aspects/gaming/launchers.nix new file mode 100644 index 0000000..5684f9f --- /dev/null +++ b/aspects/gaming/launchers.nix @@ -0,0 +1,11 @@ +{ ... }: + +{ + flake.modules.nixos.gaming-launchers = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + clonehero + heroic + prismlauncher + ]; + }; +} diff --git a/aspects/gaming/mangohud.nix b/aspects/gaming/mangohud.nix new file mode 100644 index 0000000..7f83644 --- /dev/null +++ b/aspects/gaming/mangohud.nix @@ -0,0 +1,43 @@ +{ ... }: + +{ + flake.modules = { + nixos.gaming-mangohud = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + mangohud + ]; + }; + + homeManager.gaming-mangohud = { config, ... }: { + programs.mangohud = { + enable = true; + enableSessionWide = true; + settings = { + position = "top-left"; + fps = true; + frametime = false; + frame_timing = false; + gpu_stats = true; + gpu_temp = true; + gpu_power = true; + cpu_stats = true; + cpu_temp = true; + cpu_power = true; + ram = true; + vram = true; + gamemode = false; + vkbasalt = false; + version = false; + engine_version = false; + vulkan_driver = false; + wine = false; + time = false; + fps_sampling_period = 500; + toggle_hud = "Shift_L+F12"; + toggle_logging = "Ctrl_L+F2"; + output_folder = "${config.home.homeDirectory}/.local/share/mangohud"; + }; + }; + }; + }; +} diff --git a/aspects/gaming/steam.nix b/aspects/gaming/steam.nix new file mode 100644 index 0000000..e0ab9a8 --- /dev/null +++ b/aspects/gaming/steam.nix @@ -0,0 +1,17 @@ +{ ... }: + +{ + flake.modules.nixos.gaming-steam = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + steam-run + ]; + + programs = { + steam = { + enable = true; + extraCompatPackages = [ pkgs.proton-ge-bin ]; + }; + gamemode.enable = true; + }; + }; +} From 92e16d0032308324b768803b09f696e7b4320a59 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:30 -0300 Subject: [PATCH 074/138] add aspects/programs/ home-manager modules Program categories: graphics, media, office, utilities, web Co-Authored-By: Claude Opus 4.5 --- aspects/programs/graphics.nix | 27 ++++++++++++++ aspects/programs/media.nix | 29 +++++++++++++++ aspects/programs/office.nix | 25 +++++++++++++ aspects/programs/utilities.nix | 65 ++++++++++++++++++++++++++++++++++ aspects/programs/web.nix | 18 ++++++++++ 5 files changed, 164 insertions(+) create mode 100644 aspects/programs/graphics.nix create mode 100644 aspects/programs/media.nix create mode 100644 aspects/programs/office.nix create mode 100644 aspects/programs/utilities.nix create mode 100644 aspects/programs/web.nix diff --git a/aspects/programs/graphics.nix b/aspects/programs/graphics.nix new file mode 100644 index 0000000..1488125 --- /dev/null +++ b/aspects/programs/graphics.nix @@ -0,0 +1,27 @@ +{ ... }: + +{ + flake.modules.nixos.programs-graphics = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + # Image Editing + gimp + inkscape + # CAD & 3D Modeling + plasticity + ]; + + services.flatpak.packages = [ + # Vector Graphics + "com.boxy_svg.BoxySVG" + # 3D Printing / Slicing + rec { + appId = "io.github.softfever.OrcaSlicer"; + sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; + bundle = "${pkgs.fetchurl { + url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; + inherit sha256; + }}"; + } + ]; + }; +} diff --git a/aspects/programs/media.nix b/aspects/programs/media.nix new file mode 100644 index 0000000..8b50b2e --- /dev/null +++ b/aspects/programs/media.nix @@ -0,0 +1,29 @@ +{ ... }: + +{ + flake.modules = { + nixos.programs-media = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + # Audio + decibels + # Video + showtime + # Image Viewer + loupe + # Recording & Streaming + obs-studio + ]; + }; + + homeManager.programs-media = { pkgs, ... }: { + programs.obs-studio = { + enable = true; + plugins = with pkgs.obs-studio-plugins; [ + obs-vkcapture + obs-backgroundremoval + obs-pipewire-audio-capture + ]; + }; + }; + }; +} diff --git a/aspects/programs/office.nix b/aspects/programs/office.nix new file mode 100644 index 0000000..1fc6817 --- /dev/null +++ b/aspects/programs/office.nix @@ -0,0 +1,25 @@ +{ ... }: + +{ + flake.modules.nixos.programs-office = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + # Spelling + aspell + aspellDicts.de + aspellDicts.en + aspellDicts.en-computers + aspellDicts.pt_BR + # Document Viewing + papers + # Presentations + presenterm + # Note Taking & Drawing + rnote + ]; + + services.flatpak.packages = [ + # Office Suite + "com.collabora.Office" + ]; + }; +} diff --git a/aspects/programs/utilities.nix b/aspects/programs/utilities.nix new file mode 100644 index 0000000..15b267f --- /dev/null +++ b/aspects/programs/utilities.nix @@ -0,0 +1,65 @@ +{ ... }: + +{ + flake.modules = { + nixos.programs-utilities = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + # Terminal + ghostty + # File Management + nautilus + gnome-disk-utility + # Archive Tools + p7zip + unrar + # Cloud & Remote + rclone + # System Monitoring + mission-center + # Desktop Integration + adwaita-icon-theme + junction + libfido2 + toggleaudiosink + # Xwayland Support + xwayland-satellite + ]; + + services.flatpak.packages = [ + # Flatpak Management + "com.github.tchx84.Flatseal" + # Remote Desktop + "com.rustdesk.RustDesk" + ]; + }; + + homeManager.programs-utilities = { pkgs, ... }: { + programs = { + ghostty = { + enable = true; + settings = { + cursor-style = "block"; + shell-integration-features = "no-cursor"; + cursor-style-blink = false; + custom-shader = "${builtins.fetchurl { + url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; + sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; + }}"; + bell-features = ""; + gtk-titlebar-style = "tabs"; + keybind = [ "shift+enter=text:\\x1b\\r" ]; + }; + }; + + password-store = { + enable = true; + package = pkgs.pass-wayland; + }; + }; + + home.sessionVariables = { + TERMINAL = "ghostty"; + }; + }; + }; +} diff --git a/aspects/programs/web.nix b/aspects/programs/web.nix new file mode 100644 index 0000000..cc3753b --- /dev/null +++ b/aspects/programs/web.nix @@ -0,0 +1,18 @@ +{ ... }: + +{ + flake.modules.nixos.programs-web = { inputs, pkgs, system, ... }: { + environment.systemPackages = with pkgs; [ + # Browsers + inputs.zen-browser.packages."${system}".default + tor-browser + # Communication + vesktop + # Cloud & Sync + bitwarden-desktop + nextcloud-client + # Downloads + fragments + ]; + }; +} From 5247bbda031902455fd6b7fdf7ca66ab4ab8b708 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:37 -0300 Subject: [PATCH 075/138] add single-file NixOS aspects Standalone NixOS modules: ai, bluetooth, dev, fwupd, libvirtd, networkmanager, podman Co-Authored-By: Claude Opus 4.5 --- aspects/ai.nix | 12 ++++++++++++ aspects/bluetooth.nix | 6 ++++++ aspects/dev.nix | 19 +++++++++++++++++++ aspects/fwupd.nix | 6 ++++++ aspects/libvirtd.nix | 18 ++++++++++++++++++ aspects/networkmanager.nix | 11 +++++++++++ aspects/podman.nix | 15 +++++++++++++++ 7 files changed, 87 insertions(+) create mode 100644 aspects/ai.nix create mode 100644 aspects/bluetooth.nix create mode 100644 aspects/dev.nix create mode 100644 aspects/fwupd.nix create mode 100644 aspects/libvirtd.nix create mode 100644 aspects/networkmanager.nix create mode 100644 aspects/podman.nix diff --git a/aspects/ai.nix b/aspects/ai.nix new file mode 100644 index 0000000..6befeae --- /dev/null +++ b/aspects/ai.nix @@ -0,0 +1,12 @@ +{ ... }: +{ + flake.modules.nixos.ai = { inputs, pkgs, ... }: { + environment.systemPackages = + (with pkgs; [claude-desktop]) ++ + (with inputs.nix-ai-tools.packages.${pkgs.system}; [ + claude-code + claudebox + opencode + ]); + }; +} diff --git a/aspects/bluetooth.nix b/aspects/bluetooth.nix new file mode 100644 index 0000000..222bdf2 --- /dev/null +++ b/aspects/bluetooth.nix @@ -0,0 +1,6 @@ +{ ... }: +{ + flake.modules.nixos.bluetooth = { config, lib, pkgs, ... }: { + hardware.bluetooth.enable = true; + }; +} diff --git a/aspects/dev.nix b/aspects/dev.nix new file mode 100644 index 0000000..cc84646 --- /dev/null +++ b/aspects/dev.nix @@ -0,0 +1,19 @@ +{ ... }: +{ + flake.modules.nixos.dev = { config, lib, pkgs, ... }: { + environment.systemPackages = with pkgs; [ + android-tools + bat + lazygit + fd + fzf + glow + nixfmt + nix-init + nix-output-monitor + ripgrep + ]; + + users.users.user.extraGroups = [ "adbusers" ]; + }; +} diff --git a/aspects/fwupd.nix b/aspects/fwupd.nix new file mode 100644 index 0000000..746f1d0 --- /dev/null +++ b/aspects/fwupd.nix @@ -0,0 +1,6 @@ +{ ... }: +{ + flake.modules.nixos.fwupd = { config, lib, pkgs, ... }: { + services.fwupd.enable = true; + }; +} diff --git a/aspects/libvirtd.nix b/aspects/libvirtd.nix new file mode 100644 index 0000000..6487999 --- /dev/null +++ b/aspects/libvirtd.nix @@ -0,0 +1,18 @@ +{ ... }: +{ + flake.modules.nixos.libvirtd = { config, lib, pkgs, ... }: { + virtualisation = { + libvirtd.enable = true; + spiceUSBRedirection.enable = true; + }; + + programs.virt-manager.enable = true; + + networking.firewall.trustedInterfaces = [ "virbr0" ]; + + users.users.user.extraGroups = [ + "libvirt" + "libvirtd" + ]; + }; +} diff --git a/aspects/networkmanager.nix b/aspects/networkmanager.nix new file mode 100644 index 0000000..74c9260 --- /dev/null +++ b/aspects/networkmanager.nix @@ -0,0 +1,11 @@ +{ ... }: +{ + flake.modules.nixos.networkmanager = { config, lib, pkgs, ... }: { + networking.networkmanager = { + enable = true; + wifi.backend = "iwd"; + }; + + users.users.user.extraGroups = [ "networkmanager" ]; + }; +} diff --git a/aspects/podman.nix b/aspects/podman.nix new file mode 100644 index 0000000..04e7e04 --- /dev/null +++ b/aspects/podman.nix @@ -0,0 +1,15 @@ +{ ... }: +{ + flake.modules.nixos.podman = { config, lib, pkgs, ... }: { + virtualisation.podman = { + enable = true; + autoPrune.enable = true; + extraPackages = [ pkgs.podman-compose ]; + }; + + systemd = { + services.podman-auto-update.enable = true; + timers.podman-auto-update.enable = true; + }; + }; +} From c2302ac9fafef794e5491d78abd93f4732e5d2e6 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:37 -0300 Subject: [PATCH 076/138] add aspects/ephemeral.nix with factory pattern Ephemeral root configuration with impermanence support. Exports both a base module with options and a factory function for generating configured modules. Co-Authored-By: Claude Opus 4.5 --- aspects/ephemeral.nix | 136 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 136 insertions(+) create mode 100644 aspects/ephemeral.nix diff --git a/aspects/ephemeral.nix b/aspects/ephemeral.nix new file mode 100644 index 0000000..724f931 --- /dev/null +++ b/aspects/ephemeral.nix @@ -0,0 +1,136 @@ +# Ephemeral root aspect - provides automatic btrfs root subvolume rollover +# Exports both a base module with options and a factory function for easy configuration +{ inputs, ... }: +{ + # Base module with options (for external flakes or direct use) + flake.modules.nixos.ephemeral = { lib, config, ... }: + let + cfg = config.ephemeral; + in + { + options.ephemeral = { + enable = lib.mkEnableOption "ephemeral root with automatic rollback"; + + rootDevice = lib.mkOption { + type = lib.types.str; + example = "/dev/mapper/cryptroot"; + description = "Device path for the root btrfs filesystem"; + }; + + rootSubvolume = lib.mkOption { + type = lib.types.str; + default = "@root"; + description = "Name of the root btrfs subvolume"; + }; + + oldRootRetentionDays = lib.mkOption { + type = lib.types.int; + default = 30; + description = "Number of days to keep old root snapshots before deletion"; + }; + }; + + config = lib.mkIf cfg.enable { + boot.initrd.systemd.services.recreate-root = { + description = "Rolling over and creating new filesystem root"; + requires = [ "initrd-root-device.target" ]; + after = [ + "local-fs-pre.target" + "initrd-root-device.target" + ]; + requiredBy = [ "initrd-root-fs.target" ]; + before = [ "sysroot.mount" ]; + unitConfig = { + AssertPathExists = "/etc/initrd-release"; + DefaultDependencies = false; + }; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + set -euo pipefail + + mkdir /btrfs_tmp + if ! mount ${cfg.rootDevice} /btrfs_tmp; then + echo "ERROR: Failed to mount ${cfg.rootDevice}" + exit 1 + fi + + if [[ -e /btrfs_tmp/${cfg.rootSubvolume} ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/${cfg.rootSubvolume})" "+%Y-%m-%-d_%H:%M:%S") + mv /btrfs_tmp/${cfg.rootSubvolume} "/btrfs_tmp/old_roots/$timestamp" + fi + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +${toString cfg.oldRootRetentionDays}); do + delete_subvolume_recursively "$i" + done + + if ! btrfs subvolume create /btrfs_tmp/${cfg.rootSubvolume}; then + echo "ERROR: Failed to create subvolume ${cfg.rootSubvolume}" + umount /btrfs_tmp + exit 1 + fi + + umount /btrfs_tmp + ''; + }; + }; + }; + + # Factory function that generates configured modules + flake.factory.ephemeral = + { rootDevice + , rootSubvolume ? "@root" + , retentionDays ? 30 + , persistentStoragePath ? "/persistent" + , persistentFiles ? [ + "/etc/machine-id" + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + ] + , persistentDirectories ? [ + "/etc/NetworkManager/system-connections" + "/etc/nixos" + "/var/lib/bluetooth" + "/var/lib/flatpak" + "/var/lib/lxd" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + "/var/lib/systemd/timers" + "/var/lib/tailscale" + "/var/log" + ] + }: + { ... }: { + imports = [ + inputs.impermanence.nixosModules.impermanence + inputs.self.modules.nixos.ephemeral + ]; + + ephemeral = { + enable = true; + inherit rootDevice rootSubvolume; + oldRootRetentionDays = retentionDays; + }; + + fileSystems."/persistent".neededForBoot = true; + + environment.persistence.main = { + inherit persistentStoragePath; + files = persistentFiles; + directories = persistentDirectories; + }; + }; +} From ad0aa14d143a26d99b1306543c409ab2f582d81c Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:37 -0300 Subject: [PATCH 077/138] add aspects/stylix.nix Stylix theming configuration for NixOS and home-manager Co-Authored-By: Claude Opus 4.5 --- aspects/stylix.nix | 71 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 aspects/stylix.nix diff --git a/aspects/stylix.nix b/aspects/stylix.nix new file mode 100644 index 0000000..e64386f --- /dev/null +++ b/aspects/stylix.nix @@ -0,0 +1,71 @@ +{ ... }: +{ + flake.modules = { + nixos.stylix = { inputs, ... }: { + imports = [ inputs.stylix.nixosModules.stylix ]; + }; + + homeManager.stylix = { config, inputs, pkgs, ... }: { + imports = [ + inputs.stylix.homeManagerModules.stylix + inputs.zen-browser.homeModules.beta + ]; + + stylix = { + enable = true; + polarity = "dark"; + base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyodark.yaml"; + cursor = { + package = pkgs.kdePackages.breeze; + name = "breeze_cursors"; + size = 24; + }; + icons = { + enable = true; + package = pkgs.morewaita-icon-theme; + light = "MoreWaita"; + dark = "MoreWaita"; + }; + opacity = { + applications = 1.0; + desktop = 1.0; + popups = config.stylix.opacity.desktop; + terminal = 1.0; + }; + fonts = { + serif = { + package = pkgs.source-serif; + name = "Source Serif 4 Display"; + }; + sansSerif = { + package = pkgs.inter; + name = "Inter"; + }; + monospace = { + package = pkgs.nerd-fonts.fira-code; + name = "FiraCode Nerd Font"; + }; + emoji = { + package = pkgs.noto-fonts-color-emoji; + name = "Noto Color Emoji"; + }; + sizes = { + applications = 10; + desktop = config.stylix.fonts.sizes.applications; + popups = config.stylix.fonts.sizes.applications; + terminal = 12; + }; + }; + targets.zen-browser = { + enable = true; + profileNames = [ "william" ]; + }; + }; + + programs.zen-browser = { + enable = true; + profiles.william = { }; + }; + }; + }; +} From 25c69e3c18150efc5ef045a18a11d1878c68a1f5 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:50 -0300 Subject: [PATCH 078/138] add aspects/hosts/ configurations Host-specific NixOS configurations for: - alexandria (server) - io (desktop) - rotterdam (desktop) - trantor (server, aarch64) Each host has a main config file and _hostname/ directory with hardware-configuration and other host-specific modules. Co-Authored-By: Claude Opus 4.5 --- .../_alexandria/hardware-configuration.nix | 49 ++++++++++ aspects/hosts/_alexandria/jellyfin.nix | 15 +++ aspects/hosts/_alexandria/kanidm.nix | 83 ++++++++++++++++ aspects/hosts/_alexandria/nextcloud.nix | 97 +++++++++++++++++++ aspects/hosts/_alexandria/nginx.nix | 59 +++++++++++ aspects/hosts/_alexandria/unbound.nix | 58 +++++++++++ aspects/hosts/_alexandria/vaultwarden.nix | 26 +++++ aspects/hosts/_io/boot.nix | 14 +++ aspects/hosts/_io/disko.nix | 79 +++++++++++++++ aspects/hosts/_io/hardware-configuration.nix | 37 +++++++ aspects/hosts/_io/programs.nix | 27 ++++++ aspects/hosts/_io/services.nix | 61 ++++++++++++ aspects/hosts/_rotterdam/boot.nix | 31 ++++++ .../_rotterdam/hardware-configuration.nix | 82 ++++++++++++++++ aspects/hosts/_rotterdam/hardware.nix | 8 ++ aspects/hosts/_rotterdam/programs.nix | 31 ++++++ aspects/hosts/_rotterdam/services.nix | 11 +++ aspects/hosts/_trantor/boot.nix | 6 ++ aspects/hosts/_trantor/disko.nix | 64 ++++++++++++ aspects/hosts/_trantor/fail2ban.nix | 23 +++++ aspects/hosts/_trantor/forgejo.nix | 72 ++++++++++++++ .../hosts/_trantor/hardware-configuration.nix | 20 ++++ aspects/hosts/_trantor/networking.nix | 8 ++ aspects/hosts/_trantor/nginx.nix | 61 ++++++++++++ aspects/hosts/_trantor/openssh.nix | 23 +++++ aspects/hosts/_trantor/unbound.nix | 58 +++++++++++ aspects/hosts/alexandria.nix | 42 ++++++++ aspects/hosts/io.nix | 51 ++++++++++ aspects/hosts/rotterdam.nix | 56 +++++++++++ aspects/hosts/trantor.nix | 46 +++++++++ 30 files changed, 1298 insertions(+) create mode 100644 aspects/hosts/_alexandria/hardware-configuration.nix create mode 100644 aspects/hosts/_alexandria/jellyfin.nix create mode 100644 aspects/hosts/_alexandria/kanidm.nix create mode 100644 aspects/hosts/_alexandria/nextcloud.nix create mode 100644 aspects/hosts/_alexandria/nginx.nix create mode 100644 aspects/hosts/_alexandria/unbound.nix create mode 100644 aspects/hosts/_alexandria/vaultwarden.nix create mode 100644 aspects/hosts/_io/boot.nix create mode 100644 aspects/hosts/_io/disko.nix create mode 100644 aspects/hosts/_io/hardware-configuration.nix create mode 100644 aspects/hosts/_io/programs.nix create mode 100644 aspects/hosts/_io/services.nix create mode 100644 aspects/hosts/_rotterdam/boot.nix create mode 100644 aspects/hosts/_rotterdam/hardware-configuration.nix create mode 100644 aspects/hosts/_rotterdam/hardware.nix create mode 100644 aspects/hosts/_rotterdam/programs.nix create mode 100644 aspects/hosts/_rotterdam/services.nix create mode 100644 aspects/hosts/_trantor/boot.nix create mode 100644 aspects/hosts/_trantor/disko.nix create mode 100644 aspects/hosts/_trantor/fail2ban.nix create mode 100644 aspects/hosts/_trantor/forgejo.nix create mode 100644 aspects/hosts/_trantor/hardware-configuration.nix create mode 100644 aspects/hosts/_trantor/networking.nix create mode 100644 aspects/hosts/_trantor/nginx.nix create mode 100644 aspects/hosts/_trantor/openssh.nix create mode 100644 aspects/hosts/_trantor/unbound.nix create mode 100644 aspects/hosts/alexandria.nix create mode 100644 aspects/hosts/io.nix create mode 100644 aspects/hosts/rotterdam.nix create mode 100644 aspects/hosts/trantor.nix diff --git a/aspects/hosts/_alexandria/hardware-configuration.nix b/aspects/hosts/_alexandria/hardware-configuration.nix new file mode 100644 index 0000000..63ecba5 --- /dev/null +++ b/aspects/hosts/_alexandria/hardware-configuration.nix @@ -0,0 +1,49 @@ +{ + config, + lib, + modulesPath, + ... +}: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot = { + initrd = { + availableKernelModules = [ + "xhci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/31289617-1d84-4432-a833-680b52e88525"; + fsType = "ext4"; + }; + "/boot" = { + device = "/dev/disk/by-uuid/4130-BE54"; + fsType = "vfat"; + }; + }; + + swapDevices = [ + { + device = "/swapfile"; + size = 8192; + } + ]; + + networking.useDHCP = lib.mkDefault true; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/aspects/hosts/_alexandria/jellyfin.nix b/aspects/hosts/_alexandria/jellyfin.nix new file mode 100644 index 0000000..591403d --- /dev/null +++ b/aspects/hosts/_alexandria/jellyfin.nix @@ -0,0 +1,15 @@ +{ lib, inputs, ... }: +let + utils = import ../../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in +{ + services.jellyfin = { + enable = true; + openFirewall = true; + }; + + services.nginx.virtualHosts = mkNginxVHosts { + domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; + }; +} diff --git a/aspects/hosts/_alexandria/kanidm.nix b/aspects/hosts/_alexandria/kanidm.nix new file mode 100644 index 0000000..d51eb14 --- /dev/null +++ b/aspects/hosts/_alexandria/kanidm.nix @@ -0,0 +1,83 @@ +{ + config, + lib, + inputs, + pkgs, + ... +}: + +let + utils = import ../../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; + kanidmCertDir = "/var/lib/kanidm/certs"; +in + +{ + services.kanidm = { + enableServer = true; + enableClient = true; + package = pkgs.kanidm; + + serverSettings = { + domain = "auth.baduhai.dev"; + origin = "https://auth.baduhai.dev"; + bindaddress = "127.0.0.1:8443"; + ldapbindaddress = "127.0.0.1:636"; + trust_x_forward_for = true; + # Use self-signed certificates for internal TLS + tls_chain = "${kanidmCertDir}/cert.pem"; + tls_key = "${kanidmCertDir}/key.pem"; + }; + + clientSettings = { + uri = "https://auth.baduhai.dev"; + }; + }; + + services.nginx.virtualHosts = mkNginxVHosts { + domains."auth.baduhai.dev" = { + locations."/" = { + proxyPass = "https://127.0.0.1:8443"; + extraConfig = '' + proxy_ssl_verify off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + ''; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 636 ]; + + # Generate self-signed certificates for kanidm's internal TLS + systemd.services.kanidm-generate-certs = { + description = "Generate self-signed TLS certificates for Kanidm"; + wantedBy = [ "multi-user.target" ]; + before = [ "kanidm.service" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + mkdir -p ${kanidmCertDir} + if [ ! -f ${kanidmCertDir}/key.pem ]; then + ${pkgs.openssl}/bin/openssl req -x509 -newkey rsa:4096 \ + -keyout ${kanidmCertDir}/key.pem \ + -out ${kanidmCertDir}/cert.pem \ + -days 3650 -nodes \ + -subj "/CN=localhost" \ + -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" + chown -R kanidm:kanidm ${kanidmCertDir} + chmod 600 ${kanidmCertDir}/key.pem + chmod 644 ${kanidmCertDir}/cert.pem + fi + ''; + }; + + # Ensure certificate generation runs before kanidm starts + systemd.services.kanidm = { + after = [ "kanidm-generate-certs.service" ]; + wants = [ "kanidm-generate-certs.service" ]; + }; +} diff --git a/aspects/hosts/_alexandria/nextcloud.nix b/aspects/hosts/_alexandria/nextcloud.nix new file mode 100644 index 0000000..9d69199 --- /dev/null +++ b/aspects/hosts/_alexandria/nextcloud.nix @@ -0,0 +1,97 @@ +{ + lib, + config, + pkgs, + inputs, + ... +}: + +let + utils = import ../../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in + +{ + services = { + nextcloud = { + enable = true; + package = pkgs.nextcloud32; + datadir = "/data/nextcloud"; + hostName = "cloud.baduhai.dev"; + configureRedis = true; + https = true; + secretFile = config.age.secrets."nextcloud-secrets.json".path; + database.createLocally = true; + maxUploadSize = "16G"; + extraApps = { + inherit (config.services.nextcloud.package.packages.apps) + calendar + contacts + notes + tasks + user_oidc + ; + }; + extraAppsEnable = true; + caching = { + apcu = true; + redis = true; + }; + settings = { + trusted_proxies = [ "127.0.0.1" ]; + default_phone_region = "BR"; + maintenance_window_start = "4"; + allow_local_remote_servers = true; + enabledPreviewProviders = [ + "OC\\Preview\\BMP" + "OC\\Preview\\EMF" + "OC\\Preview\\Font" + "OC\\Preview\\GIF" + "OC\\Preview\\HEIC" + "OC\\Preview\\Illustrator" + "OC\\Preview\\JPEG" + "OC\\Preview\\Krita" + "OC\\Preview\\MarkDown" + "OC\\Preview\\Movie" + "OC\\Preview\\MP3" + "OC\\Preview\\MSOffice2003" + "OC\\Preview\\MSOffice2007" + "OC\\Preview\\MSOfficeDoc" + "OC\\Preview\\OpenDocument" + "OC\\Preview\\PDF" + "OC\\Preview\\Photoshop" + "OC\\Preview\\PNG" + "OC\\Preview\\Postscript" + "OC\\Preview\\SVG" + "OC\\Preview\\TIFF" + "OC\\Preview\\TXT" + "OC\\Preview\\XBitmap" + ]; + }; + config = { + dbtype = "pgsql"; + adminpassFile = config.age.secrets.nextcloud-adminpass.path; + }; + phpOptions = { + "opcache.interned_strings_buffer" = "16"; + }; + }; + + nginx.virtualHosts = mkNginxVHosts { + domains."cloud.baduhai.dev" = { }; + }; + }; + + age.secrets = { + "nextcloud-secrets.json" = { + file = ../../../secrets/nextcloud-secrets.json.age; + owner = "nextcloud"; + group = "nextcloud"; + }; + nextcloud-adminpass = { + file = ../../../secrets/nextcloud-adminpass.age; + owner = "nextcloud"; + group = "nextcloud"; + }; + }; +} diff --git a/aspects/hosts/_alexandria/nginx.nix b/aspects/hosts/_alexandria/nginx.nix new file mode 100644 index 0000000..19258dd --- /dev/null +++ b/aspects/hosts/_alexandria/nginx.nix @@ -0,0 +1,59 @@ +{ + config, + lib, + inputs, + ... +}: + +let + utils = import ../../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts services; + + # Get all unique domains from shared services that have LAN IPs (served by this host) + localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "alexandria") services)); + + # Generate ACME cert configs for all local domains + acmeCerts = lib.genAttrs localDomains (domain: { + group = "nginx"; + }); +in + +{ + security.acme = { + acceptTerms = true; + defaults = { + email = "baduhai@proton.me"; + dnsResolver = "1.1.1.1:53"; + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.cloudflare.path; + }; + certs = acmeCerts; + }; + + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = { + "_" = { + default = true; + locations."/".return = "444"; + }; + }; + }; + + users.users.nginx.extraGroups = [ "acme" ]; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + + age.secrets.cloudflare = { + file = ../../../secrets/cloudflare.age; + owner = "nginx"; + group = "nginx"; + }; +} diff --git a/aspects/hosts/_alexandria/unbound.nix b/aspects/hosts/_alexandria/unbound.nix new file mode 100644 index 0000000..6e46cdd --- /dev/null +++ b/aspects/hosts/_alexandria/unbound.nix @@ -0,0 +1,58 @@ +{ inputs, lib, ... }: + +let + utils = import ../../../utils.nix { inherit inputs lib; }; +in + +{ + services.unbound = { + enable = true; + enableRootTrustAnchor = true; + settings = { + server = { + interface = [ + "0.0.0.0" + "::" + ]; + access-control = [ + "127.0.0.0/8 allow" + "192.168.0.0/16 allow" + "::1/128 allow" + ]; + + num-threads = 2; + msg-cache-size = "50m"; + rrset-cache-size = "100m"; + cache-min-ttl = 300; + cache-max-ttl = 86400; + prefetch = true; + prefetch-key = true; + hide-identity = true; + hide-version = true; + so-rcvbuf = "1m"; + so-sndbuf = "1m"; + + # LAN-only DNS records + local-zone = ''"baduhai.dev." transparent''; + local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') + (lib.filter (e: e ? lanIP) utils.services); + }; + + forward-zone = [ + { + name = "."; + forward-addr = [ + "1.1.1.1@853#cloudflare-dns.com" + "1.0.0.1@853#cloudflare-dns.com" + ]; + forward-tls-upstream = true; + } + ]; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; +} diff --git a/aspects/hosts/_alexandria/vaultwarden.nix b/aspects/hosts/_alexandria/vaultwarden.nix new file mode 100644 index 0000000..81e65b1 --- /dev/null +++ b/aspects/hosts/_alexandria/vaultwarden.nix @@ -0,0 +1,26 @@ +{ + config, + lib, + inputs, + ... +}: +let + utils = import ../../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in +{ + services.vaultwarden = { + enable = true; + config = { + DOMAIN = "https://pass.baduhai.dev"; + SIGNUPS_ALLOWED = false; + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 58222; + }; + }; + + services.nginx.virtualHosts = mkNginxVHosts { + domains."pass.baduhai.dev".locations."/".proxyPass = + "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; + }; +} diff --git a/aspects/hosts/_io/boot.nix b/aspects/hosts/_io/boot.nix new file mode 100644 index 0000000..326f7dc --- /dev/null +++ b/aspects/hosts/_io/boot.nix @@ -0,0 +1,14 @@ +{ + boot = { + # TODO check if future kernel versions fix boot issue with systemd initrd with tpm + initrd.systemd.tpm2.enable = false; + kernelParams = [ + "nosgx" + "i915.fastboot=1" + "mem_sleep_default=deep" + ]; + extraModprobeConfig = '' + options snd-intel-dspcfg dsp_driver=3 + ''; + }; +} diff --git a/aspects/hosts/_io/disko.nix b/aspects/hosts/_io/disko.nix new file mode 100644 index 0000000..4e6c9d5 --- /dev/null +++ b/aspects/hosts/_io/disko.nix @@ -0,0 +1,79 @@ +{ inputs, ... }: + +{ + imports = [ inputs.disko.nixosModules.default ]; + + disko.devices.disk.main = { + type = "disk"; + device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689"; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1MiB"; + end = "1GiB"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot/efi"; + mountOptions = [ + "noatime" + "fmask=0077" + "dmask=0077" + ]; + }; + }; + cryptroot = { + priority = 2; + name = "root"; + size = "100%"; + content = { + type = "luks"; + name = "cryptroot"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "@root" = { + mountpoint = "/"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@root" + ]; + }; + "@home" = { + mountpoint = "/home"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@home" + ]; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@nix" + ]; + }; + "@persistent" = { + mountpoint = "/persistent"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@persistent" + ]; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/aspects/hosts/_io/hardware-configuration.nix b/aspects/hosts/_io/hardware-configuration.nix new file mode 100644 index 0000000..8e4dae4 --- /dev/null +++ b/aspects/hosts/_io/hardware-configuration.nix @@ -0,0 +1,37 @@ +{ + config, + lib, + modulesPath, + inputs, + ... +}: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot = { + initrd = { + availableKernelModules = [ + "xhci_pci" + "ahci" + "usb_storage" + "sd_mod" + "sdhci_pci" + ]; + }; + kernelModules = [ "kvm-intel" ]; + }; + + zramSwap = { + enable = true; + memoryPercent = 100; + }; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/aspects/hosts/_io/programs.nix b/aspects/hosts/_io/programs.nix new file mode 100644 index 0000000..e272d22 --- /dev/null +++ b/aspects/hosts/_io/programs.nix @@ -0,0 +1,27 @@ +{ pkgs, ... }: + +let + cml-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs { + wttsrc = pkgs.fetchFromGitHub { + owner = "WeirdTreeThing"; + repo = "chromebook-ucm-conf"; + rev = "b6ce2a7"; + hash = "sha256-QRUKHd3RQmg1tnZU8KCW0AmDtfw/daOJ/H3XU5qWTCc="; + }; + postInstall = '' + echo "v0.4.1" > $out/chromebook.patched + cp -R $wttsrc/{common,codecs,platforms} $out/share/alsa/ucm2 + cp -R $wttsrc/{cml,sof-rt5682} $out/share/alsa/ucm2/conf.d + ''; + }; +in + +{ + environment = { + systemPackages = with pkgs; [ + maliit-keyboard + sof-firmware + ]; + sessionVariables.ALSA_CONFIG_UCM2 = "${cml-ucm-conf}/share/alsa/ucm2"; + }; +} diff --git a/aspects/hosts/_io/services.nix b/aspects/hosts/_io/services.nix new file mode 100644 index 0000000..df41a6f --- /dev/null +++ b/aspects/hosts/_io/services.nix @@ -0,0 +1,61 @@ +{ pkgs, ... }: + +{ + services = { + keyd = { + enable = true; + keyboards.main = { + ids = [ "0001:0001" ]; + settings = { + main = { + meta = "overload(meta, esc)"; + f1 = "back"; + f2 = "forward"; + f3 = "refresh"; + f4 = "M-f11"; + f5 = "M-w"; + f6 = "brightnessdown"; + f7 = "brightnessup"; + f8 = "timeout(mute, 200, micmute)"; + f9 = "play"; + f10 = "timeout(nextsong, 200, previoussong)"; + f13 = "delete"; + "102nd" = "layer(function)"; + }; + shift = { + leftshift = "capslock"; + rightshift = "capslock"; + }; + function = { + escape = "f1"; + f1 = "f2"; + f2 = "f3"; + f3 = "f4"; + f4 = "f5"; + f5 = "f6"; + f6 = "f7"; + f7 = "f8"; + f8 = "f9"; + f9 = "f10"; + f10 = "f11"; + f13 = "f12"; + y = "sysrq"; + k = "home"; + l = "pageup"; + "," = "end"; + "." = "pagedown"; + }; + }; + }; + }; + upower.enable = true; + power-profiles-daemon.enable = true; + }; + + # TODO: remove once gmodena/nix-flatpak/issues/45 fixed + systemd.services."flatpak-managed-install" = { + serviceConfig = { + ExecStartPre = "${pkgs.coreutils}/bin/sleep 5"; + }; + }; +} diff --git a/aspects/hosts/_rotterdam/boot.nix b/aspects/hosts/_rotterdam/boot.nix new file mode 100644 index 0000000..d038ede --- /dev/null +++ b/aspects/hosts/_rotterdam/boot.nix @@ -0,0 +1,31 @@ +{ pkgs, ... }: + +let + qubesnsh = pkgs.writeTextFile { + name = "qubes.nsh"; + text = "HD1f65535a1:EFI\\qubes\\grubx64.efi"; + }; +in + +{ + boot = { + kernelParams = [ + "processor.max_cstate=1" # Fixes bug where ryzen cpus freeze when in highest C state + "clearcpuid=514" + "amdgpu.ppfeaturemask=0xfffd3fff" # Fixes amdgpu freezing + ]; + # QubesOS boot entry + loader.systemd-boot = { + extraFiles = { + "efi/edk2-shell/shell.efi" = "${pkgs.edk2-uefi-shell}/shell.efi"; + "qubes.nsh" = qubesnsh; + }; + extraEntries."qubes.conf" = '' + title Qubes OS + efi /efi/edk2-shell/shell.efi + options -nointerrupt qubes.nsh + sort-key ab + ''; + }; + }; +} diff --git a/aspects/hosts/_rotterdam/hardware-configuration.nix b/aspects/hosts/_rotterdam/hardware-configuration.nix new file mode 100644 index 0000000..169c53f --- /dev/null +++ b/aspects/hosts/_rotterdam/hardware-configuration.nix @@ -0,0 +1,82 @@ +{ + config, + lib, + modulesPath, + ... +}: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot = { + initrd = { + availableKernelModules = [ + "amdgpu" + "nvme" + "xhci_pci" + "ahci" + "usbhid" + "sd_mod" + ]; + luks.devices."cryptroot" = { + device = "/dev/disk/by-uuid/f7dd4142-7109-4493-834d-4a831777f08d"; + keyFile = "/dev/disk/by-partuuid/add5fc14-e20f-48be-8b2a-0799ef04d3cb"; + }; + }; + kernelModules = [ "kvm-amd" ]; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; + fsType = "btrfs"; + options = [ + "subvol=@root" + "noatime" + "compress=zstd" + ]; + }; + "/home" = { + device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; + fsType = "btrfs"; + options = [ + "subvol=@home" + "noatime" + "compress=zstd" + ]; + }; + "/boot/efi" = { + device = "/dev/disk/by-uuid/F2A2-CF5A"; + fsType = "vfat"; + options = [ + "noatime" + "fmask=0077" + "dmask=0077" + ]; + }; + "/nix" = { + device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; + fsType = "btrfs"; + options = [ + "subvol=@nix" + "noatime" + "compress=zstd" + ]; + }; + "/persistent" = { + device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; + fsType = "btrfs"; + options = [ + "subvol=@persistent" + "noatime" + "compress=zstd" + ]; + }; + }; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/aspects/hosts/_rotterdam/hardware.nix b/aspects/hosts/_rotterdam/hardware.nix new file mode 100644 index 0000000..6f76e99 --- /dev/null +++ b/aspects/hosts/_rotterdam/hardware.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: + +{ + hardware = { + amdgpu.opencl.enable = true; + graphics.extraPackages = with pkgs; [ rocmPackages.clr.icd ]; + }; +} diff --git a/aspects/hosts/_rotterdam/programs.nix b/aspects/hosts/_rotterdam/programs.nix new file mode 100644 index 0000000..b4dcfd9 --- /dev/null +++ b/aspects/hosts/_rotterdam/programs.nix @@ -0,0 +1,31 @@ +{ pkgs, ... }: + +let + reboot-into-qubes = pkgs.makeDesktopItem { + name = "reboot-into-qubes"; + icon = pkgs.fetchurl { + url = "https://raw.githubusercontent.com/vinceliuice/Qogir-icon-theme/31f267e1f5fd4e9596bfd78dfb41a03d3a9f33ee/src/scalable/apps/distributor-logo-qubes.svg"; + sha256 = "sha256-QbHr7s5Wcs7uFtfqZctMyS0iDbMfiiZOKy2nHhDOfn0="; + }; + desktopName = "Qubes OS"; + genericName = "Reboot into Qubes OS"; + categories = [ "System" ]; + startupNotify = true; + exec = pkgs.writeShellScript "reboot-into-qubes" '' + ${pkgs.yad}/bin/yad --form \ + --title="Qubes OS" \ + --image distributor-logo-qubes \ + --text "Are you sure you want to reboot into Qubes OS?" \ + --button="Yes:0" --button="Cancel:1" + if [ $? -eq 0 ]; then + systemctl reboot --boot-loader-entry=qubes.conf + fi + ''; + }; +in + +{ + environment.systemPackages = [ reboot-into-qubes ]; + + programs.steam.dedicatedServer.openFirewall = true; +} diff --git a/aspects/hosts/_rotterdam/services.nix b/aspects/hosts/_rotterdam/services.nix new file mode 100644 index 0000000..0bf276f --- /dev/null +++ b/aspects/hosts/_rotterdam/services.nix @@ -0,0 +1,11 @@ +{ + services.keyd = { + enable = true; + keyboards.main = { + ids = [ "5653:0001" ]; + settings.main = { + esc = "overload(meta, esc)"; + }; + }; + }; +} diff --git a/aspects/hosts/_trantor/boot.nix b/aspects/hosts/_trantor/boot.nix new file mode 100644 index 0000000..0498818 --- /dev/null +++ b/aspects/hosts/_trantor/boot.nix @@ -0,0 +1,6 @@ +{ + boot = { + initrd.systemd.enable = true; + loader.efi.efiSysMountPoint = "/boot/efi"; + }; +} diff --git a/aspects/hosts/_trantor/disko.nix b/aspects/hosts/_trantor/disko.nix new file mode 100644 index 0000000..0e47058 --- /dev/null +++ b/aspects/hosts/_trantor/disko.nix @@ -0,0 +1,64 @@ +{ inputs, ... }: + +{ + imports = [ inputs.disko.nixosModules.default ]; + + disko.devices.disk.main = { + type = "disk"; + device = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20"; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1MiB"; + end = "512MiB"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot/efi"; + mountOptions = [ + "noatime" + "fmask=0077" + "dmask=0077" + ]; + }; + }; + root = { + priority = 2; + name = "root"; + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "@root" = { + mountpoint = "/"; + mountOptions = [ + "noatime" + "compress=zstd" + ]; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = [ + "noatime" + "compress=zstd" + ]; + }; + "@persistent" = { + mountpoint = "/persistent"; + mountOptions = [ + "noatime" + "compress=zstd" + ]; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/aspects/hosts/_trantor/fail2ban.nix b/aspects/hosts/_trantor/fail2ban.nix new file mode 100644 index 0000000..bc05139 --- /dev/null +++ b/aspects/hosts/_trantor/fail2ban.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: + +{ + services.fail2ban = { + enable = true; + maxretry = 5; + ignoreIP = [ + "127.0.0.0/8" + "::1" + "10.0.0.0/8" + "172.16.0.0/12" + "192.168.0.0/16" + "100.64.0.0/10" + ]; + bantime = "1h"; + bantime-increment = { + enable = true; + multipliers = "1 2 4 8 16 32 64"; + maxtime = "10000h"; + overalljails = true; + }; + }; +} diff --git a/aspects/hosts/_trantor/forgejo.nix b/aspects/hosts/_trantor/forgejo.nix new file mode 100644 index 0000000..e6b2159 --- /dev/null +++ b/aspects/hosts/_trantor/forgejo.nix @@ -0,0 +1,72 @@ +{ + config, + lib, + inputs, + ... +}: + +let + utils = import ../../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in + +{ + services = { + forgejo = { + enable = true; + settings = { + session.COOKIE_SECURE = true; + server = { + PROTOCOL = "http+unix"; + DOMAIN = "git.baduhai.dev"; + ROOT_URL = "https://git.baduhai.dev"; + OFFLINE_MODE = true; # disable use of CDNs + SSH_DOMAIN = "git.baduhai.dev"; + }; + log.LEVEL = "Warn"; + mailer.ENABLED = false; + actions.ENABLED = false; + service.DISABLE_REGISTRATION = true; + oauth2_client = { + ENABLE_AUTO_REGISTRATION = true; + UPDATE_AVATAR = true; + ACCOUNT_LINKING = "login"; + USERNAME = "preferred_username"; + }; + }; + }; + nginx.virtualHosts = mkNginxVHosts { + domains."git.baduhai.dev".locations."/".proxyPass = + "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; + }; + fail2ban.jails.forgejo = { + settings = { + enabled = true; + filter = "forgejo"; + maxretry = 3; + findtime = "10m"; + bantime = "1h"; + }; + }; + }; + + environment = { + etc."fail2ban/filter.d/forgejo.conf".text = '' + [Definition] + failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from + ignoreregex = + journalmatch = _SYSTEMD_UNIT=forgejo.service + ''; + + persistence.main.directories = [ + { + directory = config.services.forgejo.stateDir; + inherit (config.services.forgejo) user group; + mode = "0700"; + } + ]; + }; + + # Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories + systemd.services.forgejo.serviceConfig.PrivateMounts = lib.mkForce false; +} diff --git a/aspects/hosts/_trantor/hardware-configuration.nix b/aspects/hosts/_trantor/hardware-configuration.nix new file mode 100644 index 0000000..039129e --- /dev/null +++ b/aspects/hosts/_trantor/hardware-configuration.nix @@ -0,0 +1,20 @@ +{ + lib, + modulesPath, + ... +}: + +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "virtio_pci" + "virtio_scsi" + "usbhid" + ]; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} diff --git a/aspects/hosts/_trantor/networking.nix b/aspects/hosts/_trantor/networking.nix new file mode 100644 index 0000000..4dcbe1e --- /dev/null +++ b/aspects/hosts/_trantor/networking.nix @@ -0,0 +1,8 @@ +{ + networking = { + firewall = { + allowedTCPPorts = [ 25566 ]; + allowedUDPPorts = [ 25566 ]; + }; + }; +} diff --git a/aspects/hosts/_trantor/nginx.nix b/aspects/hosts/_trantor/nginx.nix new file mode 100644 index 0000000..1fd6b5c --- /dev/null +++ b/aspects/hosts/_trantor/nginx.nix @@ -0,0 +1,61 @@ +{ + config, + lib, + inputs, + ... +}: + +let + utils = import ../../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts services; + + # Get all unique domains from shared services on trantor (host = "trantor") + localDomains = lib.unique ( + map (s: s.domain) (lib.filter (s: s.host == "trantor") services) + ); + + # Generate ACME cert configs for all local domains + acmeCerts = lib.genAttrs localDomains (domain: { + group = "nginx"; + }); +in + +{ + security.acme = { + acceptTerms = true; + defaults = { + email = "baduhai@proton.me"; + dnsResolver = "1.1.1.1:53"; + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.cloudflare.path; + }; + certs = acmeCerts; + }; + + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = { + "_" = { + default = true; + locations."/".return = "444"; + }; + }; + }; + + users.users.nginx.extraGroups = [ "acme" ]; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + + age.secrets.cloudflare = { + file = ../../../secrets/cloudflare.age; + owner = "nginx"; + group = "nginx"; + }; +} diff --git a/aspects/hosts/_trantor/openssh.nix b/aspects/hosts/_trantor/openssh.nix new file mode 100644 index 0000000..704b3df --- /dev/null +++ b/aspects/hosts/_trantor/openssh.nix @@ -0,0 +1,23 @@ +{ ... }: + +{ + services = { + openssh = { + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; + fail2ban.jails.sshd = { + settings = { + enabled = true; + port = "ssh"; + filter = "sshd"; + logpath = "/var/log/auth.log"; + maxretry = 3; + findtime = "10m"; + bantime = "1h"; + }; + }; + }; +} diff --git a/aspects/hosts/_trantor/unbound.nix b/aspects/hosts/_trantor/unbound.nix new file mode 100644 index 0000000..367c2c8 --- /dev/null +++ b/aspects/hosts/_trantor/unbound.nix @@ -0,0 +1,58 @@ +{ inputs, lib, ... }: + +let + utils = import ../../../utils.nix { inherit inputs lib; }; +in + +{ + services.unbound = { + enable = true; + enableRootTrustAnchor = true; + settings = { + server = { + interface = [ + "0.0.0.0" + "::" + ]; + access-control = [ + "127.0.0.0/8 allow" + "100.64.0.0/10 allow" # Tailscale CGNAT range + "::1/128 allow" + "fd7a:115c:a1e0::/48 allow" # Tailscale IPv6 + ]; + + num-threads = 2; + msg-cache-size = "50m"; + rrset-cache-size = "100m"; + cache-min-ttl = 300; + cache-max-ttl = 86400; + prefetch = true; + prefetch-key = true; + hide-identity = true; + hide-version = true; + so-rcvbuf = "1m"; + so-sndbuf = "1m"; + + # Tailnet DNS records from shared services + local-zone = ''"baduhai.dev." transparent''; + local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') utils.services; + }; + + forward-zone = [ + { + name = "."; + forward-addr = [ + "1.1.1.1@853#cloudflare-dns.com" + "1.0.0.1@853#cloudflare-dns.com" + ]; + forward-tls-upstream = true; + } + ]; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; +} diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix new file mode 100644 index 0000000..28a367d --- /dev/null +++ b/aspects/hosts/alexandria.nix @@ -0,0 +1,42 @@ +{ inputs, ... }: +{ + flake.nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "alexandria"; } + { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale + inputs.self.modules.nixos.common-users + + # Server aspects + inputs.self.modules.nixos.server-boot + inputs.self.modules.nixos.server-nix + inputs.self.modules.nixos.server-tailscale + + # Other aspects based on tags + inputs.self.modules.nixos.fwupd + + # Host-specific files (from _alexandria/) + ./_alexandria/hardware-configuration.nix + ./_alexandria/jellyfin.nix + ./_alexandria/kanidm.nix + ./_alexandria/nextcloud.nix + ./_alexandria/nginx.nix + ./_alexandria/unbound.nix + ./_alexandria/vaultwarden.nix + ]; + }; +} diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix new file mode 100644 index 0000000..1d7f15a --- /dev/null +++ b/aspects/hosts/io.nix @@ -0,0 +1,51 @@ +{ inputs, ... }: +{ + flake.nixosConfigurations.io = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "io"; } + { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale + inputs.self.modules.nixos.common-users + + # Desktop aspects + inputs.self.modules.nixos.desktop-boot + inputs.self.modules.nixos.desktop-desktop + inputs.self.modules.nixos.desktop-nix + inputs.self.modules.nixos.desktop-services + + # Other aspects based on tags + inputs.self.modules.nixos.ai + inputs.self.modules.nixos.bluetooth + inputs.self.modules.nixos.dev + inputs.self.modules.nixos.libvirtd + inputs.self.modules.nixos.networkmanager + inputs.self.modules.nixos.podman + + # Factory-generated ephemeral module + (inputs.self.factory.ephemeral { + rootDevice = "/dev/mapper/cryptroot"; + }) + + # Host-specific files (from _io/) + ./_io/hardware-configuration.nix + ./_io/disko.nix + ./_io/boot.nix + ./_io/programs.nix + ./_io/services.nix + ]; + }; +} diff --git a/aspects/hosts/rotterdam.nix b/aspects/hosts/rotterdam.nix new file mode 100644 index 0000000..e9d3f18 --- /dev/null +++ b/aspects/hosts/rotterdam.nix @@ -0,0 +1,56 @@ +{ inputs, ... }: +{ + flake.nixosConfigurations.rotterdam = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "rotterdam"; } + { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale + inputs.self.modules.nixos.common-users + + # Desktop aspects + inputs.self.modules.nixos.desktop-boot + inputs.self.modules.nixos.desktop-desktop + inputs.self.modules.nixos.desktop-nix + inputs.self.modules.nixos.desktop-services + + # Other aspects based on tags + inputs.self.modules.nixos.ai + inputs.self.modules.nixos.bluetooth + inputs.self.modules.nixos.dev + inputs.self.modules.nixos.fwupd + inputs.self.modules.nixos.gaming-steam + inputs.self.modules.nixos.gaming-hardware + inputs.self.modules.nixos.gaming-flatpak + inputs.self.modules.nixos.gaming-launchers + inputs.self.modules.nixos.libvirtd + inputs.self.modules.nixos.networkmanager + inputs.self.modules.nixos.podman + + # Factory-generated ephemeral module + (inputs.self.factory.ephemeral { + rootDevice = "/dev/mapper/cryptroot"; + }) + + # Host-specific files (from _rotterdam/) + ./_rotterdam/hardware-configuration.nix + ./_rotterdam/boot.nix + ./_rotterdam/hardware.nix + ./_rotterdam/programs.nix + ./_rotterdam/services.nix + ]; + }; +} diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix new file mode 100644 index 0000000..646cc73 --- /dev/null +++ b/aspects/hosts/trantor.nix @@ -0,0 +1,46 @@ +{ inputs, ... }: +{ + flake.nixosConfigurations.trantor = inputs.nixpkgs-stable.lib.nixosSystem { + system = "aarch64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "trantor"; } + { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale + inputs.self.modules.nixos.common-users + + # Server aspects + inputs.self.modules.nixos.server-boot + inputs.self.modules.nixos.server-nix + inputs.self.modules.nixos.server-tailscale + + # Factory-generated ephemeral module + (inputs.self.factory.ephemeral { + rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; + }) + + # Host-specific files (from _trantor/) + ./_trantor/hardware-configuration.nix + ./_trantor/disko.nix + ./_trantor/boot.nix + ./_trantor/fail2ban.nix + ./_trantor/forgejo.nix + ./_trantor/networking.nix + ./_trantor/nginx.nix + ./_trantor/openssh.nix + ./_trantor/unbound.nix + ]; + }; +} From a9f84629e3359a3ab902e62e187bba2d285db037 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:50 -0300 Subject: [PATCH 079/138] add aspects/users/ configurations User-specific home-manager configurations for: - user@rotterdam - user@io Includes user-specific modules in _user/ directory. Co-Authored-By: Claude Opus 4.5 --- aspects/users/_user/git.nix | 17 +++++++ aspects/users/user.nix | 91 +++++++++++++++++++++++++++++++++++++ 2 files changed, 108 insertions(+) create mode 100644 aspects/users/_user/git.nix create mode 100644 aspects/users/user.nix diff --git a/aspects/users/_user/git.nix b/aspects/users/_user/git.nix new file mode 100644 index 0000000..9c1fb20 --- /dev/null +++ b/aspects/users/_user/git.nix @@ -0,0 +1,17 @@ +{ pkgs, ... }: + +{ + programs = { + git = { + enable = true; + settings.user = { + name = "William"; + email = "baduhai@proton.me"; + }; + }; + diff-so-fancy = { + enable = true; + enableGitIntegration = true; + }; + }; +} diff --git a/aspects/users/user.nix b/aspects/users/user.nix new file mode 100644 index 0000000..5130abf --- /dev/null +++ b/aspects/users/user.nix @@ -0,0 +1,91 @@ +# aspects/users/user.nix +{ inputs, ... }: +{ + flake.homeConfigurations = { + "user@rotterdam" = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { inherit inputs; hostname = "rotterdam"; }; + modules = [ + { nixpkgs.overlays = [ inputs.self.overlays.default ]; } + + # CLI aspects (common module included) + inputs.self.modules.homeManager.cli-base + inputs.self.modules.homeManager.cli-btop + inputs.self.modules.homeManager.cli-comma + inputs.self.modules.homeManager.cli-direnv + inputs.self.modules.homeManager.cli-helix + inputs.self.modules.homeManager.cli-starship + inputs.self.modules.homeManager.cli-tmux + + # Shell + inputs.self.modules.homeManager.shell-fish + inputs.self.modules.homeManager.shell-bash + + # Desktop + inputs.self.modules.homeManager.desktop-desktop + inputs.self.modules.homeManager.desktop-niri + + # Gaming + inputs.self.modules.homeManager.gaming-mangohud + + # Programs + inputs.self.modules.homeManager.programs-media # for obs-studio + + # Stylix + inputs.self.modules.homeManager.stylix + + # User-specific (from _user/) + ./_user/git.nix + + # Home configuration + { + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + }; + } + ]; + }; + + "user@io" = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { inherit inputs; hostname = "io"; }; + modules = [ + { nixpkgs.overlays = [ inputs.self.overlays.default ]; } + + # CLI aspects (common module included) + inputs.self.modules.homeManager.cli-base + inputs.self.modules.homeManager.cli-btop + inputs.self.modules.homeManager.cli-comma + inputs.self.modules.homeManager.cli-direnv + inputs.self.modules.homeManager.cli-helix + inputs.self.modules.homeManager.cli-starship + inputs.self.modules.homeManager.cli-tmux + + # Shell + inputs.self.modules.homeManager.shell-fish + inputs.self.modules.homeManager.shell-bash + + # Desktop + inputs.self.modules.homeManager.desktop-desktop + inputs.self.modules.homeManager.desktop-niri + + # Stylix + inputs.self.modules.homeManager.stylix + + # User-specific (from _user/) + ./_user/git.nix + + # Home configuration + { + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + }; + } + ]; + }; + }; +} From 3200927cb5b3df90298f8f28bb3dec1037a61133 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:50 -0300 Subject: [PATCH 080/138] update flake.nix to use import-tree Use import-tree to automatically discover and import all aspects. Removes homeConfigurations.nix, nixosConfigurations.nix, and nixosModules.nix from imports as they're now in aspects/. Co-Authored-By: Claude Opus 4.5 --- flake.nix | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/flake.nix b/flake.nix index 20210f2..701406d 100644 --- a/flake.nix +++ b/flake.nix @@ -3,6 +3,7 @@ inputs = { flake-parts.url = "github:hercules-ci/flake-parts"; + import-tree.url = "github:vic/import-tree"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11"; @@ -56,22 +57,22 @@ }; outputs = - inputs@{ flake-parts, ... }: - flake-parts.lib.mkFlake { inherit inputs; } { - systems = [ - "x86_64-linux" - "aarch64-linux" - ]; + inputs@{ flake-parts, import-tree, ... }: + flake-parts.lib.mkFlake { inherit inputs; } ( + import-tree ./aspects + // { + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; - imports = [ - ./deploy.nix - ./devShells.nix - ./homeConfigurations.nix - ./nixosConfigurations.nix - ./nixosModules.nix - ./overlays.nix - ./packages.nix - ./terranixConfigurations.nix - ]; - }; + imports = [ + ./deploy.nix + ./devShells.nix + ./overlays.nix + ./packages.nix + ./terranixConfigurations.nix + ]; + } + ); } From 848f79f8bb8644c62a826c83c5561fcad8428e0d Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:37:27 -0300 Subject: [PATCH 081/138] remove old configuration structure Remove directories and files replaced by aspects/: - hosts/ - users/ - modules/ - shared/ - nixosConfigurations.nix - homeConfigurations.nix - nixosModules.nix - utils.nix Co-Authored-By: Claude Opus 4.5 --- homeConfigurations.nix | 43 ---- hosts/alexandria/hardware-configuration.nix | 49 ---- hosts/alexandria/jellyfin.nix | 15 -- hosts/alexandria/kanidm.nix | 83 ------- hosts/alexandria/nextcloud.nix | 97 -------- hosts/alexandria/nginx.nix | 59 ----- hosts/alexandria/unbound.nix | 58 ----- hosts/alexandria/vaultwarden.nix | 26 --- hosts/io/boot.nix | 14 -- hosts/io/disko.nix | 79 ------- hosts/io/hardware-configuration.nix | 37 ---- hosts/io/programs.nix | 27 --- hosts/io/services.nix | 61 ----- hosts/modules/ai.nix | 11 - hosts/modules/bluetooth.nix | 5 - hosts/modules/common/boot.nix | 20 -- hosts/modules/common/console.nix | 8 - hosts/modules/common/firewall.nix | 8 - hosts/modules/common/locale.nix | 21 -- hosts/modules/common/nix.nix | 38 ---- hosts/modules/common/openssh.nix | 11 - hosts/modules/common/programs.nix | 40 ---- hosts/modules/common/security.nix | 13 -- hosts/modules/common/services.nix | 9 - hosts/modules/common/tailscale.nix | 8 - hosts/modules/common/users.nix | 24 -- hosts/modules/desktop/boot.nix | 26 --- hosts/modules/desktop/desktop.nix | 163 -------------- hosts/modules/desktop/nix.nix | 13 -- hosts/modules/desktop/services.nix | 15 -- hosts/modules/dev.nix | 18 -- hosts/modules/ephemeral.nix | 43 ---- hosts/modules/fwupd.nix | 5 - hosts/modules/gaming.nix | 43 ---- hosts/modules/libvirtd.nix | 17 -- hosts/modules/networkmanager.nix | 10 - hosts/modules/podman.nix | 14 -- hosts/modules/server/boot.nix | 5 - hosts/modules/server/nix.nix | 13 -- hosts/modules/server/tailscale.nix | 13 -- hosts/rotterdam/boot.nix | 31 --- hosts/rotterdam/hardware-configuration.nix | 82 ------- hosts/rotterdam/hardware.nix | 8 - hosts/rotterdam/programs.nix | 31 --- hosts/rotterdam/services.nix | 11 - hosts/trantor/boot.nix | 6 - hosts/trantor/disko.nix | 64 ------ hosts/trantor/fail2ban.nix | 23 -- hosts/trantor/forgejo.nix | 72 ------ hosts/trantor/hardware-configuration.nix | 20 -- hosts/trantor/networking.nix | 8 - hosts/trantor/nginx.nix | 61 ----- hosts/trantor/openssh.nix | 23 -- hosts/trantor/unbound.nix | 58 ----- modules/ephemeral.nix | 84 ------- nixosConfigurations.nix | 56 ----- nixosModules.nix | 7 - shared/services.nix | 43 ---- users/modules/btop.nix | 12 - users/modules/comma.nix | 7 - users/modules/common/bash.nix | 8 - users/modules/common/fish.nix | 32 --- users/modules/common/hm-cli.nix | 10 - users/modules/desktop/desktop.nix | 134 ----------- users/modules/desktop/niri.nix | 225 ------------------- users/modules/direnv.nix | 8 - users/modules/gaming.nix | 33 --- users/modules/helix.nix | 49 ---- users/modules/obs-studio.nix | 13 -- users/modules/starship.nix | 40 ---- users/modules/stylix.nix | 69 ------ users/modules/tmux.nix | 11 - users/user/git.nix | 17 -- utils.nix | 233 -------------------- 74 files changed, 2851 deletions(-) delete mode 100644 homeConfigurations.nix delete mode 100644 hosts/alexandria/hardware-configuration.nix delete mode 100644 hosts/alexandria/jellyfin.nix delete mode 100644 hosts/alexandria/kanidm.nix delete mode 100644 hosts/alexandria/nextcloud.nix delete mode 100644 hosts/alexandria/nginx.nix delete mode 100644 hosts/alexandria/unbound.nix delete mode 100644 hosts/alexandria/vaultwarden.nix delete mode 100644 hosts/io/boot.nix delete mode 100644 hosts/io/disko.nix delete mode 100644 hosts/io/hardware-configuration.nix delete mode 100644 hosts/io/programs.nix delete mode 100644 hosts/io/services.nix delete mode 100644 hosts/modules/ai.nix delete mode 100644 hosts/modules/bluetooth.nix delete mode 100644 hosts/modules/common/boot.nix delete mode 100644 hosts/modules/common/console.nix delete mode 100644 hosts/modules/common/firewall.nix delete mode 100644 hosts/modules/common/locale.nix delete mode 100644 hosts/modules/common/nix.nix delete mode 100644 hosts/modules/common/openssh.nix delete mode 100644 hosts/modules/common/programs.nix delete mode 100644 hosts/modules/common/security.nix delete mode 100644 hosts/modules/common/services.nix delete mode 100644 hosts/modules/common/tailscale.nix delete mode 100644 hosts/modules/common/users.nix delete mode 100644 hosts/modules/desktop/boot.nix delete mode 100644 hosts/modules/desktop/desktop.nix delete mode 100644 hosts/modules/desktop/nix.nix delete mode 100644 hosts/modules/desktop/services.nix delete mode 100644 hosts/modules/dev.nix delete mode 100644 hosts/modules/ephemeral.nix delete mode 100644 hosts/modules/fwupd.nix delete mode 100644 hosts/modules/gaming.nix delete mode 100644 hosts/modules/libvirtd.nix delete mode 100644 hosts/modules/networkmanager.nix delete mode 100644 hosts/modules/podman.nix delete mode 100644 hosts/modules/server/boot.nix delete mode 100644 hosts/modules/server/nix.nix delete mode 100644 hosts/modules/server/tailscale.nix delete mode 100644 hosts/rotterdam/boot.nix delete mode 100644 hosts/rotterdam/hardware-configuration.nix delete mode 100644 hosts/rotterdam/hardware.nix delete mode 100644 hosts/rotterdam/programs.nix delete mode 100644 hosts/rotterdam/services.nix delete mode 100644 hosts/trantor/boot.nix delete mode 100644 hosts/trantor/disko.nix delete mode 100644 hosts/trantor/fail2ban.nix delete mode 100644 hosts/trantor/forgejo.nix delete mode 100644 hosts/trantor/hardware-configuration.nix delete mode 100644 hosts/trantor/networking.nix delete mode 100644 hosts/trantor/nginx.nix delete mode 100644 hosts/trantor/openssh.nix delete mode 100644 hosts/trantor/unbound.nix delete mode 100644 modules/ephemeral.nix delete mode 100644 nixosConfigurations.nix delete mode 100644 nixosModules.nix delete mode 100644 shared/services.nix delete mode 100644 users/modules/btop.nix delete mode 100644 users/modules/comma.nix delete mode 100644 users/modules/common/bash.nix delete mode 100644 users/modules/common/fish.nix delete mode 100644 users/modules/common/hm-cli.nix delete mode 100644 users/modules/desktop/desktop.nix delete mode 100644 users/modules/desktop/niri.nix delete mode 100644 users/modules/direnv.nix delete mode 100644 users/modules/gaming.nix delete mode 100644 users/modules/helix.nix delete mode 100644 users/modules/obs-studio.nix delete mode 100644 users/modules/starship.nix delete mode 100644 users/modules/stylix.nix delete mode 100644 users/modules/tmux.nix delete mode 100644 users/user/git.nix delete mode 100644 utils.nix diff --git a/homeConfigurations.nix b/homeConfigurations.nix deleted file mode 100644 index 296abfa..0000000 --- a/homeConfigurations.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ inputs, ... }: - -let - lib = inputs.nixpkgs.lib; - utils = import ./utils.nix { inherit inputs lib; }; - inherit (utils) mkHome; -in - -{ - flake.homeConfigurations = { - "user@rotterdam" = mkHome { - username = "user"; - hostname = "rotterdam"; - tags = [ - "desktop" - "btop" - "comma" - "direnv" - "gaming" - "helix" - "obs-studio" - "starship" - "stylix" - "tmux" - ]; - }; - - "user@io" = mkHome { - username = "user"; - hostname = "io"; - tags = [ - "desktop" - "btop" - "comma" - "direnv" - "helix" - "starship" - "stylix" - "tmux" - ]; - }; - }; -} diff --git a/hosts/alexandria/hardware-configuration.nix b/hosts/alexandria/hardware-configuration.nix deleted file mode 100644 index 63ecba5..0000000 --- a/hosts/alexandria/hardware-configuration.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ - config, - lib, - modulesPath, - ... -}: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - initrd = { - availableKernelModules = [ - "xhci_pci" - "ahci" - "usbhid" - "usb_storage" - "sd_mod" - ]; - kernelModules = [ ]; - }; - kernelModules = [ "kvm-intel" ]; - extraModulePackages = [ ]; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/31289617-1d84-4432-a833-680b52e88525"; - fsType = "ext4"; - }; - "/boot" = { - device = "/dev/disk/by-uuid/4130-BE54"; - fsType = "vfat"; - }; - }; - - swapDevices = [ - { - device = "/swapfile"; - size = 8192; - } - ]; - - networking.useDHCP = lib.mkDefault true; - - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/alexandria/jellyfin.nix b/hosts/alexandria/jellyfin.nix deleted file mode 100644 index 6ceac09..0000000 --- a/hosts/alexandria/jellyfin.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ lib, inputs, ... }: -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in -{ - services.jellyfin = { - enable = true; - openFirewall = true; - }; - - services.nginx.virtualHosts = mkNginxVHosts { - domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; - }; -} diff --git a/hosts/alexandria/kanidm.nix b/hosts/alexandria/kanidm.nix deleted file mode 100644 index eaaa9b9..0000000 --- a/hosts/alexandria/kanidm.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ - config, - lib, - inputs, - pkgs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; - kanidmCertDir = "/var/lib/kanidm/certs"; -in - -{ - services.kanidm = { - enableServer = true; - enableClient = true; - package = pkgs.kanidm; - - serverSettings = { - domain = "auth.baduhai.dev"; - origin = "https://auth.baduhai.dev"; - bindaddress = "127.0.0.1:8443"; - ldapbindaddress = "127.0.0.1:636"; - trust_x_forward_for = true; - # Use self-signed certificates for internal TLS - tls_chain = "${kanidmCertDir}/cert.pem"; - tls_key = "${kanidmCertDir}/key.pem"; - }; - - clientSettings = { - uri = "https://auth.baduhai.dev"; - }; - }; - - services.nginx.virtualHosts = mkNginxVHosts { - domains."auth.baduhai.dev" = { - locations."/" = { - proxyPass = "https://127.0.0.1:8443"; - extraConfig = '' - proxy_ssl_verify off; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $host; - ''; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ 636 ]; - - # Generate self-signed certificates for kanidm's internal TLS - systemd.services.kanidm-generate-certs = { - description = "Generate self-signed TLS certificates for Kanidm"; - wantedBy = [ "multi-user.target" ]; - before = [ "kanidm.service" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - mkdir -p ${kanidmCertDir} - if [ ! -f ${kanidmCertDir}/key.pem ]; then - ${pkgs.openssl}/bin/openssl req -x509 -newkey rsa:4096 \ - -keyout ${kanidmCertDir}/key.pem \ - -out ${kanidmCertDir}/cert.pem \ - -days 3650 -nodes \ - -subj "/CN=localhost" \ - -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" - chown -R kanidm:kanidm ${kanidmCertDir} - chmod 600 ${kanidmCertDir}/key.pem - chmod 644 ${kanidmCertDir}/cert.pem - fi - ''; - }; - - # Ensure certificate generation runs before kanidm starts - systemd.services.kanidm = { - after = [ "kanidm-generate-certs.service" ]; - wants = [ "kanidm-generate-certs.service" ]; - }; -} diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix deleted file mode 100644 index c449cce..0000000 --- a/hosts/alexandria/nextcloud.nix +++ /dev/null @@ -1,97 +0,0 @@ -{ - lib, - config, - pkgs, - inputs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in - -{ - services = { - nextcloud = { - enable = true; - package = pkgs.nextcloud32; - datadir = "/data/nextcloud"; - hostName = "cloud.baduhai.dev"; - configureRedis = true; - https = true; - secretFile = config.age.secrets."nextcloud-secrets.json".path; - database.createLocally = true; - maxUploadSize = "16G"; - extraApps = { - inherit (config.services.nextcloud.package.packages.apps) - calendar - contacts - notes - tasks - user_oidc - ; - }; - extraAppsEnable = true; - caching = { - apcu = true; - redis = true; - }; - settings = { - trusted_proxies = [ "127.0.0.1" ]; - default_phone_region = "BR"; - maintenance_window_start = "4"; - allow_local_remote_servers = true; - enabledPreviewProviders = [ - "OC\\Preview\\BMP" - "OC\\Preview\\EMF" - "OC\\Preview\\Font" - "OC\\Preview\\GIF" - "OC\\Preview\\HEIC" - "OC\\Preview\\Illustrator" - "OC\\Preview\\JPEG" - "OC\\Preview\\Krita" - "OC\\Preview\\MarkDown" - "OC\\Preview\\Movie" - "OC\\Preview\\MP3" - "OC\\Preview\\MSOffice2003" - "OC\\Preview\\MSOffice2007" - "OC\\Preview\\MSOfficeDoc" - "OC\\Preview\\OpenDocument" - "OC\\Preview\\PDF" - "OC\\Preview\\Photoshop" - "OC\\Preview\\PNG" - "OC\\Preview\\Postscript" - "OC\\Preview\\SVG" - "OC\\Preview\\TIFF" - "OC\\Preview\\TXT" - "OC\\Preview\\XBitmap" - ]; - }; - config = { - dbtype = "pgsql"; - adminpassFile = config.age.secrets.nextcloud-adminpass.path; - }; - phpOptions = { - "opcache.interned_strings_buffer" = "16"; - }; - }; - - nginx.virtualHosts = mkNginxVHosts { - domains."cloud.baduhai.dev" = { }; - }; - }; - - age.secrets = { - "nextcloud-secrets.json" = { - file = ../../secrets/nextcloud-secrets.json.age; - owner = "nextcloud"; - group = "nextcloud"; - }; - nextcloud-adminpass = { - file = ../../secrets/nextcloud-adminpass.age; - owner = "nextcloud"; - group = "nextcloud"; - }; - }; -} diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix deleted file mode 100644 index 274f645..0000000 --- a/hosts/alexandria/nginx.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts services; - - # Get all unique domains from shared services that have LAN IPs (served by this host) - localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "alexandria") services)); - - # Generate ACME cert configs for all local domains - acmeCerts = lib.genAttrs localDomains (domain: { - group = "nginx"; - }); -in - -{ - security.acme = { - acceptTerms = true; - defaults = { - email = "baduhai@proton.me"; - dnsResolver = "1.1.1.1:53"; - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets.cloudflare.path; - }; - certs = acmeCerts; - }; - - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts = { - "_" = { - default = true; - locations."/".return = "444"; - }; - }; - }; - - users.users.nginx.extraGroups = [ "acme" ]; - - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; - - age.secrets.cloudflare = { - file = ../../secrets/cloudflare.age; - owner = "nginx"; - group = "nginx"; - }; -} diff --git a/hosts/alexandria/unbound.nix b/hosts/alexandria/unbound.nix deleted file mode 100644 index 31363aa..0000000 --- a/hosts/alexandria/unbound.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ inputs, lib, ... }: - -let - utils = import ../../utils.nix { inherit inputs lib; }; -in - -{ - services.unbound = { - enable = true; - enableRootTrustAnchor = true; - settings = { - server = { - interface = [ - "0.0.0.0" - "::" - ]; - access-control = [ - "127.0.0.0/8 allow" - "192.168.0.0/16 allow" - "::1/128 allow" - ]; - - num-threads = 2; - msg-cache-size = "50m"; - rrset-cache-size = "100m"; - cache-min-ttl = 300; - cache-max-ttl = 86400; - prefetch = true; - prefetch-key = true; - hide-identity = true; - hide-version = true; - so-rcvbuf = "1m"; - so-sndbuf = "1m"; - - # LAN-only DNS records - local-zone = ''"baduhai.dev." transparent''; - local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') - (lib.filter (e: e ? lanIP) utils.services); - }; - - forward-zone = [ - { - name = "."; - forward-addr = [ - "1.1.1.1@853#cloudflare-dns.com" - "1.0.0.1@853#cloudflare-dns.com" - ]; - forward-tls-upstream = true; - } - ]; - }; - }; - - networking.firewall = { - allowedTCPPorts = [ 53 ]; - allowedUDPPorts = [ 53 ]; - }; -} diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix deleted file mode 100644 index 2335ee0..0000000 --- a/hosts/alexandria/vaultwarden.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in -{ - services.vaultwarden = { - enable = true; - config = { - DOMAIN = "https://pass.baduhai.dev"; - SIGNUPS_ALLOWED = false; - ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = 58222; - }; - }; - - services.nginx.virtualHosts = mkNginxVHosts { - domains."pass.baduhai.dev".locations."/".proxyPass = - "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; - }; -} diff --git a/hosts/io/boot.nix b/hosts/io/boot.nix deleted file mode 100644 index 326f7dc..0000000 --- a/hosts/io/boot.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - boot = { - # TODO check if future kernel versions fix boot issue with systemd initrd with tpm - initrd.systemd.tpm2.enable = false; - kernelParams = [ - "nosgx" - "i915.fastboot=1" - "mem_sleep_default=deep" - ]; - extraModprobeConfig = '' - options snd-intel-dspcfg dsp_driver=3 - ''; - }; -} diff --git a/hosts/io/disko.nix b/hosts/io/disko.nix deleted file mode 100644 index 4e6c9d5..0000000 --- a/hosts/io/disko.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.disko.nixosModules.default ]; - - disko.devices.disk.main = { - type = "disk"; - device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689"; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - start = "1MiB"; - end = "1GiB"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot/efi"; - mountOptions = [ - "noatime" - "fmask=0077" - "dmask=0077" - ]; - }; - }; - cryptroot = { - priority = 2; - name = "root"; - size = "100%"; - content = { - type = "luks"; - name = "cryptroot"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "@root" = { - mountpoint = "/"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@root" - ]; - }; - "@home" = { - mountpoint = "/home"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@home" - ]; - }; - "@nix" = { - mountpoint = "/nix"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@nix" - ]; - }; - "@persistent" = { - mountpoint = "/persistent"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@persistent" - ]; - }; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/io/hardware-configuration.nix b/hosts/io/hardware-configuration.nix deleted file mode 100644 index 8e4dae4..0000000 --- a/hosts/io/hardware-configuration.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - config, - lib, - modulesPath, - inputs, - ... -}: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - initrd = { - availableKernelModules = [ - "xhci_pci" - "ahci" - "usb_storage" - "sd_mod" - "sdhci_pci" - ]; - }; - kernelModules = [ "kvm-intel" ]; - }; - - zramSwap = { - enable = true; - memoryPercent = 100; - }; - - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - - networking.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/io/programs.nix b/hosts/io/programs.nix deleted file mode 100644 index e272d22..0000000 --- a/hosts/io/programs.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ pkgs, ... }: - -let - cml-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs { - wttsrc = pkgs.fetchFromGitHub { - owner = "WeirdTreeThing"; - repo = "chromebook-ucm-conf"; - rev = "b6ce2a7"; - hash = "sha256-QRUKHd3RQmg1tnZU8KCW0AmDtfw/daOJ/H3XU5qWTCc="; - }; - postInstall = '' - echo "v0.4.1" > $out/chromebook.patched - cp -R $wttsrc/{common,codecs,platforms} $out/share/alsa/ucm2 - cp -R $wttsrc/{cml,sof-rt5682} $out/share/alsa/ucm2/conf.d - ''; - }; -in - -{ - environment = { - systemPackages = with pkgs; [ - maliit-keyboard - sof-firmware - ]; - sessionVariables.ALSA_CONFIG_UCM2 = "${cml-ucm-conf}/share/alsa/ucm2"; - }; -} diff --git a/hosts/io/services.nix b/hosts/io/services.nix deleted file mode 100644 index df41a6f..0000000 --- a/hosts/io/services.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ pkgs, ... }: - -{ - services = { - keyd = { - enable = true; - keyboards.main = { - ids = [ "0001:0001" ]; - settings = { - main = { - meta = "overload(meta, esc)"; - f1 = "back"; - f2 = "forward"; - f3 = "refresh"; - f4 = "M-f11"; - f5 = "M-w"; - f6 = "brightnessdown"; - f7 = "brightnessup"; - f8 = "timeout(mute, 200, micmute)"; - f9 = "play"; - f10 = "timeout(nextsong, 200, previoussong)"; - f13 = "delete"; - "102nd" = "layer(function)"; - }; - shift = { - leftshift = "capslock"; - rightshift = "capslock"; - }; - function = { - escape = "f1"; - f1 = "f2"; - f2 = "f3"; - f3 = "f4"; - f4 = "f5"; - f5 = "f6"; - f6 = "f7"; - f7 = "f8"; - f8 = "f9"; - f9 = "f10"; - f10 = "f11"; - f13 = "f12"; - y = "sysrq"; - k = "home"; - l = "pageup"; - "," = "end"; - "." = "pagedown"; - }; - }; - }; - }; - upower.enable = true; - power-profiles-daemon.enable = true; - }; - - # TODO: remove once gmodena/nix-flatpak/issues/45 fixed - systemd.services."flatpak-managed-install" = { - serviceConfig = { - ExecStartPre = "${pkgs.coreutils}/bin/sleep 5"; - }; - }; -} diff --git a/hosts/modules/ai.nix b/hosts/modules/ai.nix deleted file mode 100644 index b80ac38..0000000 --- a/hosts/modules/ai.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ inputs, pkgs, ... }: - -{ - environment.systemPackages = - (with pkgs; [claude-desktop]) ++ - (with inputs.nix-ai-tools.packages.${pkgs.system}; [ - claude-code - claudebox - opencode - ]); -} diff --git a/hosts/modules/bluetooth.nix b/hosts/modules/bluetooth.nix deleted file mode 100644 index fb6a06a..0000000 --- a/hosts/modules/bluetooth.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: - -{ - hardware.bluetooth.enable = true; -} diff --git a/hosts/modules/common/boot.nix b/hosts/modules/common/boot.nix deleted file mode 100644 index fbba278..0000000 --- a/hosts/modules/common/boot.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, ... }: - -{ - boot = { - loader = { - timeout = 1; - efi.canTouchEfiVariables = true; - systemd-boot = { - enable = true; - editor = false; - consoleMode = "max"; - sortKey = "aa"; - netbootxyz = { - enable = true; - sortKey = "zz"; - }; - }; - }; - }; -} diff --git a/hosts/modules/common/console.nix b/hosts/modules/common/console.nix deleted file mode 100644 index 9cb99d4..0000000 --- a/hosts/modules/common/console.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - console = { - useXkbConfig = true; - earlySetup = true; - }; -} diff --git a/hosts/modules/common/firewall.nix b/hosts/modules/common/firewall.nix deleted file mode 100644 index 910e803..0000000 --- a/hosts/modules/common/firewall.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - networking = { - firewall.enable = true; - nftables.enable = true; - }; -} diff --git a/hosts/modules/common/locale.nix b/hosts/modules/common/locale.nix deleted file mode 100644 index 1171a32..0000000 --- a/hosts/modules/common/locale.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ ... }: - -{ - time.timeZone = "America/Bahia"; - - i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocaleSettings = { - LC_ADDRESS = "pt_BR.utf8"; - LC_COLLATE = "pt_BR.utf8"; - LC_IDENTIFICATION = "pt_BR.utf8"; - LC_MEASUREMENT = "pt_BR.utf8"; - LC_MONETARY = "pt_BR.utf8"; - LC_NAME = "pt_BR.utf8"; - LC_NUMERIC = "pt_BR.utf8"; - LC_PAPER = "pt_BR.utf8"; - LC_TELEPHONE = "pt_BR.utf8"; - LC_TIME = "en_IE.utf8"; - }; - }; -} diff --git a/hosts/modules/common/nix.nix b/hosts/modules/common/nix.nix deleted file mode 100644 index 5ef9c4c..0000000 --- a/hosts/modules/common/nix.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; - - nix = { - settings = { - auto-optimise-store = true; - connect-timeout = 10; - log-lines = 25; - min-free = 128000000; - max-free = 1000000000; - trusted-users = [ "@wheel" ]; - }; - extraOptions = "experimental-features = nix-command flakes"; - gc = { - automatic = true; - options = "--delete-older-than 8d"; - }; - }; - - nixpkgs.config = { - allowUnfree = true; - enableParallelBuilding = true; - buildManPages = false; - buildDocs = false; - }; - - services.nixos-cli = { - enable = true; - config = { - use_nvd = true; - ignore_dirty_tree = true; - }; - }; - - system.stateVersion = "22.11"; -} diff --git a/hosts/modules/common/openssh.nix b/hosts/modules/common/openssh.nix deleted file mode 100644 index df70bdd..0000000 --- a/hosts/modules/common/openssh.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: - -{ - services.openssh = { - enable = true; - settings.PermitRootLogin = "no"; - extraConfig = '' - PrintLastLog no - ''; - }; -} diff --git a/hosts/modules/common/programs.nix b/hosts/modules/common/programs.nix deleted file mode 100644 index fd10953..0000000 --- a/hosts/modules/common/programs.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ lib, pkgs, ... }: - -{ - environment = { - systemPackages = with pkgs; [ - ### Dev Tools ### - git - ### System Utilities ### - btop - fastfetch - helix - nixos-firewall-tool - nvd - sysz - tmux - wget - yazi - ]; - shellAliases = { - cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; - ls = "${lib.getExe pkgs.eza} --icons --group-directories-first"; - tree = "ls --tree"; - }; - }; - - programs = { - command-not-found.enable = false; - fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - if set -q SSH_CONNECTION - export TERM=xterm-256color - clear - fastfetch - end - ''; - }; - }; -} diff --git a/hosts/modules/common/security.nix b/hosts/modules/common/security.nix deleted file mode 100644 index 33d4953..0000000 --- a/hosts/modules/common/security.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: - -{ - security = { - unprivilegedUsernsClone = true; # Needed for rootless podman - sudo = { - wheelNeedsPassword = false; - extraConfig = '' - Defaults lecture = never - ''; - }; - }; -} diff --git a/hosts/modules/common/services.nix b/hosts/modules/common/services.nix deleted file mode 100644 index 89ac527..0000000 --- a/hosts/modules/common/services.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: - -{ - services = { - dbus.implementation = "broker"; - irqbalance.enable = true; - fstrim.enable = true; - }; -} diff --git a/hosts/modules/common/tailscale.nix b/hosts/modules/common/tailscale.nix deleted file mode 100644 index 98bea97..0000000 --- a/hosts/modules/common/tailscale.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - services.tailscale = { - enable = true; - extraUpFlags = [ "--operator=user" ]; - }; -} diff --git a/hosts/modules/common/users.nix b/hosts/modules/common/users.nix deleted file mode 100644 index 7dd6490..0000000 --- a/hosts/modules/common/users.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ pkgs, ... }: - -{ - users.users = { - user = { - isNormalUser = true; - shell = pkgs.fish; - extraGroups = [ - "networkmanager" - "wheel" - ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" - ]; - hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; - }; - root = { - shell = pkgs.fish; - hashedPassword = "!"; - }; - }; -} diff --git a/hosts/modules/desktop/boot.nix b/hosts/modules/desktop/boot.nix deleted file mode 100644 index 0ac4847..0000000 --- a/hosts/modules/desktop/boot.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ pkgs, ... }: - -{ - boot = { - plymouth.enable = true; - initrd.systemd.enable = true; - loader.efi.efiSysMountPoint = "/boot/efi"; - kernelPackages = pkgs.linuxPackages_xanmod_latest; - extraModprobeConfig = '' - options bluetooth disable_ertm=1 - ''; - kernel.sysctl = { - "net.ipv4.tcp_mtu_probing" = 1; - }; - kernelParams = [ - "quiet" - "splash" - "i2c-dev" - "i2c-piix4" - "loglevel=3" - "udev.log_priority=3" - "rd.udev.log_level=3" - "rd.systemd.show_status=false" - ]; - }; -} diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix deleted file mode 100644 index 7510c02..0000000 --- a/hosts/modules/desktop/desktop.nix +++ /dev/null @@ -1,163 +0,0 @@ -{ - config, - inputs, - lib, - pkgs, - ... -}: - -{ - imports = [ - inputs.niri-flake.nixosModules.niri - inputs.nix-flatpak.nixosModules.nix-flatpak - ]; - - environment = { - sessionVariables = { - KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir - NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland - }; - systemPackages = with pkgs; [ - ### Web ### - bitwarden-desktop - fragments - nextcloud-client - tor-browser - vesktop - inputs.zen-browser.packages."${system}".default - ### Office & Productivity ### - aspell - aspellDicts.de - aspellDicts.en - aspellDicts.en-computers - aspellDicts.pt_BR - papers - presenterm - rnote - ### Graphics & Design ### - gimp - inkscape - plasticity - ### System Utilities ### - adwaita-icon-theme - ghostty - gnome-disk-utility - junction - libfido2 - mission-center - nautilus - p7zip - rclone - toggleaudiosink - unrar - ### Media ### - decibels - loupe - obs-studio - showtime - ]; - }; - - services = { - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - wireplumber.enable = true; - }; - greetd = { - enable = true; - settings = { - default_session = { - command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; - user = "greeter"; - }; - } - // lib.optionalAttrs (config.networking.hostName == "io") { - initial_session = { - command = "${config.programs.niri.package}/bin/niri-session"; - user = "user"; - }; - }; - }; - flatpak = { - enable = true; - packages = [ - ### Office & Productivity ### - "com.collabora.Office" - ### Graphics & Design ### - "com.boxy_svg.BoxySVG" - rec { - appId = "io.github.softfever.OrcaSlicer"; - sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; - bundle = "${pkgs.fetchurl { - url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; - inherit sha256; - }}"; - } - ### System Utilities ### - "com.github.tchx84.Flatseal" - "com.rustdesk.RustDesk" - ]; - uninstallUnmanaged = true; - update.auto.enable = true; - }; - gvfs.enable = true; - }; - - security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority - - users = { - users.greeter = { - isSystemUser = true; - group = "greeter"; - }; - groups.greeter = { }; - }; - - programs = { - niri = { - enable = true; - package = inputs.niri.packages.${pkgs.system}.niri; - }; - kdeconnect = { - enable = true; - package = pkgs.valent; - }; - dconf.enable = true; - appimage = { - enable = true; - binfmt = true; - }; - }; - - niri-flake.cache.enable = false; - - fonts = { - fontDir.enable = true; - packages = with pkgs; [ - corefonts - inter - nerd-fonts.fira-code - noto-fonts-cjk-sans - noto-fonts-color-emoji - roboto - ]; - }; - - xdg.portal = { - extraPortals = with pkgs; [ - xdg-desktop-portal-gnome - xdg-desktop-portal-gtk - ]; - config = { - common.default = "*"; - niri.default = [ - "gtk" - "gnome" - ]; - }; - }; -} diff --git a/hosts/modules/desktop/nix.nix b/hosts/modules/desktop/nix.nix deleted file mode 100644 index 54a3549..0000000 --- a/hosts/modules/desktop/nix.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ inputs, ... }: - -{ - environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; - - nix = { - registry.nixpkgs.flake = inputs.nixpkgs; - nixPath = [ - "nixpkgs=${inputs.nixpkgs}" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - }; -} diff --git a/hosts/modules/desktop/services.nix b/hosts/modules/desktop/services.nix deleted file mode 100644 index 66b78f1..0000000 --- a/hosts/modules/desktop/services.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ pkgs, ... }: - -{ - services = { - printing.enable = true; - udev.packages = with pkgs; [ yubikey-personalization ]; - keyd = { - enable = true; - keyboards.all = { - ids = [ "*" ]; - settings.main.capslock = "overload(meta, esc)"; - }; - }; - }; -} diff --git a/hosts/modules/dev.nix b/hosts/modules/dev.nix deleted file mode 100644 index d9c31f7..0000000 --- a/hosts/modules/dev.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ pkgs, ... }: - -{ - environment.systemPackages = with pkgs; [ - android-tools - bat - lazygit - fd - fzf - glow - nixfmt - nix-init - nix-output-monitor - ripgrep - ]; - - users.users.user.extraGroups = [ "adbusers" ]; -} diff --git a/hosts/modules/ephemeral.nix b/hosts/modules/ephemeral.nix deleted file mode 100644 index e962a89..0000000 --- a/hosts/modules/ephemeral.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ config, inputs, ... }: - -{ - imports = [ - inputs.impermanence.nixosModules.impermanence - inputs.self.nixosModules.ephemeral - ]; - - ephemeral = { - enable = true; - rootDevice = - if config.networking.hostName == "trantor" then - "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2" - else - "/dev/mapper/cryptroot"; - rootSubvolume = "@root"; - }; - - fileSystems."/persistent".neededForBoot = true; - - environment.persistence.main = { - persistentStoragePath = "/persistent"; - files = [ - "/etc/machine-id" - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_rsa_key.pub" - ]; - directories = [ - "/etc/NetworkManager/system-connections" - "/etc/nixos" - "/var/lib/bluetooth" - "/var/lib/flatpak" - "/var/lib/lxd" - "/var/lib/nixos" - "/var/lib/systemd/coredump" - "/var/lib/systemd/timers" - "/var/lib/tailscale" - "/var/log" - ]; - }; -} diff --git a/hosts/modules/fwupd.nix b/hosts/modules/fwupd.nix deleted file mode 100644 index 52dc13e..0000000 --- a/hosts/modules/fwupd.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: - -{ - services.fwupd.enable = true; -} diff --git a/hosts/modules/gaming.nix b/hosts/modules/gaming.nix deleted file mode 100644 index 0f00fe3..0000000 --- a/hosts/modules/gaming.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ pkgs, ... }: - -{ - environment.systemPackages = with pkgs; [ - clonehero - heroic - mangohud - prismlauncher - steam-run - ]; - - programs = { - steam = { - enable = true; - extraCompatPackages = [ pkgs.proton-ge-bin ]; - }; - gamemode.enable = true; - }; - - hardware = { - xpadneo.enable = true; - steam-hardware.enable = true; # Allow steam client to manage controllers - graphics.enable32Bit = true; # For OpenGL games - }; - - services.flatpak.packages = [ - "com.github.k4zmu2a.spacecadetpinball" - "com.steamgriddb.SGDBoop" - "io.github.Foldex.AdwSteamGtk" - "io.itch.itch" - "io.mrarm.mcpelauncher" - "net.retrodeck.retrodeck" - "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08" - rec { - appId = "com.hypixel.HytaleLauncher"; - sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv"; - bundle = "${pkgs.fetchurl { - url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak"; - inherit sha256; - }}"; - } - ]; -} diff --git a/hosts/modules/libvirtd.nix b/hosts/modules/libvirtd.nix deleted file mode 100644 index 6bd154f..0000000 --- a/hosts/modules/libvirtd.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ ... }: - -{ - virtualisation = { - libvirtd.enable = true; - spiceUSBRedirection.enable = true; - }; - - programs.virt-manager.enable = true; - - networking.firewall.trustedInterfaces = [ "virbr0" ]; - - users.users.user.extraGroups = [ - "libvirt" - "libvirtd" - ]; -} diff --git a/hosts/modules/networkmanager.nix b/hosts/modules/networkmanager.nix deleted file mode 100644 index 7634116..0000000 --- a/hosts/modules/networkmanager.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ ... }: - -{ - networking.networkmanager = { - enable = true; - wifi.backend = "iwd"; - }; - - users.users.user.extraGroups = [ "networkmanager" ]; -} diff --git a/hosts/modules/podman.nix b/hosts/modules/podman.nix deleted file mode 100644 index 99018cc..0000000 --- a/hosts/modules/podman.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ pkgs, ... }: - -{ - virtualisation.podman = { - enable = true; - autoPrune.enable = true; - extraPackages = [ pkgs.podman-compose ]; - }; - - systemd = { - services.podman-auto-update.enable = true; - timers.podman-auto-update.enable = true; - }; -} diff --git a/hosts/modules/server/boot.nix b/hosts/modules/server/boot.nix deleted file mode 100644 index 5d6e482..0000000 --- a/hosts/modules/server/boot.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ pkgs, ... }: - -{ - boot.kernelPackages = pkgs.linuxPackages_hardened; -} diff --git a/hosts/modules/server/nix.nix b/hosts/modules/server/nix.nix deleted file mode 100644 index af57cae..0000000 --- a/hosts/modules/server/nix.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ inputs, ... }: - -{ - environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; - - nix = { - registry.nixpkgs.flake = inputs.nixpkgs-stable; - nixPath = [ - "nixpkgs=/etc/channels/nixpkgs" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - }; -} diff --git a/hosts/modules/server/tailscale.nix b/hosts/modules/server/tailscale.nix deleted file mode 100644 index 1f105ba..0000000 --- a/hosts/modules/server/tailscale.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: - -{ - services.tailscale = { - extraSetFlags = [ "--advertise-exit-node" ]; - useRoutingFeatures = "server"; - }; - - boot.kernel.sysctl = { - "net.ipv4.ip_forward" = 1; - "net.ipv6.conf.all.forwarding" = 1; - }; -} diff --git a/hosts/rotterdam/boot.nix b/hosts/rotterdam/boot.nix deleted file mode 100644 index d038ede..0000000 --- a/hosts/rotterdam/boot.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ pkgs, ... }: - -let - qubesnsh = pkgs.writeTextFile { - name = "qubes.nsh"; - text = "HD1f65535a1:EFI\\qubes\\grubx64.efi"; - }; -in - -{ - boot = { - kernelParams = [ - "processor.max_cstate=1" # Fixes bug where ryzen cpus freeze when in highest C state - "clearcpuid=514" - "amdgpu.ppfeaturemask=0xfffd3fff" # Fixes amdgpu freezing - ]; - # QubesOS boot entry - loader.systemd-boot = { - extraFiles = { - "efi/edk2-shell/shell.efi" = "${pkgs.edk2-uefi-shell}/shell.efi"; - "qubes.nsh" = qubesnsh; - }; - extraEntries."qubes.conf" = '' - title Qubes OS - efi /efi/edk2-shell/shell.efi - options -nointerrupt qubes.nsh - sort-key ab - ''; - }; - }; -} diff --git a/hosts/rotterdam/hardware-configuration.nix b/hosts/rotterdam/hardware-configuration.nix deleted file mode 100644 index 169c53f..0000000 --- a/hosts/rotterdam/hardware-configuration.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ - config, - lib, - modulesPath, - ... -}: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - initrd = { - availableKernelModules = [ - "amdgpu" - "nvme" - "xhci_pci" - "ahci" - "usbhid" - "sd_mod" - ]; - luks.devices."cryptroot" = { - device = "/dev/disk/by-uuid/f7dd4142-7109-4493-834d-4a831777f08d"; - keyFile = "/dev/disk/by-partuuid/add5fc14-e20f-48be-8b2a-0799ef04d3cb"; - }; - }; - kernelModules = [ "kvm-amd" ]; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; - fsType = "btrfs"; - options = [ - "subvol=@root" - "noatime" - "compress=zstd" - ]; - }; - "/home" = { - device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; - fsType = "btrfs"; - options = [ - "subvol=@home" - "noatime" - "compress=zstd" - ]; - }; - "/boot/efi" = { - device = "/dev/disk/by-uuid/F2A2-CF5A"; - fsType = "vfat"; - options = [ - "noatime" - "fmask=0077" - "dmask=0077" - ]; - }; - "/nix" = { - device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; - fsType = "btrfs"; - options = [ - "subvol=@nix" - "noatime" - "compress=zstd" - ]; - }; - "/persistent" = { - device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; - fsType = "btrfs"; - options = [ - "subvol=@persistent" - "noatime" - "compress=zstd" - ]; - }; - }; - - networking.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/rotterdam/hardware.nix b/hosts/rotterdam/hardware.nix deleted file mode 100644 index 6f76e99..0000000 --- a/hosts/rotterdam/hardware.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: - -{ - hardware = { - amdgpu.opencl.enable = true; - graphics.extraPackages = with pkgs; [ rocmPackages.clr.icd ]; - }; -} diff --git a/hosts/rotterdam/programs.nix b/hosts/rotterdam/programs.nix deleted file mode 100644 index b4dcfd9..0000000 --- a/hosts/rotterdam/programs.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ pkgs, ... }: - -let - reboot-into-qubes = pkgs.makeDesktopItem { - name = "reboot-into-qubes"; - icon = pkgs.fetchurl { - url = "https://raw.githubusercontent.com/vinceliuice/Qogir-icon-theme/31f267e1f5fd4e9596bfd78dfb41a03d3a9f33ee/src/scalable/apps/distributor-logo-qubes.svg"; - sha256 = "sha256-QbHr7s5Wcs7uFtfqZctMyS0iDbMfiiZOKy2nHhDOfn0="; - }; - desktopName = "Qubes OS"; - genericName = "Reboot into Qubes OS"; - categories = [ "System" ]; - startupNotify = true; - exec = pkgs.writeShellScript "reboot-into-qubes" '' - ${pkgs.yad}/bin/yad --form \ - --title="Qubes OS" \ - --image distributor-logo-qubes \ - --text "Are you sure you want to reboot into Qubes OS?" \ - --button="Yes:0" --button="Cancel:1" - if [ $? -eq 0 ]; then - systemctl reboot --boot-loader-entry=qubes.conf - fi - ''; - }; -in - -{ - environment.systemPackages = [ reboot-into-qubes ]; - - programs.steam.dedicatedServer.openFirewall = true; -} diff --git a/hosts/rotterdam/services.nix b/hosts/rotterdam/services.nix deleted file mode 100644 index 0bf276f..0000000 --- a/hosts/rotterdam/services.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - services.keyd = { - enable = true; - keyboards.main = { - ids = [ "5653:0001" ]; - settings.main = { - esc = "overload(meta, esc)"; - }; - }; - }; -} diff --git a/hosts/trantor/boot.nix b/hosts/trantor/boot.nix deleted file mode 100644 index 0498818..0000000 --- a/hosts/trantor/boot.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - boot = { - initrd.systemd.enable = true; - loader.efi.efiSysMountPoint = "/boot/efi"; - }; -} diff --git a/hosts/trantor/disko.nix b/hosts/trantor/disko.nix deleted file mode 100644 index 0e47058..0000000 --- a/hosts/trantor/disko.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.disko.nixosModules.default ]; - - disko.devices.disk.main = { - type = "disk"; - device = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20"; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - start = "1MiB"; - end = "512MiB"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot/efi"; - mountOptions = [ - "noatime" - "fmask=0077" - "dmask=0077" - ]; - }; - }; - root = { - priority = 2; - name = "root"; - size = "100%"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "@root" = { - mountpoint = "/"; - mountOptions = [ - "noatime" - "compress=zstd" - ]; - }; - "@nix" = { - mountpoint = "/nix"; - mountOptions = [ - "noatime" - "compress=zstd" - ]; - }; - "@persistent" = { - mountpoint = "/persistent"; - mountOptions = [ - "noatime" - "compress=zstd" - ]; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/trantor/fail2ban.nix b/hosts/trantor/fail2ban.nix deleted file mode 100644 index bc05139..0000000 --- a/hosts/trantor/fail2ban.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, pkgs, ... }: - -{ - services.fail2ban = { - enable = true; - maxretry = 5; - ignoreIP = [ - "127.0.0.0/8" - "::1" - "10.0.0.0/8" - "172.16.0.0/12" - "192.168.0.0/16" - "100.64.0.0/10" - ]; - bantime = "1h"; - bantime-increment = { - enable = true; - multipliers = "1 2 4 8 16 32 64"; - maxtime = "10000h"; - overalljails = true; - }; - }; -} diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix deleted file mode 100644 index fdfa64a..0000000 --- a/hosts/trantor/forgejo.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in - -{ - services = { - forgejo = { - enable = true; - settings = { - session.COOKIE_SECURE = true; - server = { - PROTOCOL = "http+unix"; - DOMAIN = "git.baduhai.dev"; - ROOT_URL = "https://git.baduhai.dev"; - OFFLINE_MODE = true; # disable use of CDNs - SSH_DOMAIN = "git.baduhai.dev"; - }; - log.LEVEL = "Warn"; - mailer.ENABLED = false; - actions.ENABLED = false; - service.DISABLE_REGISTRATION = true; - oauth2_client = { - ENABLE_AUTO_REGISTRATION = true; - UPDATE_AVATAR = true; - ACCOUNT_LINKING = "login"; - USERNAME = "preferred_username"; - }; - }; - }; - nginx.virtualHosts = mkNginxVHosts { - domains."git.baduhai.dev".locations."/".proxyPass = - "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; - }; - fail2ban.jails.forgejo = { - settings = { - enabled = true; - filter = "forgejo"; - maxretry = 3; - findtime = "10m"; - bantime = "1h"; - }; - }; - }; - - environment = { - etc."fail2ban/filter.d/forgejo.conf".text = '' - [Definition] - failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from - ignoreregex = - journalmatch = _SYSTEMD_UNIT=forgejo.service - ''; - - persistence.main.directories = [ - { - directory = config.services.forgejo.stateDir; - inherit (config.services.forgejo) user group; - mode = "0700"; - } - ]; - }; - - # Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories - systemd.services.forgejo.serviceConfig.PrivateMounts = lib.mkForce false; -} diff --git a/hosts/trantor/hardware-configuration.nix b/hosts/trantor/hardware-configuration.nix deleted file mode 100644 index 039129e..0000000 --- a/hosts/trantor/hardware-configuration.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - lib, - modulesPath, - ... -}: - -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - boot.initrd.availableKernelModules = [ - "xhci_pci" - "virtio_pci" - "virtio_scsi" - "usbhid" - ]; - - networking.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; -} diff --git a/hosts/trantor/networking.nix b/hosts/trantor/networking.nix deleted file mode 100644 index 4dcbe1e..0000000 --- a/hosts/trantor/networking.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - networking = { - firewall = { - allowedTCPPorts = [ 25566 ]; - allowedUDPPorts = [ 25566 ]; - }; - }; -} diff --git a/hosts/trantor/nginx.nix b/hosts/trantor/nginx.nix deleted file mode 100644 index 56eed7c..0000000 --- a/hosts/trantor/nginx.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts services; - - # Get all unique domains from shared services on trantor (host = "trantor") - localDomains = lib.unique ( - map (s: s.domain) (lib.filter (s: s.host == "trantor") services) - ); - - # Generate ACME cert configs for all local domains - acmeCerts = lib.genAttrs localDomains (domain: { - group = "nginx"; - }); -in - -{ - security.acme = { - acceptTerms = true; - defaults = { - email = "baduhai@proton.me"; - dnsResolver = "1.1.1.1:53"; - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets.cloudflare.path; - }; - certs = acmeCerts; - }; - - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts = { - "_" = { - default = true; - locations."/".return = "444"; - }; - }; - }; - - users.users.nginx.extraGroups = [ "acme" ]; - - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; - - age.secrets.cloudflare = { - file = ../../secrets/cloudflare.age; - owner = "nginx"; - group = "nginx"; - }; -} diff --git a/hosts/trantor/openssh.nix b/hosts/trantor/openssh.nix deleted file mode 100644 index 704b3df..0000000 --- a/hosts/trantor/openssh.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ ... }: - -{ - services = { - openssh = { - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; - fail2ban.jails.sshd = { - settings = { - enabled = true; - port = "ssh"; - filter = "sshd"; - logpath = "/var/log/auth.log"; - maxretry = 3; - findtime = "10m"; - bantime = "1h"; - }; - }; - }; -} diff --git a/hosts/trantor/unbound.nix b/hosts/trantor/unbound.nix deleted file mode 100644 index 46808c6..0000000 --- a/hosts/trantor/unbound.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ inputs, lib, ... }: - -let - utils = import ../../utils.nix { inherit inputs lib; }; -in - -{ - services.unbound = { - enable = true; - enableRootTrustAnchor = true; - settings = { - server = { - interface = [ - "0.0.0.0" - "::" - ]; - access-control = [ - "127.0.0.0/8 allow" - "100.64.0.0/10 allow" # Tailscale CGNAT range - "::1/128 allow" - "fd7a:115c:a1e0::/48 allow" # Tailscale IPv6 - ]; - - num-threads = 2; - msg-cache-size = "50m"; - rrset-cache-size = "100m"; - cache-min-ttl = 300; - cache-max-ttl = 86400; - prefetch = true; - prefetch-key = true; - hide-identity = true; - hide-version = true; - so-rcvbuf = "1m"; - so-sndbuf = "1m"; - - # Tailnet DNS records from shared services - local-zone = ''"baduhai.dev." transparent''; - local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') utils.services; - }; - - forward-zone = [ - { - name = "."; - forward-addr = [ - "1.1.1.1@853#cloudflare-dns.com" - "1.0.0.1@853#cloudflare-dns.com" - ]; - forward-tls-upstream = true; - } - ]; - }; - }; - - networking.firewall = { - allowedTCPPorts = [ 53 ]; - allowedUDPPorts = [ 53 ]; - }; -} diff --git a/modules/ephemeral.nix b/modules/ephemeral.nix deleted file mode 100644 index 7403aac..0000000 --- a/modules/ephemeral.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ lib, config, ... }: - -let - cfg = config.ephemeral; -in -{ - options.ephemeral = { - enable = lib.mkEnableOption "ephemeral root with automatic rollback"; - - rootDevice = lib.mkOption { - type = lib.types.str; - example = "/dev/mapper/cryptroot"; - description = "Device path for the root btrfs filesystem"; - }; - - rootSubvolume = lib.mkOption { - type = lib.types.str; - example = "@root"; - description = "Name of the root btrfs subvolume"; - }; - - oldRootRetentionDays = lib.mkOption { - type = lib.types.int; - default = 30; - description = "Number of days to keep old root snapshots before deletion"; - }; - }; - - config = lib.mkIf cfg.enable { - boot.initrd.systemd.services.recreate-root = { - description = "Rolling over and creating new filesystem root"; - requires = [ "initrd-root-device.target" ]; - after = [ - "local-fs-pre.target" - "initrd-root-device.target" - ]; - requiredBy = [ "initrd-root-fs.target" ]; - before = [ "sysroot.mount" ]; - unitConfig = { - AssertPathExists = "/etc/initrd-release"; - DefaultDependencies = false; - }; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - set -euo pipefail - - mkdir /btrfs_tmp - if ! mount ${cfg.rootDevice} /btrfs_tmp; then - echo "ERROR: Failed to mount ${cfg.rootDevice}" - exit 1 - fi - - if [[ -e /btrfs_tmp/${cfg.rootSubvolume} ]]; then - mkdir -p /btrfs_tmp/old_roots - timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/${cfg.rootSubvolume})" "+%Y-%m-%-d_%H:%M:%S") - mv /btrfs_tmp/${cfg.rootSubvolume} "/btrfs_tmp/old_roots/$timestamp" - fi - - delete_subvolume_recursively() { - IFS=$'\n' - for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do - delete_subvolume_recursively "/btrfs_tmp/$i" - done - btrfs subvolume delete "$1" - } - - for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +${toString cfg.oldRootRetentionDays}); do - delete_subvolume_recursively "$i" - done - - if ! btrfs subvolume create /btrfs_tmp/${cfg.rootSubvolume}; then - echo "ERROR: Failed to create subvolume ${cfg.rootSubvolume}" - umount /btrfs_tmp - exit 1 - fi - - umount /btrfs_tmp - ''; - }; - }; -} diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix deleted file mode 100644 index 8367438..0000000 --- a/nixosConfigurations.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ inputs, ... }: -let - lib = inputs.nixpkgs.lib; - utils = import ./utils.nix { inherit inputs lib; }; - inherit (utils) mkHost; -in -{ - flake.nixosConfigurations = { - rotterdam = mkHost { - hostname = "rotterdam"; - tags = [ - "desktop" - "ai" - "bluetooth" - "dev" - "ephemeral" - "fwupd" - "gaming" - "libvirtd" - "networkmanager" - "podman" - ]; - }; - - io = mkHost { - hostname = "io"; - tags = [ - "desktop" - "ai" - "bluetooth" - "dev" - "ephemeral" - "libvirtd" - "networkmanager" - "podman" - ]; - }; - - alexandria = mkHost { - hostname = "alexandria"; - tags = [ - "server" - "fwupd" - ]; - }; - - trantor = mkHost { - hostname = "trantor"; - system = "aarch64-linux"; - tags = [ - "server" - "ephemeral" - ]; - }; - }; -} diff --git a/nixosModules.nix b/nixosModules.nix deleted file mode 100644 index 5fd416b..0000000 --- a/nixosModules.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: - -{ - flake.nixosModules = { - ephemeral = import ./modules/ephemeral.nix; - }; -} diff --git a/shared/services.nix b/shared/services.nix deleted file mode 100644 index 1173b3b..0000000 --- a/shared/services.nix +++ /dev/null @@ -1,43 +0,0 @@ -# Shared service definitions for cross-host configuration -{ - # Host IP definitions - hosts = { - alexandria = { - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - }; - trantor = { - tailscaleIP = "100.108.5.90"; - }; - }; - - # Service definitions - IPs are inherited from host - services = [ - { - name = "kanidm"; - domain = "auth.baduhai.dev"; - host = "alexandria"; - } - { - name = "vaultwarden"; - domain = "pass.baduhai.dev"; - host = "alexandria"; - } - { - name = "forgejo"; - domain = "git.baduhai.dev"; - host = "trantor"; - public = true; - } - { - name = "nextcloud"; - domain = "cloud.baduhai.dev"; - host = "alexandria"; - } - { - name = "jellyfin"; - domain = "jellyfin.baduhai.dev"; - host = "alexandria"; - } - ]; -} diff --git a/users/modules/btop.nix b/users/modules/btop.nix deleted file mode 100644 index c19c4bb..0000000 --- a/users/modules/btop.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ pkgs, ... }: - -{ - programs.btop = { - enable = true; - settings = { - theme_background = false; - proc_sorting = "cpu direct"; - update_ms = 500; - }; - }; -} \ No newline at end of file diff --git a/users/modules/comma.nix b/users/modules/comma.nix deleted file mode 100644 index 0aad530..0000000 --- a/users/modules/comma.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.nix-index-database.homeModules.nix-index ]; - - programs.nix-index-database.comma.enable = true; -} diff --git a/users/modules/common/bash.nix b/users/modules/common/bash.nix deleted file mode 100644 index a5a0823..0000000 --- a/users/modules/common/bash.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: - -{ - programs.bash = { - enable = true; - historyFile = "~/.cache/bash_history"; - }; -} \ No newline at end of file diff --git a/users/modules/common/fish.nix b/users/modules/common/fish.nix deleted file mode 100644 index c753297..0000000 --- a/users/modules/common/fish.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ pkgs, lib, ... }: - -{ - programs.fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - ${lib.getExe pkgs.nix-your-shell} fish | source - ''; - loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; - plugins = [ - { - name = "bang-bang"; - src = pkgs.fetchFromGitHub { - owner = "oh-my-fish"; - repo = "plugin-bang-bang"; - rev = "f969c618301163273d0a03d002614d9a81952c1e"; - sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; - }; - } - { - name = "z"; - src = pkgs.fetchFromGitHub { - owner = "jethrokuan"; - repo = "z"; - rev = "067e867debee59aee231e789fc4631f80fa5788e"; - sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU="; - }; - } - ]; - }; -} diff --git a/users/modules/common/hm-cli.nix b/users/modules/common/hm-cli.nix deleted file mode 100644 index d2ed715..0000000 --- a/users/modules/common/hm-cli.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, ... }: - -{ - home = { - packages = with pkgs; [ hm-cli ]; - sessionVariables = { - HM_PATH = "/etc/nixos"; - }; - }; -} diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix deleted file mode 100644 index fd3d306..0000000 --- a/users/modules/desktop/desktop.nix +++ /dev/null @@ -1,134 +0,0 @@ -{ - inputs, - pkgs, - ... -}: - -{ - imports = [ inputs.vicinae.homeManagerModules.default ]; - - fonts.fontconfig.enable = true; - - home.packages = with pkgs; [ xwayland-satellite ]; - - services.vicinae = { - enable = true; - systemd = { - enable = true; - autoStart = true; - }; - }; - - programs = { - ghostty = { - enable = true; - settings = { - cursor-style = "block"; - shell-integration-features = "no-cursor"; - cursor-style-blink = false; - custom-shader = "${builtins.fetchurl { - url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; - sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; - }}"; - bell-features = ""; - gtk-titlebar-style = "tabs"; - keybind = [ "shift+enter=text:\\x1b\\r" ]; - }; - }; - - password-store = { - enable = true; - package = pkgs.pass-wayland; - }; - }; - - xdg = { - enable = true; - userDirs.enable = true; - mimeApps = { - enable = true; - defaultApplications = { - "text/html" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/http" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/https" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/about" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/unknown" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "image/jpeg" = "org.gnome.Loupe.desktop"; - "image/png" = "org.gnome.Loupe.desktop"; - "image/gif" = "org.gnome.Loupe.desktop"; - "image/webp" = "org.gnome.Loupe.desktop"; - "image/bmp" = "org.gnome.Loupe.desktop"; - "image/svg+xml" = "org.gnome.Loupe.desktop"; - "image/tiff" = "org.gnome.Loupe.desktop"; - "video/mp4" = "io.bassi.Showtime.desktop"; - "video/x-matroska" = "io.bassi.Showtime.desktop"; - "video/webm" = "io.bassi.Showtime.desktop"; - "video/mpeg" = "io.bassi.Showtime.desktop"; - "video/x-msvideo" = "io.bassi.Showtime.desktop"; - "video/quicktime" = "io.bassi.Showtime.desktop"; - "video/x-flv" = "io.bassi.Showtime.desktop"; - "audio/mpeg" = "io.bassi.Showtime.desktop"; - "audio/flac" = "io.bassi.Showtime.desktop"; - "audio/ogg" = "io.bassi.Showtime.desktop"; - "audio/wav" = "io.bassi.Showtime.desktop"; - "audio/mp4" = "io.bassi.Showtime.desktop"; - "audio/x-opus+ogg" = "io.bassi.Showtime.desktop"; - "application/pdf" = [ - "org.gnome.Papers.desktop" - "zen-browser.desktop" - ]; - "text/plain" = "Helix.desktop"; - "text/markdown" = "Helix.desktop"; - "text/x-log" = "Helix.desktop"; - "application/x-shellscript" = "Helix.desktop"; - "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = - "com.collabora.Office.desktop"; # DOCX - "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = - "com.collabora.Office.desktop"; # XLSX - "application/vnd.openxmlformats-officedocument.presentationml.presentation" = - "com.collabora.Office.desktop"; # PPTX - "application/vnd.oasis.opendocument.text" = "com.collabora.Office.desktop"; # ODT - "application/vnd.oasis.opendocument.spreadsheet" = "com.collabora.Office.desktop"; # ODS - "application/vnd.oasis.opendocument.presentation" = "com.collabora.Office.desktop"; # ODP - "application/msword" = "com.collabora.Office.desktop"; # DOC - "application/vnd.ms-excel" = "com.collabora.Office.desktop"; # XLS - "application/vnd.ms-powerpoint" = "com.collabora.Office.desktop"; # PPT - "application/zip" = "org.gnome.FileRoller.desktop"; - "application/x-tar" = "org.gnome.FileRoller.desktop"; - "application/x-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-bzip-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-xz-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-7z-compressed" = "org.gnome.FileRoller.desktop"; - "application/x-rar" = "org.gnome.FileRoller.desktop"; - "application/gzip" = "org.gnome.FileRoller.desktop"; - "application/x-bzip" = "org.gnome.FileRoller.desktop"; - "inode/directory" = "org.gnome.Nautilus.desktop"; - }; - }; - }; - - # Set Ghostty as default terminal - home.sessionVariables = { - TERMINAL = "ghostty"; - }; -} diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix deleted file mode 100644 index 58a7aaf..0000000 --- a/users/modules/desktop/niri.nix +++ /dev/null @@ -1,225 +0,0 @@ -{ - inputs, - lib, - pkgs, - hostname ? null, - ... -}: - -let - isRotterdam = hostname == "rotterdam"; -in - -{ - imports = [ inputs.noctalia.homeModules.default ]; - - services.kanshi = { - enable = true; - settings = [ - { - profile.name = "default"; - profile.outputs = [ - { - criteria = "*"; - scale = 1.0; - } - ]; - } - ]; - }; - - home = { - packages = with pkgs; [ - xwayland-satellite - inputs.noctalia.packages.${pkgs.system}.default - ]; - sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; - }; - - xdg.configFile."niri/config.kdl".text = '' - input { - keyboard { - xkb { - layout "us" - variant "altgr-intl" - } - } - touchpad { - tap - dwt - drag true - drag-lock - natural-scroll - accel-speed 0.2 - accel-profile "flat" - scroll-method "two-finger" - middle-emulation - } - mouse { - natural-scroll - accel-speed 0.2 - accel-profile "flat" - } - warp-mouse-to-focus mode="center-xy" - focus-follows-mouse - } - - layout { - gaps 8 - center-focused-column "never" - auto-center-when-space-available - preset-column-widths { - ${ - if isRotterdam then - '' - proportion 0.33333 - proportion 0.5 - proportion 0.66667 - '' - else - '' - proportion 0.5 - proportion 1.0 - '' - } - } - default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } - focus-ring { - off - } - border { - width 4 - active-color "#ffc87f" - inactive-color "#505050" - urgent-color "#9b0000" - } - tab-indicator { - width 4 - gap 4 - place-within-column - } - } - - overview { - zoom 0.65 - } - - spawn-at-startup "noctalia-shell" "-d" - layer-rule { - match namespace="^noctalia-overview*" - place-within-backdrop true - } - - hotkey-overlay { - skip-at-startup - } - - prefer-no-csd - screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" - - animations { - slowdown 0.3 - } - - window-rule { - match app-id="zen" - default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; } - } - - window-rule { - geometry-corner-radius 12 - clip-to-geometry true - } - - config-notification { - disable-failed - } - - binds { - Alt+Space repeat=false { spawn "vicinae" "toggle"; } - XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; } - XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; } - XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; } - XF86MonBrightnessUp allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "increase"; } - XF86MonBrightnessDown allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "decrease"; } - XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; } - XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } - XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } - XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } - Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; } - Mod+Shift+L repeat=false { spawn "noctalia-shell" "ipc" "call" "lockScreen" "lock"; } - Mod+Return { spawn "ghostty"; } - Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } - Mod+W repeat=false { toggle-overview; } - Mod+Q { close-window; } - Alt+Shift+Q { close-window;} - Mod+Shift+Q { close-window; } - Alt+F4 { close-window; } - Mod+Left { focus-column-left; } - Mod+Down { focus-window-or-workspace-down; } - Mod+Up { focus-window-or-workspace-up; } - Mod+Right { focus-column-right; } - Mod+H { focus-column-left; } - Mod+L { focus-column-right; } - Mod+J { focus-window-or-workspace-down; } - Mod+K { focus-window-or-workspace-up; } - Mod+Ctrl+Left { move-column-left; } - Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } - Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } - Mod+Ctrl+Right { move-column-right; } - Mod+Ctrl+H { move-column-left; } - Mod+Ctrl+J { move-window-down-or-to-workspace-down; } - Mod+Ctrl+K { move-window-up-or-to-workspace-up; } - Mod+Ctrl+L { move-column-right; } - Mod+Home { focus-column-first; } - Mod+End { focus-column-last; } - Mod+Ctrl+Home { move-column-to-first; } - Mod+Ctrl+End { move-column-to-last; } - Mod+Alt+Left { focus-monitor-left; } - Mod+Alt+Down { focus-monitor-down; } - Mod+Alt+Up { focus-monitor-up; } - Mod+Alt+Right { focus-monitor-right; } - Mod+Alt+H { focus-monitor-left; } - Mod+Alt+J { focus-monitor-down; } - Mod+Alt+K { focus-monitor-up; } - Mod+Alt+L { focus-monitor-right; } - Mod+Alt+Ctrl+Left { move-column-to-monitor-left; } - Mod+Alt+Ctrl+Down { move-column-to-monitor-down; } - Mod+Alt+Ctrl+Up { move-column-to-monitor-up; } - Mod+Alt+Ctrl+Right { move-column-to-monitor-right; } - Mod+Alt+Ctrl+H { move-column-to-monitor-left; } - Mod+Alt+Ctrl+J { move-column-to-monitor-down; } - Mod+Alt+Ctrl+K { move-column-to-monitor-up; } - Mod+Alt+Ctrl+L { move-column-to-monitor-right; } - Mod+Ctrl+U { move-workspace-down; } - Mod+Ctrl+I { move-workspace-up; } - Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; } - Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; } - Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; } - Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; } - Mod+Shift+WheelScrollDown { focus-column-right; } - Mod+Shift+WheelScrollUp { focus-column-left; } - Mod+Ctrl+Shift+WheelScrollDown { move-column-right; } - Mod+Ctrl+Shift+WheelScrollUp { move-column-left; } - Mod+BracketLeft { consume-or-expel-window-left; } - Mod+BracketRight { consume-or-expel-window-right; } - Mod+Comma { consume-window-into-column; } - Mod+Period { expel-window-from-column; } - Mod+R { switch-preset-column-width; } - Mod+F { maximize-column; } - Mod+Ctrl+F { fullscreen-window; } - Mod+C { center-visible-columns; } - Mod+Ctrl+C { center-column; } - Mod+Space { toggle-window-floating; } - Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; } - Mod+T { toggle-column-tabbed-display; } - Print { screenshot-screen; } - Mod+Print { screenshot; } - Ctrl+Print { screenshot-window; } - Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } - Mod+Alt+E { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } - Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } - Mod+Ctrl+P { power-off-monitors; } - } - ''; -} diff --git a/users/modules/direnv.nix b/users/modules/direnv.nix deleted file mode 100644 index c91d0af..0000000 --- a/users/modules/direnv.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: - -{ - programs.direnv = { - enable = true; - nix-direnv.enable = true; - }; -} \ No newline at end of file diff --git a/users/modules/gaming.nix b/users/modules/gaming.nix deleted file mode 100644 index 48825ab..0000000 --- a/users/modules/gaming.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, ... }: - -{ - programs.mangohud = { - enable = true; - enableSessionWide = true; - settings = { - position = "top-left"; - fps = true; - frametime = false; - frame_timing = false; - gpu_stats = true; - gpu_temp = true; - gpu_power = true; - cpu_stats = true; - cpu_temp = true; - cpu_power = true; - ram = true; - vram = true; - gamemode = false; - vkbasalt = false; - version = false; - engine_version = false; - vulkan_driver = false; - wine = false; - time = false; - fps_sampling_period = 500; - toggle_hud = "Shift_L+F12"; - toggle_logging = "Ctrl_L+F2"; - output_folder = "${config.home.homeDirectory}/.local/share/mangohud"; - }; - }; -} diff --git a/users/modules/helix.nix b/users/modules/helix.nix deleted file mode 100644 index a72ead3..0000000 --- a/users/modules/helix.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ pkgs, ... }: - -{ - home.sessionVariables = { - EDITOR = "hx"; - }; - - programs.helix = { - enable = true; - settings = { - editor = { - file-picker.hidden = false; - idle-timeout = 0; - line-number = "relative"; - cursor-shape = { - normal = "underline"; - insert = "bar"; - select = "underline"; - }; - soft-wrap.enable = true; - auto-format = true; - indent-guides.render = true; - }; - keys.normal = { - space = { - o = "file_picker_in_current_buffer_directory"; - esc = [ - "collapse_selection" - "keep_primary_selection" - ]; - }; - }; - }; - languages = { - language = [ - { - name = "nix"; - auto-format = true; - formatter.command = "nixfmt"; - } - { - name = "typst"; - auto-format = true; - formatter.command = "typstyle -c 1000 -i"; - } - ]; - }; - }; -} diff --git a/users/modules/obs-studio.nix b/users/modules/obs-studio.nix deleted file mode 100644 index 67e3b8b..0000000 --- a/users/modules/obs-studio.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ pkgs, ... }: - -{ - programs.obs-studio = { - enable = true; - plugins = [ - pkgs.obs-studio-plugins.obs-vkcapture - pkgs.obs-studio-plugins.obs-backgroundremoval - pkgs.obs-studio-plugins.obs-pipewire-audio-capture - ]; - }; - -} diff --git a/users/modules/starship.nix b/users/modules/starship.nix deleted file mode 100644 index c836c51..0000000 --- a/users/modules/starship.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ pkgs, ... }: - -{ - programs.starship = { - enable = true; - enableBashIntegration = true; - enableFishIntegration = true; - settings = { - add_newline = false; - format = '' - $hostname$directory$git_branch$git_status$nix_shell - [ ❯ ](bold green) - ''; - right_format = "$cmd_duration$character"; - hostname = { - ssh_symbol = "󰖟 "; - }; - character = { - error_symbol = "[](red)"; - success_symbol = "[󱐋](green)"; - }; - cmd_duration = { - format = "[󰄉 $duration ]($style)"; - style = "yellow"; - min_time = 500; - }; - git_branch = { - symbol = " "; - style = "purple"; - }; - git_status.style = "red"; - nix_shell = { - format = "via [$symbol$state]($style)"; - heuristic = true; - style = "blue"; - symbol = "󱄅 "; - }; - }; - }; -} diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix deleted file mode 100644 index 6b34e43..0000000 --- a/users/modules/stylix.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ - config, - inputs, - pkgs, - ... -}: - -{ - imports = [ - inputs.stylix.homeModules.stylix - inputs.zen-browser.homeModules.beta - ]; - - stylix = { - enable = true; - polarity = "dark"; - base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyodark.yaml"; - cursor = { - package = pkgs.kdePackages.breeze; - name = "breeze_cursors"; - size = 24; - }; - icons = { - enable = true; - package = pkgs.morewaita-icon-theme; - light = "MoreWaita"; - dark = "MoreWaita"; - }; - opacity = { - applications = 1.0; - desktop = 1.0; - popups = config.stylix.opacity.desktop; - terminal = 1.0; - }; - fonts = { - serif = { - package = pkgs.source-serif; - name = "Source Serif 4 Display"; - }; - sansSerif = { - package = pkgs.inter; - name = "Inter"; - }; - monospace = { - package = pkgs.nerd-fonts.fira-code; - name = "FiraCode Nerd Font"; - }; - emoji = { - package = pkgs.noto-fonts-color-emoji; - name = "Noto Color Emoji"; - }; - sizes = { - applications = 10; - desktop = config.stylix.fonts.sizes.applications; - popups = config.stylix.fonts.sizes.applications; - terminal = 12; - }; - }; - targets.zen-browser = { - enable = true; - profileNames = [ "william" ]; - }; - }; - - programs.zen-browser = { - enable = true; - profiles.william = { }; - }; -} diff --git a/users/modules/tmux.nix b/users/modules/tmux.nix deleted file mode 100644 index 4268e7a..0000000 --- a/users/modules/tmux.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ pkgs, ... }: - -{ - programs.tmux = { - enable = true; - clock24 = true; - terminal = "xterm-256color"; - mouse = true; - keyMode = "vi"; - }; -} \ No newline at end of file diff --git a/users/user/git.nix b/users/user/git.nix deleted file mode 100644 index 9c1fb20..0000000 --- a/users/user/git.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, ... }: - -{ - programs = { - git = { - enable = true; - settings.user = { - name = "William"; - email = "baduhai@proton.me"; - }; - }; - diff-so-fancy = { - enable = true; - enableGitIntegration = true; - }; - }; -} diff --git a/utils.nix b/utils.nix deleted file mode 100644 index e65837c..0000000 --- a/utils.nix +++ /dev/null @@ -1,233 +0,0 @@ -{ inputs, lib }: - -let - inherit (inputs) - self - nixpkgs - nixpkgs-stable - home-manager - agenix - ; - - # Import shared service definitions - sharedServices = import ./shared/services.nix; - - # Enrich services with host IP information - enrichedServices = builtins.map (svc: - let - hostInfo = sharedServices.hosts.${svc.host} or {}; - in - svc // lib.optionalAttrs (hostInfo ? lanIP) { inherit (hostInfo) lanIP; } - // lib.optionalAttrs (hostInfo ? tailscaleIP) { inherit (hostInfo) tailscaleIP; } - ) sharedServices.services; -in - -{ - # Re-export enriched services and hosts for use in host configs - services = enrichedServices; - inherit (sharedServices) hosts; - # Tag-based host configuration system - mkHost = - { - hostname, - tags ? [ ], - system ? "x86_64-linux", - extraModules ? [ ], - }: - let - # Validate that server and desktop tags are mutually exclusive - hasServer = builtins.elem "server" tags; - hasDesktop = builtins.elem "desktop" tags; - - # Always include "common" tag implicitly - allTags = - if hasServer && hasDesktop then - throw "Error: 'server' and 'desktop' tags are mutually exclusive for host '${hostname}'" - else - [ "common" ] ++ tags; - - # Choose nixpkgs based on server tag - pkgs = if builtins.elem "server" allTags then nixpkgs-stable else nixpkgs; - - # Tag-specific modules: each tag can be either: - # 1. A file: hosts/modules/${tag}.nix - # 2. A directory: hosts/modules/${tag}/*.nix (all .nix files imported) - tagModuleFiles = builtins.concatMap ( - tag: - let - filePath = ./hosts/modules/${tag}.nix; - dirPath = ./hosts/modules/${tag}; - in - # Check if it's a file first - if builtins.pathExists filePath then - [ filePath ] - # Then check if it's a directory - else if builtins.pathExists dirPath then - let - entries = builtins.readDir dirPath; - nixFiles = pkgs.lib.filterAttrs ( - name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name - ) entries; - in - map (name: dirPath + "/${name}") (builtins.attrNames nixFiles) - else - [ ] - ) allTags; - - # Automatically import all .nix files from hosts/${hostname}/ - hostModulePath = ./hosts/${hostname}; - hostModuleFiles = - if builtins.pathExists hostModulePath then - let - entries = builtins.readDir hostModulePath; - nixFiles = pkgs.lib.filterAttrs ( - name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name && name != "${hostname}.nix" - ) entries; - in - map (name: hostModulePath + "/${name}") (builtins.attrNames nixFiles) - else - [ ]; - - # Combine all modules - allModules = [ - agenix.nixosModules.default - { - networking.hostName = hostname; - nix.nixPath = [ "nixos-config=${self.outPath}/nixosConfigurations/${hostname}" ]; - nixpkgs.overlays = [ - agenix.overlays.default - self.overlays.default - ]; - } - ] - ++ tagModuleFiles - ++ hostModuleFiles - ++ extraModules; - in - pkgs.lib.nixosSystem { - inherit system; - specialArgs = { - inherit inputs; - hostTags = allTags; - }; - modules = allModules; - }; - - # Tag-based user configuration system - mkHome = - { - username, - hostname ? null, - homeDirectory ? "/home/${username}", - tags ? [ ], - extraModules ? [ ], - }: - let - pkgs = nixpkgs.legacyPackages.x86_64-linux; - - # Always include "common" tag implicitly - allTags = [ "common" ] ++ tags; - - # Tag-specific modules: each tag maps to users/modules/${tag}.nix if it exists - tagModuleFiles = builtins.concatMap ( - tag: - let - filePath = ./users/modules/${tag}.nix; - dirPath = ./users/modules/${tag}; - in - # Check if it's a file first - if builtins.pathExists filePath then - [ filePath ] - # Then check if it's a directory - else if builtins.pathExists dirPath then - let - entries = builtins.readDir dirPath; - nixFiles = pkgs.lib.filterAttrs ( - name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name - ) entries; - in - map (name: dirPath + "/${name}") (builtins.attrNames nixFiles) - else - [ ] - ) allTags; - - # Automatically import all .nix files from users/${username}/ - userModulePath = ./users/${username}; - userModuleFiles = - if builtins.pathExists userModulePath then - let - entries = builtins.readDir userModulePath; - nixFiles = pkgs.lib.filterAttrs ( - name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name - ) entries; - in - map (name: userModulePath + "/${name}") (builtins.attrNames nixFiles) - else - [ ]; - - # Combine all modules - allModules = [ - { - home = { - inherit username homeDirectory; - stateVersion = "22.05"; - }; - } - ] - ++ tagModuleFiles - ++ userModuleFiles - ++ extraModules; - in - home-manager.lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { - inherit inputs hostname; - userTags = allTags; - }; - modules = allModules ++ [ - { - nixpkgs.overlays = [ self.overlays.default ]; - } - ]; - }; - - # Nginx virtual host utilities - mkNginxVHosts = - { domains }: - let - # Extract domain name and apply it as useACMEHost - mkVHostConfig = domain: config: - lib.recursiveUpdate { - useACMEHost = domain; - forceSSL = true; - kTLS = true; - } config; - in - lib.mapAttrs mkVHostConfig domains; - - # Split DNS utilities for unbound - # Generates unbound view config from a list of DNS entries - mkSplitDNS = - entries: - let - # Generate local-data entries for all domains - tailscaleData = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') entries; - lanData = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') entries; - in - [ - # Single Tailscale view with all domains - { - name = "tailscale"; - view-first = true; - local-zone = ''"baduhai.dev." transparent''; - local-data = tailscaleData; - } - # Single LAN view with all domains - { - name = "lan"; - view-first = true; - local-zone = ''"baduhai.dev." transparent''; - local-data = lanData; - } - ]; -} From bde5e2aabc17b452be085704cfdaa9e11e510fa6 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:46:49 -0300 Subject: [PATCH 082/138] add data/services.nix for shared service definitions Creates a standalone data file that can be imported by both aspects/constants.nix and terranix configurations. Co-Authored-By: Claude Opus 4.5 --- aspects/desktop/boot.nix | 5 +- aspects/desktop/nix.nix | 3 - aspects/desktop/services.nix | 5 +- aspects/hosts/_alexandria/jellyfin.nix | 3 +- aspects/hosts/_alexandria/kanidm.nix | 3 +- aspects/hosts/_alexandria/nextcloud.nix | 3 +- aspects/hosts/_alexandria/nginx.nix | 3 +- aspects/hosts/_alexandria/unbound.nix | 4 +- aspects/hosts/_alexandria/vaultwarden.nix | 3 +- aspects/hosts/_trantor/forgejo.nix | 3 +- aspects/hosts/_trantor/nginx.nix | 3 +- aspects/hosts/_trantor/unbound.nix | 4 +- aspects/server/boot.nix | 5 +- aspects/server/nix.nix | 3 - aspects/server/tailscale.nix | 5 +- data/services.nix | 42 +++++++++++ flake.lock | 16 ++++ flake.nix | 34 +++++---- plan.md | 89 +++++++++++++++++++++++ terranix/cloudflare/baduhai.dev.nix | 10 ++- 20 files changed, 189 insertions(+), 57 deletions(-) create mode 100644 data/services.nix create mode 100644 plan.md diff --git a/aspects/desktop/boot.nix b/aspects/desktop/boot.nix index bd98184..48f879d 100644 --- a/aspects/desktop/boot.nix +++ b/aspects/desktop/boot.nix @@ -1,9 +1,6 @@ -{ inputs, ... }: +{ ... }: { flake.modules.nixos.desktop-boot = { config, lib, pkgs, ... }: { - # Import parent aspect for inheritance - imports = [ inputs.self.modules.nixos.common-boot ]; - boot = { plymouth.enable = true; initrd.systemd.enable = true; diff --git a/aspects/desktop/nix.nix b/aspects/desktop/nix.nix index 67cfa11..a3aa421 100644 --- a/aspects/desktop/nix.nix +++ b/aspects/desktop/nix.nix @@ -1,9 +1,6 @@ { inputs, ... }: { flake.modules.nixos.desktop-nix = { config, lib, pkgs, ... }: { - # Import parent aspect for inheritance - imports = [ inputs.self.modules.nixos.common-nix ]; - environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; nix = { diff --git a/aspects/desktop/services.nix b/aspects/desktop/services.nix index 59f0a56..8ebbb6b 100644 --- a/aspects/desktop/services.nix +++ b/aspects/desktop/services.nix @@ -1,9 +1,6 @@ -{ inputs, ... }: +{ ... }: { flake.modules.nixos.desktop-services = { config, lib, pkgs, ... }: { - # Import parent aspect for inheritance - imports = [ inputs.self.modules.nixos.common-services ]; - services = { printing.enable = true; udev.packages = with pkgs; [ yubikey-personalization ]; diff --git a/aspects/hosts/_alexandria/jellyfin.nix b/aspects/hosts/_alexandria/jellyfin.nix index 591403d..0b024bd 100644 --- a/aspects/hosts/_alexandria/jellyfin.nix +++ b/aspects/hosts/_alexandria/jellyfin.nix @@ -1,7 +1,6 @@ { lib, inputs, ... }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + mkNginxVHosts = inputs.self.lib.mkNginxVHosts; in { services.jellyfin = { diff --git a/aspects/hosts/_alexandria/kanidm.nix b/aspects/hosts/_alexandria/kanidm.nix index d51eb14..35e08c8 100644 --- a/aspects/hosts/_alexandria/kanidm.nix +++ b/aspects/hosts/_alexandria/kanidm.nix @@ -7,8 +7,7 @@ }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + mkNginxVHosts = inputs.self.lib.mkNginxVHosts; kanidmCertDir = "/var/lib/kanidm/certs"; in diff --git a/aspects/hosts/_alexandria/nextcloud.nix b/aspects/hosts/_alexandria/nextcloud.nix index 9d69199..c4a9669 100644 --- a/aspects/hosts/_alexandria/nextcloud.nix +++ b/aspects/hosts/_alexandria/nextcloud.nix @@ -7,8 +7,7 @@ }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + mkNginxVHosts = inputs.self.lib.mkNginxVHosts; in { diff --git a/aspects/hosts/_alexandria/nginx.nix b/aspects/hosts/_alexandria/nginx.nix index 19258dd..26a7ba1 100644 --- a/aspects/hosts/_alexandria/nginx.nix +++ b/aspects/hosts/_alexandria/nginx.nix @@ -6,8 +6,7 @@ }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts services; + services = inputs.self.services; # Get all unique domains from shared services that have LAN IPs (served by this host) localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "alexandria") services)); diff --git a/aspects/hosts/_alexandria/unbound.nix b/aspects/hosts/_alexandria/unbound.nix index 6e46cdd..07c8850 100644 --- a/aspects/hosts/_alexandria/unbound.nix +++ b/aspects/hosts/_alexandria/unbound.nix @@ -1,7 +1,7 @@ { inputs, lib, ... }: let - utils = import ../../../utils.nix { inherit inputs lib; }; + services = inputs.self.services; in { @@ -35,7 +35,7 @@ in # LAN-only DNS records local-zone = ''"baduhai.dev." transparent''; local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') - (lib.filter (e: e ? lanIP) utils.services); + (lib.filter (e: e.lanIP != null) services); }; forward-zone = [ diff --git a/aspects/hosts/_alexandria/vaultwarden.nix b/aspects/hosts/_alexandria/vaultwarden.nix index 81e65b1..8577b2d 100644 --- a/aspects/hosts/_alexandria/vaultwarden.nix +++ b/aspects/hosts/_alexandria/vaultwarden.nix @@ -5,8 +5,7 @@ ... }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + mkNginxVHosts = inputs.self.lib.mkNginxVHosts; in { services.vaultwarden = { diff --git a/aspects/hosts/_trantor/forgejo.nix b/aspects/hosts/_trantor/forgejo.nix index e6b2159..1112622 100644 --- a/aspects/hosts/_trantor/forgejo.nix +++ b/aspects/hosts/_trantor/forgejo.nix @@ -6,8 +6,7 @@ }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + mkNginxVHosts = inputs.self.lib.mkNginxVHosts; in { diff --git a/aspects/hosts/_trantor/nginx.nix b/aspects/hosts/_trantor/nginx.nix index 1fd6b5c..5522e24 100644 --- a/aspects/hosts/_trantor/nginx.nix +++ b/aspects/hosts/_trantor/nginx.nix @@ -6,8 +6,7 @@ }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts services; + services = inputs.self.services; # Get all unique domains from shared services on trantor (host = "trantor") localDomains = lib.unique ( diff --git a/aspects/hosts/_trantor/unbound.nix b/aspects/hosts/_trantor/unbound.nix index 367c2c8..9f84228 100644 --- a/aspects/hosts/_trantor/unbound.nix +++ b/aspects/hosts/_trantor/unbound.nix @@ -1,7 +1,7 @@ { inputs, lib, ... }: let - utils = import ../../../utils.nix { inherit inputs lib; }; + services = inputs.self.services; in { @@ -35,7 +35,7 @@ in # Tailnet DNS records from shared services local-zone = ''"baduhai.dev." transparent''; - local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') utils.services; + local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') services; }; forward-zone = [ diff --git a/aspects/server/boot.nix b/aspects/server/boot.nix index 68397f2..ff5ef25 100644 --- a/aspects/server/boot.nix +++ b/aspects/server/boot.nix @@ -1,10 +1,7 @@ # aspects/server/boot.nix -{ inputs, ... }: +{ ... }: { flake.modules.nixos.server-boot = { config, lib, pkgs, ... }: { - # Import parent aspect for inheritance - imports = [ inputs.self.modules.nixos.common-boot ]; - boot.kernelPackages = pkgs.linuxPackages_hardened; }; } diff --git a/aspects/server/nix.nix b/aspects/server/nix.nix index b22565c..84bec67 100644 --- a/aspects/server/nix.nix +++ b/aspects/server/nix.nix @@ -2,9 +2,6 @@ { inputs, ... }: { flake.modules.nixos.server-nix = { config, lib, pkgs, ... }: { - # Import parent aspect for inheritance - imports = [ inputs.self.modules.nixos.common-nix ]; - environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; nix = { diff --git a/aspects/server/tailscale.nix b/aspects/server/tailscale.nix index 433494c..5a48799 100644 --- a/aspects/server/tailscale.nix +++ b/aspects/server/tailscale.nix @@ -1,10 +1,7 @@ # aspects/server/tailscale.nix -{ inputs, ... }: +{ ... }: { flake.modules.nixos.server-tailscale = { config, lib, pkgs, ... }: { - # Import parent aspect for inheritance - imports = [ inputs.self.modules.nixos.common-tailscale ]; - services.tailscale = { extraSetFlags = [ "--advertise-exit-node" ]; useRoutingFeatures = "server"; diff --git a/data/services.nix b/data/services.nix new file mode 100644 index 0000000..ae7395c --- /dev/null +++ b/data/services.nix @@ -0,0 +1,42 @@ +# Shared service and host definitions +# This file can be imported directly (unlike aspects which use flake-parts) +{ + hosts = { + alexandria = { + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + }; + trantor = { + tailscaleIP = "100.108.5.90"; + }; + }; + + services = [ + { + name = "kanidm"; + domain = "auth.baduhai.dev"; + host = "alexandria"; + } + { + name = "vaultwarden"; + domain = "pass.baduhai.dev"; + host = "alexandria"; + } + { + name = "forgejo"; + domain = "git.baduhai.dev"; + host = "trantor"; + public = true; + } + { + name = "nextcloud"; + domain = "cloud.baduhai.dev"; + host = "alexandria"; + } + { + name = "jellyfin"; + domain = "jellyfin.baduhai.dev"; + host = "alexandria"; + } + ]; +} diff --git a/flake.lock b/flake.lock index b5b63cf..c7b2e16 100644 --- a/flake.lock +++ b/flake.lock @@ -453,6 +453,21 @@ "type": "github" } }, + "import-tree": { + "locked": { + "lastModified": 1763762820, + "narHash": "sha256-ZvYKbFib3AEwiNMLsejb/CWs/OL/srFQ8AogkebEPF0=", + "owner": "vic", + "repo": "import-tree", + "rev": "3c23749d8013ec6daa1d7255057590e9ca726646", + "type": "github" + }, + "original": { + "owner": "vic", + "repo": "import-tree", + "type": "github" + } + }, "niri": { "inputs": { "nixpkgs": "nixpkgs_4", @@ -932,6 +947,7 @@ "flake-parts": "flake-parts", "home-manager": "home-manager_2", "impermanence": "impermanence", + "import-tree": "import-tree", "niri": "niri", "niri-flake": "niri-flake", "nix-ai-tools": "nix-ai-tools", diff --git a/flake.nix b/flake.nix index 701406d..ca1a349 100644 --- a/flake.nix +++ b/flake.nix @@ -58,21 +58,23 @@ outputs = inputs@{ flake-parts, import-tree, ... }: - flake-parts.lib.mkFlake { inherit inputs; } ( - import-tree ./aspects - // { - systems = [ - "x86_64-linux" - "aarch64-linux" - ]; + let + aspectsModule = import-tree ./aspects; + in + flake-parts.lib.mkFlake { inherit inputs; } { + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; - imports = [ - ./deploy.nix - ./devShells.nix - ./overlays.nix - ./packages.nix - ./terranixConfigurations.nix - ]; - } - ); + imports = [ + flake-parts.flakeModules.modules + ] ++ aspectsModule.imports ++ [ + ./deploy.nix + ./devShells.nix + ./overlays.nix + ./packages.nix + ./terranixConfigurations.nix + ]; + }; } diff --git a/plan.md b/plan.md new file mode 100644 index 0000000..af88fb9 --- /dev/null +++ b/plan.md @@ -0,0 +1,89 @@ +# Current structure: + +``` + hosts +├──  alexandria +│ ├──  hardware-configuration.nix +│ ├──  jellyfin.nix +│ ├──  kanidm.nix +│ ├──  nextcloud.nix +│ ├──  nginx.nix +│ ├──  unbound.nix +│ └──  vaultwarden.nix +├──  io +│ ├──  boot.nix +│ ├──  disko.nix +│ ├──  hardware-configuration.nix +│ ├──  programs.nix +│ └──  services.nix +├──  modules +│ ├──  common +│ │ ├──  boot.nix +│ │ ├──  console.nix +│ │ ├──  firewall.nix +│ │ ├──  locale.nix +│ │ ├──  nix.nix +│ │ ├──  openssh.nix +│ │ ├──  programs.nix +│ │ ├──  security.nix +│ │ ├──  services.nix +│ │ ├──  tailscale.nix +│ │ └──  users.nix +│ ├──  desktop +│ │ ├──  boot.nix +│ │ ├──  desktop.nix +│ │ ├──  nix.nix +│ │ └──  services.nix +│ ├──  server +│ │ ├──  boot.nix +│ │ ├──  nix.nix +│ │ └──  tailscale.nix +│ ├──  ai.nix +│ ├──  bluetooth.nix +│ ├──  dev.nix +│ ├──  ephemeral.nix +│ ├──  fwupd.nix +│ ├──  gaming.nix +│ ├──  libvirtd.nix +│ ├──  networkmanager.nix +│ └──  podman.nix +├──  rotterdam +│ ├──  boot.nix +│ ├──  hardware-configuration.nix +│ ├──  hardware.nix +│ ├──  programs.nix +│ └──  services.nix +└──  trantor + ├──  boot.nix + ├──  disko.nix + ├──  fail2ban.nix + ├──  forgejo.nix + ├──  hardware-configuration.nix + ├──  networking.nix + ├──  nginx.nix + ├──  openssh.nix + └──  unbound.nix + modules +└──  ephemeral.nix + users +├──  modules +│ ├──  common +│ │ ├──  bash.nix +│ │ ├──  fish.nix +│ │ └──  hm-cli.nix +│ ├──  desktop +│ │ ├──  desktop.nix +│ │ └──  niri.nix +│ ├──  btop.nix +│ ├──  comma.nix +│ ├──  direnv.nix +│ ├──  gaming.nix +│ ├──  helix.nix +│ ├──  obs-studio.nix +│ ├──  starship.nix +│ ├──  stylix.nix +│ └──  tmux.nix +└──  user + └──  git.nix +``` + diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix index 1b456f3..185e5bd 100644 --- a/terranix/cloudflare/baduhai.dev.nix +++ b/terranix/cloudflare/baduhai.dev.nix @@ -6,7 +6,15 @@ { config, lib, ... }: let - inherit (import ../../shared/services.nix) services; + sharedData = import ../../data/services.nix; + # Enrich services with host IPs + services = map (svc: + let hostInfo = sharedData.hosts.${svc.host} or {}; + in svc // { + lanIP = hostInfo.lanIP or null; + tailscaleIP = hostInfo.tailscaleIP or null; + } + ) sharedData.services; # Helper to extract subdomain from full domain (e.g., "git.baduhai.dev" -> "git") getSubdomain = domain: lib.head (lib.splitString "." domain); From 1b7ea7e59b95bee0dbf969e9b31cf9a142201f19 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 23:50:27 -0300 Subject: [PATCH 083/138] constants: import hosts/services from data/services.nix Eliminates duplication by using data/services.nix as single source of truth for both flake-parts modules and terranix. Co-Authored-By: Claude Opus 4.5 --- aspects/constants.nix | 43 ++++--------------------------------------- 1 file changed, 4 insertions(+), 39 deletions(-) diff --git a/aspects/constants.nix b/aspects/constants.nix index 633cff6..2d980e1 100644 --- a/aspects/constants.nix +++ b/aspects/constants.nix @@ -50,35 +50,8 @@ let }; }; - # Raw services list before enrichment - rawServices = [ - { - name = "kanidm"; - domain = "auth.baduhai.dev"; - host = "alexandria"; - } - { - name = "vaultwarden"; - domain = "pass.baduhai.dev"; - host = "alexandria"; - } - { - name = "forgejo"; - domain = "git.baduhai.dev"; - host = "trantor"; - public = true; - } - { - name = "nextcloud"; - domain = "cloud.baduhai.dev"; - host = "alexandria"; - } - { - name = "jellyfin"; - domain = "jellyfin.baduhai.dev"; - host = "alexandria"; - } - ]; + # Import shared data (also used by terranix) + sharedData = import ../data/services.nix; # Enrich services with host IP information enrichServices = hosts: services: @@ -115,17 +88,9 @@ in }; config.flake = { - hosts = { - alexandria = { - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - }; - trantor = { - tailscaleIP = "100.108.5.90"; - }; - }; + hosts = sharedData.hosts; - services = enrichServices config.flake.hosts rawServices; + services = enrichServices config.flake.hosts sharedData.services; lib = { # Nginx virtual host utilities From 829fde6a3af7ba20959d90911e07dde5167b3f4b Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 07:54:49 -0300 Subject: [PATCH 084/138] packages: convert to self-contained flake-parts modules Each package file now exports its own perSystem.packages. definition instead of being called from a centralized packages.nix file. Co-Authored-By: Claude Opus 4.5 --- packages/base16-schemes.nix | 55 ++--- packages/claude-desktop.nix | 400 +++++++++++++++++------------------ packages/fastfetch.nix | 159 +++++++------- packages/hm-cli.nix | 176 +++++++-------- packages/kwrite.nix | 32 +-- packages/toggleaudiosink.nix | 82 +++---- 6 files changed, 459 insertions(+), 445 deletions(-) diff --git a/packages/base16-schemes.nix b/packages/base16-schemes.nix index ffd6c04..fbb1341 100644 --- a/packages/base16-schemes.nix +++ b/packages/base16-schemes.nix @@ -1,32 +1,35 @@ +{ ... }: + { - lib, - stdenv, - fetchFromGitHub, -}: -stdenv.mkDerivation (finalAttrs: { - pname = "base16-schemes"; - version = "0-unstable-2025-06-04"; + perSystem = + { pkgs, ... }: + { + packages.base16-schemes = pkgs.stdenv.mkDerivation (finalAttrs: { + pname = "base16-schemes"; + version = "0-unstable-2025-06-04"; - src = fetchFromGitHub { - owner = "tinted-theming"; - repo = "schemes"; - rev = "317a5e10c35825a6c905d912e480dfe8e71c7559"; - hash = "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM="; - }; + src = pkgs.fetchFromGitHub { + owner = "tinted-theming"; + repo = "schemes"; + rev = "317a5e10c35825a6c905d912e480dfe8e71c7559"; + hash = "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM="; + }; - installPhase = '' - runHook preInstall + installPhase = '' + runHook preInstall - mkdir -p $out/share/themes/ - install base16/*.yaml $out/share/themes/ + mkdir -p $out/share/themes/ + install base16/*.yaml $out/share/themes/ - runHook postInstall - ''; + runHook postInstall + ''; - meta = { - description = "All the color schemes for use in base16 packages"; - homepage = "https://github.com/tinted-theming/schemes"; - maintainers = [ lib.maintainers.DamienCassou ]; - license = lib.licenses.mit; - }; -}) + meta = { + description = "All the color schemes for use in base16 packages"; + homepage = "https://github.com/tinted-theming/schemes"; + maintainers = [ pkgs.lib.maintainers.DamienCassou ]; + license = pkgs.lib.licenses.mit; + }; + }); + }; +} diff --git a/packages/claude-desktop.nix b/packages/claude-desktop.nix index e72fc37..e93f3af 100644 --- a/packages/claude-desktop.nix +++ b/packages/claude-desktop.nix @@ -1,221 +1,215 @@ +{ inputs, ... }: + { - lib, - stdenv, - fetchurl, - makeWrapper, - makeDesktopItem, - copyDesktopItems, - p7zip, - unzip, - electron, - nodejs, - asar, - graphicsmagick, -}: + perSystem = + { system, ... }: + let + pkgs = import inputs.nixpkgs { + inherit system; + config.allowUnfree = true; + }; -let - pname = "claude-desktop"; - version = "1.0.1768"; # Updated based on extracted nupkg + pname = "claude-desktop"; + version = "1.0.1768"; - srcs.x86_64-linux = fetchurl { - url = "https://downloads.claude.ai/releases/win32/x64/1.0.1768/Claude-67d01376d0e9d08b328455f6db9e63b0d603506a.exe"; - hash = "sha256-x76Qav38ya3ObpWIq3dDowo79LgvVquMfaZeH8M1LUk=;"; - }; + srcs.x86_64-linux = pkgs.fetchurl { + url = "https://downloads.claude.ai/releases/win32/x64/1.0.1768/Claude-67d01376d0e9d08b328455f6db9e63b0d603506a.exe"; + hash = "sha256-x76Qav38ya3ObpWIq3dDowo79LgvVquMfaZeH8M1LUk=;"; + }; - src = - srcs.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); + src = + srcs.${pkgs.stdenv.hostPlatform.system} or (throw "Unsupported system: ${pkgs.stdenv.hostPlatform.system}"); - # Stub implementation for claude-native module - claudeNativeStub = '' - // Stub implementation of claude-native using KeyboardKey enum values - const KeyboardKey = { - Backspace: 43, Tab: 280, Enter: 261, Shift: 272, Control: 61, Alt: 40, - CapsLock: 56, Escape: 85, Space: 276, PageUp: 251, PageDown: 250, - End: 83, Home: 154, LeftArrow: 175, UpArrow: 282, RightArrow: 262, - DownArrow: 81, Delete: 79, Meta: 187 - }; - Object.freeze(KeyboardKey); - module.exports = { - getWindowsVersion: () => "10.0.0", - setWindowEffect: () => {}, - removeWindowEffect: () => {}, - getIsMaximized: () => false, - flashFrame: () => {}, - clearFlashFrame: () => {}, - showNotification: () => {}, - setProgressBar: () => {}, - clearProgressBar: () => {}, - setOverlayIcon: () => {}, - clearOverlayIcon: () => {}, - KeyboardKey - }; - ''; + claudeNativeStub = '' + // Stub implementation of claude-native using KeyboardKey enum values + const KeyboardKey = { + Backspace: 43, Tab: 280, Enter: 261, Shift: 272, Control: 61, Alt: 40, + CapsLock: 56, Escape: 85, Space: 276, PageUp: 251, PageDown: 250, + End: 83, Home: 154, LeftArrow: 175, UpArrow: 282, RightArrow: 262, + DownArrow: 81, Delete: 79, Meta: 187 + }; + Object.freeze(KeyboardKey); + module.exports = { + getWindowsVersion: () => "10.0.0", + setWindowEffect: () => {}, + removeWindowEffect: () => {}, + getIsMaximized: () => false, + flashFrame: () => {}, + clearFlashFrame: () => {}, + showNotification: () => {}, + setProgressBar: () => {}, + clearProgressBar: () => {}, + setOverlayIcon: () => {}, + clearOverlayIcon: () => {}, + KeyboardKey + }; + ''; + in + { + packages.claude-desktop = pkgs.stdenv.mkDerivation rec { + inherit pname version src; -in -stdenv.mkDerivation rec { - inherit pname version src; + nativeBuildInputs = with pkgs; [ + makeWrapper + copyDesktopItems + p7zip + unzip + nodejs + graphicsmagick + ]; - nativeBuildInputs = [ - makeWrapper - copyDesktopItems - p7zip - unzip - nodejs - graphicsmagick - ]; + buildInputs = [ pkgs.electron ]; - buildInputs = [ - electron - ]; + desktopItems = [ + (pkgs.makeDesktopItem { + name = "claude-desktop"; + desktopName = "Claude"; + comment = "AI assistant from Anthropic"; + exec = "claude-desktop %u"; + icon = "claude-desktop"; + categories = [ + "Network" + "Chat" + "Office" + ]; + mimeTypes = [ "x-scheme-handler/claude" ]; + startupNotify = true; + startupWMClass = "Claude"; + }) + ]; - desktopItems = [ - (makeDesktopItem { - name = "claude-desktop"; - desktopName = "Claude"; - comment = "AI assistant from Anthropic"; - exec = "claude-desktop %u"; - icon = "claude-desktop"; - categories = [ - "Network" - "Chat" - "Office" - ]; - mimeTypes = [ "x-scheme-handler/claude" ]; - startupNotify = true; - startupWMClass = "Claude"; - }) - ]; + unpackPhase = '' + runHook preUnpack - unpackPhase = '' - runHook preUnpack + # Extract the Windows installer - use -y to auto-overwrite + 7z x -y $src -o./extracted - # Extract the Windows installer - use -y to auto-overwrite - 7z x -y $src -o./extracted + # The installer contains a NuGet package + if [ -f ./extracted/AnthropicClaude-*-full.nupkg ]; then + echo "Found NuGet package, extracting..." + # NuGet packages are just zip files + unzip -q ./extracted/AnthropicClaude-*-full.nupkg -d ./nupkg - # The installer contains a NuGet package - if [ -f ./extracted/AnthropicClaude-*-full.nupkg ]; then - echo "Found NuGet package, extracting..." - # NuGet packages are just zip files - unzip -q ./extracted/AnthropicClaude-*-full.nupkg -d ./nupkg + # Extract app.asar to modify it + if [ -f ./nupkg/lib/net45/resources/app.asar ]; then + echo "Extracting app.asar..." + ${pkgs.asar}/bin/asar extract ./nupkg/lib/net45/resources/app.asar ./app - # Extract app.asar to modify it - if [ -f ./nupkg/lib/net45/resources/app.asar ]; then - echo "Extracting app.asar..." - ${asar}/bin/asar extract ./nupkg/lib/net45/resources/app.asar ./app + # Also copy the unpacked resources + if [ -d ./nupkg/lib/net45/resources/app.asar.unpacked ]; then + cp -r ./nupkg/lib/net45/resources/app.asar.unpacked/* ./app/ + fi - # Also copy the unpacked resources - if [ -d ./nupkg/lib/net45/resources/app.asar.unpacked ]; then - cp -r ./nupkg/lib/net45/resources/app.asar.unpacked/* ./app/ - fi - - # Copy additional resources - mkdir -p ./app/resources - mkdir -p ./app/resources/i18n - cp ./nupkg/lib/net45/resources/Tray* ./app/resources/ || true - cp ./nupkg/lib/net45/resources/*-*.json ./app/resources/i18n/ || true - fi - else - echo "NuGet package not found" - ls -la ./extracted/ - exit 1 - fi - - runHook postUnpack - ''; - - buildPhase = '' - runHook preBuild - - # Replace the Windows-specific claude-native module with a stub - if [ -d ./app/node_modules/claude-native ]; then - echo "Replacing claude-native module with Linux stub..." - rm -rf ./app/node_modules/claude-native/*.node - cat > ./app/node_modules/claude-native/index.js << 'EOF' - ${claudeNativeStub} - EOF - fi - - # Fix the title bar detection (from aaddrick script) - echo "Fixing title bar detection..." - SEARCH_BASE="./app/.vite/renderer/main_window/assets" - if [ -d "$SEARCH_BASE" ]; then - TARGET_FILE=$(find "$SEARCH_BASE" -type f -name "MainWindowPage-*.js" | head -1) - if [ -n "$TARGET_FILE" ]; then - echo "Found target file: $TARGET_FILE" - # Replace patterns like 'if(!VAR1 && VAR2)' with 'if(VAR1 && VAR2)' - sed -i -E 's/if\(!([a-zA-Z]+)[[:space:]]*&&[[:space:]]*([a-zA-Z]+)\)/if(\1 \&\& \2)/g' "$TARGET_FILE" - echo "Title bar fix applied" - fi - fi - - runHook postBuild - ''; - - installPhase = '' - runHook preInstall - - mkdir -p $out/lib/claude-desktop - - # Repack the modified app as app.asar - cd ./app - ${asar}/bin/asar pack . ../app.asar - cd .. - - # Copy resources - mkdir -p $out/lib/claude-desktop/resources - cp ./app.asar $out/lib/claude-desktop/resources/ - - # Create app.asar.unpacked directory with the stub - mkdir -p $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native - cat > $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native/index.js << 'EOF' - ${claudeNativeStub} - EOF - - # Copy other resources - if [ -d ./nupkg/lib/net45/resources ]; then - cp ./nupkg/lib/net45/resources/*.png $out/lib/claude-desktop/resources/ 2>/dev/null || true - cp ./nupkg/lib/net45/resources/*.ico $out/lib/claude-desktop/resources/ 2>/dev/null || true - cp ./nupkg/lib/net45/resources/*.json $out/lib/claude-desktop/resources/ 2>/dev/null || true - fi - - # Create wrapper script - makeWrapper ${electron}/bin/electron $out/bin/claude-desktop \ - --add-flags "$out/lib/claude-desktop/resources/app.asar" \ - --set DISABLE_AUTOUPDATER 1 \ - --set NODE_ENV production - - # Extract and install icons in multiple sizes - if [ -f ./extracted/setupIcon.ico ]; then - echo "Converting and installing icons..." - # Count frames in the ICO file and extract each one - frame_count=$(gm identify ./extracted/setupIcon.ico | wc -l) - for i in $(seq 0 $((frame_count - 1))); do - gm convert "./extracted/setupIcon.ico[$i]" "./extracted/setupIcon-$i.png" 2>/dev/null || true - done - - # Loop through converted icons and install them by size - for img in ./extracted/setupIcon-*.png; do - if [ -f "$img" ]; then - size=$(gm identify -format "%wx%h" "$img") - # Skip smallest icons (16x16 and 32x32) as they're too low quality - if [ "$size" != "16x16" ] && [ "$size" != "32x32" ]; then - mkdir -p "$out/share/icons/hicolor/$size/apps" - cp "$img" "$out/share/icons/hicolor/$size/apps/claude-desktop.png" + # Copy additional resources + mkdir -p ./app/resources + mkdir -p ./app/resources/i18n + cp ./nupkg/lib/net45/resources/Tray* ./app/resources/ || true + cp ./nupkg/lib/net45/resources/*-*.json ./app/resources/i18n/ || true + fi + else + echo "NuGet package not found" + ls -la ./extracted/ + exit 1 fi - fi - done - fi - runHook postInstall - ''; + runHook postUnpack + ''; - meta = with lib; { - description = "Claude Desktop - AI assistant from Anthropic"; - homepage = "https://claude.ai"; - license = licenses.unfree; - sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; - maintainers = with maintainers; [ ]; - platforms = [ "x86_64-linux" ]; - mainProgram = "claude-desktop"; - }; + buildPhase = '' + runHook preBuild + + # Replace the Windows-specific claude-native module with a stub + if [ -d ./app/node_modules/claude-native ]; then + echo "Replacing claude-native module with Linux stub..." + rm -rf ./app/node_modules/claude-native/*.node + cat > ./app/node_modules/claude-native/index.js << 'EOF' + ${claudeNativeStub} + EOF + fi + + # Fix the title bar detection (from aaddrick script) + echo "Fixing title bar detection..." + SEARCH_BASE="./app/.vite/renderer/main_window/assets" + if [ -d "$SEARCH_BASE" ]; then + TARGET_FILE=$(find "$SEARCH_BASE" -type f -name "MainWindowPage-*.js" | head -1) + if [ -n "$TARGET_FILE" ]; then + echo "Found target file: $TARGET_FILE" + # Replace patterns like 'if(!VAR1 && VAR2)' with 'if(VAR1 && VAR2)' + sed -i -E 's/if\(!([a-zA-Z]+)[[:space:]]*&&[[:space:]]*([a-zA-Z]+)\)/if(\1 \&\& \2)/g' "$TARGET_FILE" + echo "Title bar fix applied" + fi + fi + + runHook postBuild + ''; + + installPhase = '' + runHook preInstall + + mkdir -p $out/lib/claude-desktop + + # Repack the modified app as app.asar + cd ./app + ${pkgs.asar}/bin/asar pack . ../app.asar + cd .. + + # Copy resources + mkdir -p $out/lib/claude-desktop/resources + cp ./app.asar $out/lib/claude-desktop/resources/ + + # Create app.asar.unpacked directory with the stub + mkdir -p $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native + cat > $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native/index.js << 'EOF' + ${claudeNativeStub} + EOF + + # Copy other resources + if [ -d ./nupkg/lib/net45/resources ]; then + cp ./nupkg/lib/net45/resources/*.png $out/lib/claude-desktop/resources/ 2>/dev/null || true + cp ./nupkg/lib/net45/resources/*.ico $out/lib/claude-desktop/resources/ 2>/dev/null || true + cp ./nupkg/lib/net45/resources/*.json $out/lib/claude-desktop/resources/ 2>/dev/null || true + fi + + # Create wrapper script + makeWrapper ${pkgs.electron}/bin/electron $out/bin/claude-desktop \ + --add-flags "$out/lib/claude-desktop/resources/app.asar" \ + --set DISABLE_AUTOUPDATER 1 \ + --set NODE_ENV production + + # Extract and install icons in multiple sizes + if [ -f ./extracted/setupIcon.ico ]; then + echo "Converting and installing icons..." + # Count frames in the ICO file and extract each one + frame_count=$(gm identify ./extracted/setupIcon.ico | wc -l) + for i in $(seq 0 $((frame_count - 1))); do + gm convert "./extracted/setupIcon.ico[$i]" "./extracted/setupIcon-$i.png" 2>/dev/null || true + done + + # Loop through converted icons and install them by size + for img in ./extracted/setupIcon-*.png; do + if [ -f "$img" ]; then + size=$(gm identify -format "%wx%h" "$img") + # Skip smallest icons (16x16 and 32x32) as they're too low quality + if [ "$size" != "16x16" ] && [ "$size" != "32x32" ]; then + mkdir -p "$out/share/icons/hicolor/$size/apps" + cp "$img" "$out/share/icons/hicolor/$size/apps/claude-desktop.png" + fi + fi + done + fi + + runHook postInstall + ''; + + meta = with pkgs.lib; { + description = "Claude Desktop - AI assistant from Anthropic"; + homepage = "https://claude.ai"; + license = licenses.unfree; + sourceProvenance = with sourceTypes; [ binaryNativeCode ]; + maintainers = [ ]; + platforms = [ "x86_64-linux" ]; + mainProgram = "claude-desktop"; + }; + }; + }; } diff --git a/packages/fastfetch.nix b/packages/fastfetch.nix index fa8e0ea..aa8d616 100644 --- a/packages/fastfetch.nix +++ b/packages/fastfetch.nix @@ -1,81 +1,84 @@ +{ ... }: + { - lib, - pkgs ? import { }, -}: + perSystem = + { pkgs, lib, ... }: + let + fastfetch-logo = pkgs.fetchurl { + url = "https://discourse.nixos.org/uploads/default/original/3X/3/6/36954e6d6aa32c8b00f50ca43f142d898c1ff535.png"; + hash = "sha256-aLHz8jSAFocrn+Pb4vRq0wtkYFJpBpZRevd+VoZC/PQ="; + }; -let - fastfetch-logo = pkgs.fetchurl { - url = "https://discourse.nixos.org/uploads/default/original/3X/3/6/36954e6d6aa32c8b00f50ca43f142d898c1ff535.png"; - hash = "sha256-aLHz8jSAFocrn+Pb4vRq0wtkYFJpBpZRevd+VoZC/PQ="; - }; - - fastfetch-config = pkgs.writeText "fastfetch-config.json" ( - builtins.toJSON { - "$schema" = "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json"; - modules = [ - "title" - "separator" - { - type = "os"; - keyWidth = 9; + fastfetch-config = pkgs.writeText "fastfetch-config.json" ( + builtins.toJSON { + "$schema" = "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json"; + modules = [ + "title" + "separator" + { + type = "os"; + keyWidth = 9; + } + { + type = "kernel"; + keyWidth = 9; + } + { + type = "uptime"; + keyWidth = 9; + } + { + type = "shell"; + keyWidth = 9; + } + "break" + { + type = "cpu"; + keyWidth = 11; + } + { + type = "memory"; + keyWidth = 11; + } + { + type = "swap"; + keyWidth = 11; + } + { + type = "disk"; + folders = "/"; + keyWidth = 11; + } + { + type = "command"; + key = "Systemd"; + keyWidth = 11; + text = "echo \"$(systemctl list-units --state=failed --no-legend | wc -l) failed units, $(systemctl list-jobs --no-legend | wc -l) queued jobs\""; + } + "break" + { + type = "command"; + key = "Public IP"; + keyWidth = 15; + text = "curl -s -4 ifconfig.me 2>/dev/null || echo 'N/A'"; + } + { + type = "command"; + key = "Tailscale IP"; + keyWidth = 15; + text = "tailscale ip -4 2>/dev/null || echo 'N/A'"; + } + { + type = "command"; + key = "Local IP"; + keyWidth = 15; + text = "ip -4 addr show scope global | grep inet | head -n1 | awk '{print $2}' | cut -d/ -f1"; + } + ]; } - { - type = "kernel"; - keyWidth = 9; - } - { - type = "uptime"; - keyWidth = 9; - } - { - type = "shell"; - keyWidth = 9; - } - "break" - { - type = "cpu"; - keyWidth = 11; - } - { - type = "memory"; - keyWidth = 11; - } - { - type = "swap"; - keyWidth = 11; - } - { - type = "disk"; - folders = "/"; - keyWidth = 11; - } - { - type = "command"; - key = "Systemd"; - keyWidth = 11; - text = "echo \"$(systemctl list-units --state=failed --no-legend | wc -l) failed units, $(systemctl list-jobs --no-legend | wc -l) queued jobs\""; - } - "break" - { - type = "command"; - key = "Public IP"; - keyWidth = 15; - text = "curl -s -4 ifconfig.me 2>/dev/null || echo 'N/A'"; - } - { - type = "command"; - key = "Tailscale IP"; - keyWidth = 15; - text = "tailscale ip -4 2>/dev/null || echo 'N/A'"; - } - { - type = "command"; - key = "Local IP"; - keyWidth = 15; - text = "ip -4 addr show scope global | grep inet | head -n1 | awk '{print $2}' | cut -d/ -f1"; - } - ]; - } - ); -in -pkgs.writeShellScriptBin "fastfetch" ''exec ${lib.getExe pkgs.fastfetch} --config ${fastfetch-config} --logo-type kitty --logo ${fastfetch-logo} --logo-padding-right 1 --logo-width 36 "$@" '' + ); + in + { + packages.fastfetch = pkgs.writeShellScriptBin "fastfetch" ''exec ${lib.getExe pkgs.fastfetch} --config ${fastfetch-config} --logo-type kitty --logo ${fastfetch-logo} --logo-padding-right 1 --logo-width 36 "$@" ''; + }; +} diff --git a/packages/hm-cli.nix b/packages/hm-cli.nix index f6034ea..94dae66 100644 --- a/packages/hm-cli.nix +++ b/packages/hm-cli.nix @@ -1,105 +1,109 @@ +{ ... }: + { - pkgs ? import { }, -}: + perSystem = + { pkgs, ... }: + { + packages.hm-cli = pkgs.writeShellScriptBin "hm" '' + set -e -pkgs.writeShellScriptBin "hm" '' - set -e + HM="${pkgs.lib.getExe pkgs.home-manager}" + FLAKE_PATH="''${HM_PATH:-$HOME/.config/home-manager}" + FLAKE_OUTPUT="''${HM_USER:-$(whoami)@$(hostname)}" - HM="${pkgs.lib.getExe pkgs.home-manager}" - FLAKE_PATH="''${HM_PATH:-$HOME/.config/home-manager}" - FLAKE_OUTPUT="''${HM_USER:-$(whoami)@$(hostname)}" + show_usage() { + cat < [args] - show_usage() { - cat < [args] + Commands: + apply Switch to a new generation + generation list List all generations + generation delete ID... Delete specified generation(s) + generation rollback Rollback to the previous generation + generation switch ID Switch to the specified generation + generation cleanup Delete all but the current generation - Commands: - apply Switch to a new generation - generation list List all generations - generation delete ID... Delete specified generation(s) - generation rollback Rollback to the previous generation - generation switch ID Switch to the specified generation - generation cleanup Delete all but the current generation + Environment Variables: + HM_PATH Override default flake path (~/.config/home-manager) + Currently set to "''${HM_PATH:-}" + HM_USER Override default user output ("$(whoami)@$(hostname)") + Currently set to "''${HM_USER:-}" + EOF + } - Environment Variables: - HM_PATH Override default flake path (~/.config/home-manager) - Currently set to "''${HM_PATH:-}" - HM_USER Override default user output ("$(whoami)@$(hostname)") - Currently set to "''${HM_USER:-}" - EOF - } - - if [[ $# -eq 0 ]]; then - show_usage - exit 1 - fi - - case "$1" in - apply) - "$HM" switch --flake "$FLAKE_PATH#$FLAKE_OUTPUT" -b bkp - ;; - generation) - if [[ $# -lt 2 ]]; then - echo "Error: generation command requires a subcommand" + if [[ $# -eq 0 ]]; then show_usage exit 1 fi - case "$2" in - list) - "$HM" generations + case "$1" in + apply) + "$HM" switch --flake "$FLAKE_PATH#$FLAKE_OUTPUT" -b bkp ;; - delete) - if [[ $# -lt 3 ]]; then - echo "Error: delete requires at least one generation ID" + generation) + if [[ $# -lt 2 ]]; then + echo "Error: generation command requires a subcommand" + show_usage exit 1 fi - shift 2 - "$HM" remove-generations "$@" - ;; - rollback) - PREV_GEN=$("$HM" generations | \ - sed -n 's/^[[:space:]]*id \([0-9]\+\).*/\1/p' | \ - head -n 2 | tail -n 1) - if [[ -z "$PREV_GEN" ]]; then - echo "Error: could not determine previous generation (possibly only one generation exists)" - exit 1 - fi - "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$PREV_GEN" -b bkp - ;; - switch) - if [[ $# -ne 3 ]]; then - echo "Error: switch requires exactly one generation ID" - exit 1 - fi - "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$3" -b bkp - ;; - cleanup) - CURRENT_GEN=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .* (current)$/\1/p') - if [[ -z "$CURRENT_GEN" ]]; then - echo "Error: could not determine current generation" - exit 1 - fi - OLD_GENS=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .*/\1/p' | grep -v "^$CURRENT_GEN$") - if [[ -z "$OLD_GENS" ]]; then - echo "No old generations to delete" - else - echo "Deleting generations: $(echo $OLD_GENS | tr '\n' ' ')" - echo "$OLD_GENS" | xargs "$HM" remove-generations - echo "Cleanup complete. Current generation $CURRENT_GEN preserved." - fi + + case "$2" in + list) + "$HM" generations + ;; + delete) + if [[ $# -lt 3 ]]; then + echo "Error: delete requires at least one generation ID" + exit 1 + fi + shift 2 + "$HM" remove-generations "$@" + ;; + rollback) + PREV_GEN=$("$HM" generations | \ + sed -n 's/^[[:space:]]*id \([0-9]\+\).*/\1/p' | \ + head -n 2 | tail -n 1) + if [[ -z "$PREV_GEN" ]]; then + echo "Error: could not determine previous generation (possibly only one generation exists)" + exit 1 + fi + "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$PREV_GEN" -b bkp + ;; + switch) + if [[ $# -ne 3 ]]; then + echo "Error: switch requires exactly one generation ID" + exit 1 + fi + "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$3" -b bkp + ;; + cleanup) + CURRENT_GEN=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .* (current)$/\1/p') + if [[ -z "$CURRENT_GEN" ]]; then + echo "Error: could not determine current generation" + exit 1 + fi + OLD_GENS=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .*/\1/p' | grep -v "^$CURRENT_GEN$") + if [[ -z "$OLD_GENS" ]]; then + echo "No old generations to delete" + else + echo "Deleting generations: $(echo $OLD_GENS | tr '\n' ' ')" + echo "$OLD_GENS" | xargs "$HM" remove-generations + echo "Cleanup complete. Current generation $CURRENT_GEN preserved." + fi + ;; + *) + echo "Error: unknown generation subcommand '$2'" + show_usage + exit 1 + ;; + esac ;; *) - echo "Error: unknown generation subcommand '$2'" + echo "Error: unknown command '$1'" show_usage exit 1 ;; esac - ;; - *) - echo "Error: unknown command '$1'" - show_usage - exit 1 - ;; - esac -'' + ''; + }; +} diff --git a/packages/kwrite.nix b/packages/kwrite.nix index 14ebce1..67ce69e 100644 --- a/packages/kwrite.nix +++ b/packages/kwrite.nix @@ -1,15 +1,21 @@ -{ pkgs }: +{ ... }: -pkgs.symlinkJoin { - name = "kwrite"; - paths = [ pkgs.kdePackages.kate ]; - postBuild = '' - rm -rf $out/bin/kate \ - $out/bin/.kate-wrapped \ - $out/share/applications/org.kde.kate.desktop \ - $out/share/man \ - $out/share/icons/hicolor/*/apps/kate.png \ - $out/share/icons/hicolor/scalable/apps/kate.svg \ - $out/share/appdata/org.kde.kate.appdata.xml - ''; +{ + perSystem = + { pkgs, ... }: + { + packages.kwrite = pkgs.symlinkJoin { + name = "kwrite"; + paths = [ pkgs.kdePackages.kate ]; + postBuild = '' + rm -rf $out/bin/kate \ + $out/bin/.kate-wrapped \ + $out/share/applications/org.kde.kate.desktop \ + $out/share/man \ + $out/share/icons/hicolor/*/apps/kate.png \ + $out/share/icons/hicolor/scalable/apps/kate.svg \ + $out/share/appdata/org.kde.kate.appdata.xml + ''; + }; + }; } diff --git a/packages/toggleaudiosink.nix b/packages/toggleaudiosink.nix index 623346f..22e0d44 100644 --- a/packages/toggleaudiosink.nix +++ b/packages/toggleaudiosink.nix @@ -1,48 +1,52 @@ +{ ... }: + { - pkgs ? import { }, -}: + perSystem = + { pkgs, ... }: + { + packages.toggleaudiosink = pkgs.writeShellScriptBin "toggleaudiosink" '' + #!/usr/bin/env bash -pkgs.writeShellScriptBin "toggleaudiosink" '' - #!/usr/bin/env bash + sound_server="pipewire" - sound_server="pipewire" + # Grab a count of how many audio sinks we have + sink_count=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -c "Sink #[[:digit:]]") + # Create an array of the actual sink IDs + sinks=() + mapfile -t sinks < <(${pkgs.pulseaudio}/bin/pactl list sinks | grep 'Sink #[[:digit:]]' | sed -n -e 's/.*Sink #\([[:digit:]]\)/\1/p') + # Get the ID of the active sink + active_sink_name=$(${pkgs.pulseaudio}/bin/pactl info | grep 'Default Sink:' | sed -n -e 's/.*Default Sink:[[:space:]]\+\(.*\)/\1/p') + active_sink=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -B 2 "$active_sink_name" | sed -n -e 's/Sink #\([[:digit:]]\)/\1/p' | head -n 1) - # Grab a count of how many audio sinks we have - sink_count=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -c "Sink #[[:digit:]]") - # Create an array of the actual sink IDs - sinks=() - mapfile -t sinks < <(${pkgs.pulseaudio}/bin/pactl list sinks | grep 'Sink #[[:digit:]]' | sed -n -e 's/.*Sink #\([[:digit:]]\)/\1/p') - # Get the ID of the active sink - active_sink_name=$(${pkgs.pulseaudio}/bin/pactl info | grep 'Default Sink:' | sed -n -e 's/.*Default Sink:[[:space:]]\+\(.*\)/\1/p') - active_sink=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -B 2 "$active_sink_name" | sed -n -e 's/Sink #\([[:digit:]]\)/\1/p' | head -n 1) + # Get the ID of the last sink in the array + final_sink=''${sinks[$((sink_count - 1))]} - # Get the ID of the last sink in the array - final_sink=''${sinks[$((sink_count - 1))]} + # Find the index of the active sink + for index in "''${!sinks[@]}"; do + if [[ "''${sinks[$index]}" == "$active_sink" ]]; then + active_sink_index=$index + fi + done - # Find the index of the active sink - for index in "''${!sinks[@]}"; do - if [[ "''${sinks[$index]}" == "$active_sink" ]]; then - active_sink_index=$index - fi - done + # Default to the first sink in the list + next_sink=''${sinks[0]} + next_sink_index=0 - # Default to the first sink in the list - next_sink=''${sinks[0]} - next_sink_index=0 + # If we're not at the end of the list, move up the list + if [[ $active_sink -ne $final_sink ]]; then + next_sink_index=$((active_sink_index + 1)) + next_sink=''${sinks[$next_sink_index]} + fi - # If we're not at the end of the list, move up the list - if [[ $active_sink -ne $final_sink ]]; then - next_sink_index=$((active_sink_index + 1)) - next_sink=''${sinks[$next_sink_index]} - fi + # Change the default sink + # Get the name of the next sink + next_sink_name=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -C 2 "Sink #$next_sink" | sed -n -e 's/.*Name:[[:space:]]\+\(.*\)/\1/p' | head -n 1) + ${pkgs.pulseaudio}/bin/pactl set-default-sink "$next_sink_name" - # Change the default sink - # Get the name of the next sink - next_sink_name=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -C 2 "Sink #$next_sink" | sed -n -e 's/.*Name:[[:space:]]\+\(.*\)/\1/p' | head -n 1) - ${pkgs.pulseaudio}/bin/pactl set-default-sink "$next_sink_name" - - # Move all inputs to the new sink - for app in $(${pkgs.pulseaudio}/bin/pactl list sink-inputs | sed -n -e 's/.*Sink Input #\([[:digit:]]\)/\1/p'); do - ${pkgs.pulseaudio}/bin/pactl "move-sink-input $app $next_sink" - done -'' + # Move all inputs to the new sink + for app in $(${pkgs.pulseaudio}/bin/pactl list sink-inputs | sed -n -e 's/.*Sink Input #\([[:digit:]]\)/\1/p'); do + ${pkgs.pulseaudio}/bin/pactl "move-sink-input $app $next_sink" + done + ''; + }; +} From 29f7621d4275f6460629306df176836f90f92d38 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 07:56:24 -0300 Subject: [PATCH 085/138] flake: use import-tree for packages directory - Move overlays.nix into packages/overlays.nix with dynamic pattern - Update flake.nix to use packagesModule from import-tree - Delete centralized packages.nix (packages are now self-contained) The packages directory is now fully self-contained with each package exporting its own flake output and overlays auto-including all packages. Co-Authored-By: Claude Opus 4.5 --- flake.nix | 15 ++++++++------- overlays.nix | 14 -------------- packages.nix | 22 ---------------------- packages/overlays.nix | 12 ++++++++++++ 4 files changed, 20 insertions(+), 43 deletions(-) delete mode 100644 overlays.nix delete mode 100644 packages.nix create mode 100644 packages/overlays.nix diff --git a/flake.nix b/flake.nix index ca1a349..a4126cb 100644 --- a/flake.nix +++ b/flake.nix @@ -60,6 +60,7 @@ inputs@{ flake-parts, import-tree, ... }: let aspectsModule = import-tree ./aspects; + packagesModule = import-tree ./packages; in flake-parts.lib.mkFlake { inherit inputs; } { systems = [ @@ -69,12 +70,12 @@ imports = [ flake-parts.flakeModules.modules - ] ++ aspectsModule.imports ++ [ - ./deploy.nix - ./devShells.nix - ./overlays.nix - ./packages.nix - ./terranixConfigurations.nix - ]; + ] ++ aspectsModule.imports + ++ packagesModule.imports + ++ [ + ./deploy.nix + ./devShells.nix + ./terranixConfigurations.nix + ]; }; } diff --git a/overlays.nix b/overlays.nix deleted file mode 100644 index b8f807f..0000000 --- a/overlays.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ inputs, ... }: - -{ - flake.overlays = { - default = final: prev: { - base16-schemes = inputs.self.packages.${final.system}.base16-schemes; - claude-desktop = inputs.self.packages.${final.system}.claude-desktop; - fastfetch = inputs.self.packages.${final.system}.fastfetch; - hm-cli = inputs.self.packages.${final.system}.hm-cli; - kwrite = inputs.self.packages.${final.system}.kwrite; - toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; - }; - }; -} diff --git a/packages.nix b/packages.nix deleted file mode 100644 index bf0319e..0000000 --- a/packages.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ inputs, ... }: - -{ - perSystem = - { system, ... }: - let - pkgs = import inputs.nixpkgs { - inherit system; - config.allowUnfree = true; - }; - in - { - packages = { - base16-schemes = pkgs.callPackage ./packages/base16-schemes.nix { }; - claude-desktop = pkgs.callPackage ./packages/claude-desktop.nix { }; - fastfetch = pkgs.callPackage ./packages/fastfetch.nix { }; - hm-cli = pkgs.callPackage ./packages/hm-cli.nix { }; - kwrite = pkgs.callPackage ./packages/kwrite.nix { }; - toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; - }; - }; -} diff --git a/packages/overlays.nix b/packages/overlays.nix new file mode 100644 index 0000000..dde58b6 --- /dev/null +++ b/packages/overlays.nix @@ -0,0 +1,12 @@ +{ inputs, ... }: + +{ + flake.overlays.default = final: prev: { + base16-schemes = inputs.self.packages.${final.system}.base16-schemes; + claude-desktop = inputs.self.packages.${final.system}.claude-desktop; + fastfetch = inputs.self.packages.${final.system}.fastfetch; + hm-cli = inputs.self.packages.${final.system}.hm-cli; + kwrite = inputs.self.packages.${final.system}.kwrite; + toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; + }; +} From 124d414359468f37f4d80190e23dfc789297945f Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 08:08:59 -0300 Subject: [PATCH 086/138] packages/overlays: use builtins.readDir for dynamic package discovery Instead of manually listing packages, the overlay now reads the packages/ directory and automatically includes all .nix files (except overlays.nix itself) as overlay attributes. This makes adding new packages simpler - just add the file and it will automatically be included in the overlay. Co-Authored-By: Claude Opus 4.5 --- packages/overlays.nix | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/packages/overlays.nix b/packages/overlays.nix index dde58b6..a36ed60 100644 --- a/packages/overlays.nix +++ b/packages/overlays.nix @@ -1,12 +1,22 @@ { inputs, ... }: +let + packageDir = builtins.readDir ./.; + + # Filter to .nix files, excluding overlays.nix + isPackageFile = name: + name != "overlays.nix" && builtins.match ".*\\.nix$" name != null; + + # Extract package name from filename (e.g., "foo-bar.nix" -> "foo-bar") + toPackageName = filename: + builtins.head (builtins.match "(.+)\\.nix$" filename); + + packageNames = map toPackageName (builtins.filter isPackageFile (builtins.attrNames packageDir)); +in { - flake.overlays.default = final: prev: { - base16-schemes = inputs.self.packages.${final.system}.base16-schemes; - claude-desktop = inputs.self.packages.${final.system}.claude-desktop; - fastfetch = inputs.self.packages.${final.system}.fastfetch; - hm-cli = inputs.self.packages.${final.system}.hm-cli; - kwrite = inputs.self.packages.${final.system}.kwrite; - toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; - }; + flake.overlays.default = final: prev: + builtins.listToAttrs (map (name: { + inherit name; + value = inputs.self.packages.${final.system}.${name}; + }) packageNames); } From f8478a75ebc2533e67e86a1ce4b0da93ecc69357 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 08:11:55 -0300 Subject: [PATCH 087/138] shells: convert to self-contained flake-parts module Move devShells.nix to shells/default.nix as a flake-parts module and use import-tree for automatic module discovery. Co-Authored-By: Claude Opus 4.5 --- flake.nix | 3 ++- devShells.nix => shells/default.nix | 0 2 files changed, 2 insertions(+), 1 deletion(-) rename devShells.nix => shells/default.nix (100%) diff --git a/flake.nix b/flake.nix index a4126cb..2cbb189 100644 --- a/flake.nix +++ b/flake.nix @@ -61,6 +61,7 @@ let aspectsModule = import-tree ./aspects; packagesModule = import-tree ./packages; + shellsModule = import-tree ./shells; in flake-parts.lib.mkFlake { inherit inputs; } { systems = [ @@ -72,9 +73,9 @@ flake-parts.flakeModules.modules ] ++ aspectsModule.imports ++ packagesModule.imports + ++ shellsModule.imports ++ [ ./deploy.nix - ./devShells.nix ./terranixConfigurations.nix ]; }; diff --git a/devShells.nix b/shells/default.nix similarity index 100% rename from devShells.nix rename to shells/default.nix From c7757c139f7a1f840c88ef5c9725c71fb335e95b Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 08:16:58 -0300 Subject: [PATCH 088/138] terranix: convert to self-contained flake-parts modules Each terranix configuration now exports its own flake output as a self-contained module. Flattened directory structure and removed centralized terranixConfigurations.nix in favor of import-tree. Co-Authored-By: Claude Opus 4.5 --- flake.nix | 3 +- terranix/baduhai.dev.nix | 115 +++++++++ terranix/cloudflare/baduhai.dev.nix | 94 -------- terranix/cloudflare/kernelpanic.space.nix | 0 terranix/kernelpanic.space.nix | 19 ++ terranix/oci/terminus.nix | 0 terranix/oci/trantor.nix | 258 -------------------- terranix/tailnet.nix | 59 +++++ terranix/tailscale/tailnet.nix | 43 ---- terranix/terminus.nix | 19 ++ terranix/trantor.nix | 274 ++++++++++++++++++++++ terranixConfigurations.nix | 27 --- 12 files changed, 488 insertions(+), 423 deletions(-) create mode 100644 terranix/baduhai.dev.nix delete mode 100644 terranix/cloudflare/baduhai.dev.nix delete mode 100644 terranix/cloudflare/kernelpanic.space.nix create mode 100644 terranix/kernelpanic.space.nix delete mode 100644 terranix/oci/terminus.nix delete mode 100644 terranix/oci/trantor.nix create mode 100644 terranix/tailnet.nix delete mode 100644 terranix/tailscale/tailnet.nix create mode 100644 terranix/terminus.nix create mode 100644 terranix/trantor.nix delete mode 100644 terranixConfigurations.nix diff --git a/flake.nix b/flake.nix index 2cbb189..c3fa2f6 100644 --- a/flake.nix +++ b/flake.nix @@ -62,6 +62,7 @@ aspectsModule = import-tree ./aspects; packagesModule = import-tree ./packages; shellsModule = import-tree ./shells; + terranixModule = import-tree ./terranix; in flake-parts.lib.mkFlake { inherit inputs; } { systems = [ @@ -74,9 +75,9 @@ ] ++ aspectsModule.imports ++ packagesModule.imports ++ shellsModule.imports + ++ terranixModule.imports ++ [ ./deploy.nix - ./terranixConfigurations.nix ]; }; } diff --git a/terranix/baduhai.dev.nix b/terranix/baduhai.dev.nix new file mode 100644 index 0000000..396ecf4 --- /dev/null +++ b/terranix/baduhai.dev.nix @@ -0,0 +1,115 @@ +# Required environment variables: +# CLOUDFLARE_API_TOKEN - API token with "Edit zone DNS" permissions +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + +{ inputs, ... }: + +{ + imports = [ inputs.terranix.flakeModule ]; + + perSystem = + { pkgs, ... }: + { + terranix.terranixConfigurations.cloudflare-baduhaidev = { + terraformWrapper.package = pkgs.opentofu; + modules = [ + ( + { config, lib, ... }: + + let + sharedData = import ../data/services.nix; + # Enrich services with host IPs + services = map ( + svc: + let + hostInfo = sharedData.hosts.${svc.host} or { }; + in + svc + // { + lanIP = hostInfo.lanIP or null; + tailscaleIP = hostInfo.tailscaleIP or null; + } + ) sharedData.services; + + # Helper to extract subdomain from full domain (e.g., "git.baduhai.dev" -> "git") + getSubdomain = domain: lib.head (lib.splitString "." domain); + + # Generate DNS records for services + # Public services point to trantor's public IP + # Private services point to their tailscale IP + mkServiceRecords = lib.listToAttrs ( + lib.imap0 ( + i: svc: + let + subdomain = getSubdomain svc.domain; + targetIP = + if svc.public or false then + config.data.terraform_remote_state.trantor "outputs.instance_public_ip" + else + svc.tailscaleIP; + in + { + name = "service_${toString i}"; + value = { + zone_id = config.variable.zone_id.default; + name = subdomain; + type = "A"; + content = targetIP; + proxied = false; + ttl = 3600; + }; + } + ) services + ); + in + + { + terraform.required_providers.cloudflare = { + source = "cloudflare/cloudflare"; + version = "~> 5.0"; + }; + + terraform.backend.s3 = { + bucket = "terraform-state"; + key = "cloudflare/baduhai.dev.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + + variable = { + zone_id = { + default = "c63a8332fdddc4a8e5612ddc54557044"; + type = "string"; + }; + }; + + data = { + terraform_remote_state.trantor = { + backend = "s3"; + config = { + bucket = "terraform-state"; + key = "oci/trantor.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + }; + }; + + resource.cloudflare_dns_record = mkServiceRecords; + } + ) + ]; + }; + }; +} diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix deleted file mode 100644 index 185e5bd..0000000 --- a/terranix/cloudflare/baduhai.dev.nix +++ /dev/null @@ -1,94 +0,0 @@ -# Required environment variables: -# CLOUDFLARE_API_TOKEN - API token with "Edit zone DNS" permissions -# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage -# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage - -{ config, lib, ... }: - -let - sharedData = import ../../data/services.nix; - # Enrich services with host IPs - services = map (svc: - let hostInfo = sharedData.hosts.${svc.host} or {}; - in svc // { - lanIP = hostInfo.lanIP or null; - tailscaleIP = hostInfo.tailscaleIP or null; - } - ) sharedData.services; - - # Helper to extract subdomain from full domain (e.g., "git.baduhai.dev" -> "git") - getSubdomain = domain: lib.head (lib.splitString "." domain); - - # Generate DNS records for services - # Public services point to trantor's public IP - # Private services point to their tailscale IP - mkServiceRecords = lib.listToAttrs ( - lib.imap0 ( - i: svc: - let - subdomain = getSubdomain svc.domain; - targetIP = - if svc.public or false then - config.data.terraform_remote_state.trantor "outputs.instance_public_ip" - else - svc.tailscaleIP; - in - { - name = "service_${toString i}"; - value = { - zone_id = config.variable.zone_id.default; - name = subdomain; - type = "A"; - content = targetIP; - proxied = false; - ttl = 3600; - }; - } - ) services - ); -in - -{ - terraform.required_providers.cloudflare = { - source = "cloudflare/cloudflare"; - version = "~> 5.0"; - }; - - terraform.backend.s3 = { - bucket = "terraform-state"; - key = "cloudflare/baduhai.dev.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - - variable = { - zone_id = { - default = "c63a8332fdddc4a8e5612ddc54557044"; - type = "string"; - }; - }; - - data = { - terraform_remote_state.trantor = { - backend = "s3"; - config = { - bucket = "terraform-state"; - key = "oci/trantor.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - }; - }; - - resource.cloudflare_dns_record = mkServiceRecords; -} diff --git a/terranix/cloudflare/kernelpanic.space.nix b/terranix/cloudflare/kernelpanic.space.nix deleted file mode 100644 index e69de29..0000000 diff --git a/terranix/kernelpanic.space.nix b/terranix/kernelpanic.space.nix new file mode 100644 index 0000000..e3bfe72 --- /dev/null +++ b/terranix/kernelpanic.space.nix @@ -0,0 +1,19 @@ +# Cloudflare kernelpanic.space configuration placeholder +{ inputs, ... }: + +{ + imports = [ inputs.terranix.flakeModule ]; + + perSystem = + { pkgs, ... }: + { + terranix.terranixConfigurations.cloudflare-kernelpanicspace = { + terraformWrapper.package = pkgs.opentofu; + modules = [ + ({ config, ... }: { + # Terraform config goes here + }) + ]; + }; + }; +} diff --git a/terranix/oci/terminus.nix b/terranix/oci/terminus.nix deleted file mode 100644 index e69de29..0000000 diff --git a/terranix/oci/trantor.nix b/terranix/oci/trantor.nix deleted file mode 100644 index 170ad04..0000000 --- a/terranix/oci/trantor.nix +++ /dev/null @@ -1,258 +0,0 @@ -# Required environment variables: -# instead of OCI variables, ~/.oci/config may also be used -# OCI_TENANCY_OCID - Oracle tenancy OCID (or use TF_VAR_* to override variables) -# OCI_USER_OCID - Oracle user OCID -# OCI_FINGERPRINT - API key fingerprint -# OCI_PRIVATE_KEY_PATH - Path to OCI API private key -# AWS variables are required -# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage -# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage - -{ config, ... }: - -{ - terraform.required_providers.oci = { - source = "oracle/oci"; - version = "~> 7.0"; - }; - - provider.oci.region = "sa-saopaulo-1"; - - terraform.backend.s3 = { - bucket = "terraform-state"; - key = "oci/trantor.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - - variable = { - tenancy_ocid = { - default = "ocid1.tenancy.oc1..aaaaaaaap3vfdz4piygqza6e6zqunbcuso43ddqfo3ydmpmnomidyghh7rvq"; - type = "string"; - }; - - compartment_name = { - default = "trantor"; - type = "string"; - }; - - vcn_cidr = { - default = "10.0.0.0/24"; - type = "string"; - }; - - instance_name = { - default = "trantor"; - type = "string"; - }; - - ssh_public_keys = { - default = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" - ]; - type = "list(string)"; - }; - }; - - data = { - oci_identity_availability_domains.ads = { - compartment_id = config.variable.tenancy_ocid.default; - }; - - oci_core_images.ubuntu_arm = { - compartment_id = config.variable.tenancy_ocid.default; - operating_system = "Canonical Ubuntu"; - operating_system_version = "24.04"; - shape = "VM.Standard.A1.Flex"; - sort_by = "TIMECREATED"; - sort_order = "DESC"; - }; - }; - - resource = { - oci_identity_compartment.trantor = { - compartment_id = config.variable.tenancy_ocid.default; - description = "trantor infrastructure compartment"; - name = config.variable.compartment_name.default; - }; - - oci_core_vcn.vcn = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - cidr_blocks = [ config.variable.vcn_cidr.default ]; - display_name = "trantor-vcn"; - dns_label = "trantor"; - }; - - oci_core_internet_gateway.ig = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - vcn_id = config.resource.oci_core_vcn.vcn "id"; - display_name = "trantor-ig"; - enabled = true; - }; - - oci_core_route_table.rt = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - vcn_id = config.resource.oci_core_vcn.vcn "id"; - display_name = "trantor-rt"; - - route_rules = [ - { - network_entity_id = config.resource.oci_core_internet_gateway.ig "id"; - destination = "0.0.0.0/0"; - destination_type = "CIDR_BLOCK"; - } - ]; - }; - - oci_core_security_list.sl = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - vcn_id = config.resource.oci_core_vcn.vcn "id"; - display_name = "trantor-sl"; - - egress_security_rules = [ - { - destination = "0.0.0.0/0"; - protocol = "all"; - stateless = false; - } - ]; - - ingress_security_rules = [ - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 22; - max = 22; - }; - } - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 80; - max = 80; - }; - } - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 443; - max = 443; - }; - } - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 25565; - max = 25565; - }; - } - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 19132; - max = 19133; - }; - } - { - protocol = "17"; # UDP - source = "0.0.0.0/0"; - stateless = false; - udp_options = { - min = 19132; - max = 19133; - }; - } - ]; - }; - - oci_core_subnet.subnet = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - vcn_id = config.resource.oci_core_vcn.vcn "id"; - cidr_block = config.variable.vcn_cidr.default; - display_name = "trantor-subnet"; - dns_label = "subnet"; - route_table_id = config.resource.oci_core_route_table.rt "id"; - security_list_ids = [ (config.resource.oci_core_security_list.sl "id") ]; - prohibit_public_ip_on_vnic = false; - }; - - oci_core_instance.trantor = { - availability_domain = config.data.oci_identity_availability_domains.ads "availability_domains[0].name"; - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - display_name = config.variable.instance_name.default; - shape = "VM.Standard.A1.Flex"; - - shape_config = { - ocpus = 2; - memory_in_gbs = 12; - }; - - source_details = { - source_type = "image"; - source_id = config.data.oci_core_images.ubuntu_arm "images[0].id"; - boot_volume_size_in_gbs = 100; - }; - - create_vnic_details = { - subnet_id = config.resource.oci_core_subnet.subnet "id"; - display_name = "trantor-vnic"; - assign_public_ip = true; - hostname_label = config.variable.instance_name.default; - }; - - metadata = { - ssh_authorized_keys = builtins.concatStringsSep "\n" config.variable.ssh_public_keys.default; - }; - - preserve_boot_volume = false; - }; - - oci_budget_budget.trantor_budget = { - compartment_id = config.variable.tenancy_ocid.default; - targets = [ (config.resource.oci_identity_compartment.trantor "id") ]; - amount = 1; - reset_period = "MONTHLY"; - display_name = "trantor-budget"; - description = "Monthly budget for trantor compartment"; - target_type = "COMPARTMENT"; - }; - - oci_budget_alert_rule.daily_spend_alert = { - budget_id = config.resource.oci_budget_budget.trantor_budget "id"; - type = "ACTUAL"; - threshold = 5; - threshold_type = "PERCENTAGE"; - display_name = "daily-spend-alert"; - recipients = "baduhai@proton.me"; - description = "Alert when daily spending exceeds $0.05"; - message = "Daily spending has exceeded $0.05 in the trantor compartment"; - }; - }; - - output = { - compartment_id = { - value = config.resource.oci_identity_compartment.trantor "id"; - }; - - instance_public_ip = { - value = config.resource.oci_core_instance.trantor "public_ip"; - }; - }; -} diff --git a/terranix/tailnet.nix b/terranix/tailnet.nix new file mode 100644 index 0000000..7bc55f2 --- /dev/null +++ b/terranix/tailnet.nix @@ -0,0 +1,59 @@ +# Required environment variables: +# TAILSCALE_API_KEY - Tailscale API key with appropriate permissions +# TAILSCALE_TAILNET - Your tailnet name (e.g., "user@example.com" or "example.org.github") +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + +{ inputs, ... }: + +{ + imports = [ inputs.terranix.flakeModule ]; + + perSystem = + { pkgs, ... }: + { + terranix.terranixConfigurations.tailscale-tailnet = { + terraformWrapper.package = pkgs.opentofu; + modules = [ + ( + { config, ... }: + { + terraform.required_providers.tailscale = { + source = "tailscale/tailscale"; + version = "~> 0.17"; + }; + + terraform.backend.s3 = { + bucket = "terraform-state"; + key = "tailscale/tailnet.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + + variable = { + trantor_tailscale_ip = { + default = "100.108.5.90"; + type = "string"; + }; + }; + + resource = { + tailscale_dns_nameservers.global = { + nameservers = [ + config.variable.trantor_tailscale_ip.default + "1.1.1.1" + "1.0.0.1" + ]; + }; + }; + } + ) + ]; + }; + }; +} diff --git a/terranix/tailscale/tailnet.nix b/terranix/tailscale/tailnet.nix deleted file mode 100644 index 929e79b..0000000 --- a/terranix/tailscale/tailnet.nix +++ /dev/null @@ -1,43 +0,0 @@ -# Required environment variables: -# TAILSCALE_API_KEY - Tailscale API key with appropriate permissions -# TAILSCALE_TAILNET - Your tailnet name (e.g., "user@example.com" or "example.org.github") -# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage -# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage - -{ config, ... }: - -{ - terraform.required_providers.tailscale = { - source = "tailscale/tailscale"; - version = "~> 0.17"; - }; - - terraform.backend.s3 = { - bucket = "terraform-state"; - key = "tailscale/tailnet.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - - variable = { - trantor_tailscale_ip = { - default = "100.108.5.90"; - type = "string"; - }; - }; - - resource = { - tailscale_dns_nameservers.global = { - nameservers = [ - config.variable.trantor_tailscale_ip.default - "1.1.1.1" - "1.0.0.1" - ]; - }; - }; -} diff --git a/terranix/terminus.nix b/terranix/terminus.nix new file mode 100644 index 0000000..25e227e --- /dev/null +++ b/terranix/terminus.nix @@ -0,0 +1,19 @@ +# OCI Terminus configuration placeholder +{ inputs, ... }: + +{ + imports = [ inputs.terranix.flakeModule ]; + + perSystem = + { pkgs, ... }: + { + terranix.terranixConfigurations.oci-terminus = { + terraformWrapper.package = pkgs.opentofu; + modules = [ + ({ config, ... }: { + # Terraform config goes here + }) + ]; + }; + }; +} diff --git a/terranix/trantor.nix b/terranix/trantor.nix new file mode 100644 index 0000000..0f1f9ba --- /dev/null +++ b/terranix/trantor.nix @@ -0,0 +1,274 @@ +# Required environment variables: +# instead of OCI variables, ~/.oci/config may also be used +# OCI_TENANCY_OCID - Oracle tenancy OCID (or use TF_VAR_* to override variables) +# OCI_USER_OCID - Oracle user OCID +# OCI_FINGERPRINT - API key fingerprint +# OCI_PRIVATE_KEY_PATH - Path to OCI API private key +# AWS variables are required +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + +{ inputs, ... }: + +{ + imports = [ inputs.terranix.flakeModule ]; + + perSystem = + { pkgs, ... }: + { + terranix.terranixConfigurations.oci-trantor = { + terraformWrapper.package = pkgs.opentofu; + modules = [ + ( + { config, ... }: + { + terraform.required_providers.oci = { + source = "oracle/oci"; + version = "~> 7.0"; + }; + + provider.oci.region = "sa-saopaulo-1"; + + terraform.backend.s3 = { + bucket = "terraform-state"; + key = "oci/trantor.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + + variable = { + tenancy_ocid = { + default = "ocid1.tenancy.oc1..aaaaaaaap3vfdz4piygqza6e6zqunbcuso43ddqfo3ydmpmnomidyghh7rvq"; + type = "string"; + }; + + compartment_name = { + default = "trantor"; + type = "string"; + }; + + vcn_cidr = { + default = "10.0.0.0/24"; + type = "string"; + }; + + instance_name = { + default = "trantor"; + type = "string"; + }; + + ssh_public_keys = { + default = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + ]; + type = "list(string)"; + }; + }; + + data = { + oci_identity_availability_domains.ads = { + compartment_id = config.variable.tenancy_ocid.default; + }; + + oci_core_images.ubuntu_arm = { + compartment_id = config.variable.tenancy_ocid.default; + operating_system = "Canonical Ubuntu"; + operating_system_version = "24.04"; + shape = "VM.Standard.A1.Flex"; + sort_by = "TIMECREATED"; + sort_order = "DESC"; + }; + }; + + resource = { + oci_identity_compartment.trantor = { + compartment_id = config.variable.tenancy_ocid.default; + description = "trantor infrastructure compartment"; + name = config.variable.compartment_name.default; + }; + + oci_core_vcn.vcn = { + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + cidr_blocks = [ config.variable.vcn_cidr.default ]; + display_name = "trantor-vcn"; + dns_label = "trantor"; + }; + + oci_core_internet_gateway.ig = { + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + display_name = "trantor-ig"; + enabled = true; + }; + + oci_core_route_table.rt = { + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + display_name = "trantor-rt"; + + route_rules = [ + { + network_entity_id = config.resource.oci_core_internet_gateway.ig "id"; + destination = "0.0.0.0/0"; + destination_type = "CIDR_BLOCK"; + } + ]; + }; + + oci_core_security_list.sl = { + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + display_name = "trantor-sl"; + + egress_security_rules = [ + { + destination = "0.0.0.0/0"; + protocol = "all"; + stateless = false; + } + ]; + + ingress_security_rules = [ + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 22; + max = 22; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 80; + max = 80; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 443; + max = 443; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 25565; + max = 25565; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 19132; + max = 19133; + }; + } + { + protocol = "17"; # UDP + source = "0.0.0.0/0"; + stateless = false; + udp_options = { + min = 19132; + max = 19133; + }; + } + ]; + }; + + oci_core_subnet.subnet = { + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + cidr_block = config.variable.vcn_cidr.default; + display_name = "trantor-subnet"; + dns_label = "subnet"; + route_table_id = config.resource.oci_core_route_table.rt "id"; + security_list_ids = [ (config.resource.oci_core_security_list.sl "id") ]; + prohibit_public_ip_on_vnic = false; + }; + + oci_core_instance.trantor = { + availability_domain = config.data.oci_identity_availability_domains.ads "availability_domains[0].name"; + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + display_name = config.variable.instance_name.default; + shape = "VM.Standard.A1.Flex"; + + shape_config = { + ocpus = 2; + memory_in_gbs = 12; + }; + + source_details = { + source_type = "image"; + source_id = config.data.oci_core_images.ubuntu_arm "images[0].id"; + boot_volume_size_in_gbs = 100; + }; + + create_vnic_details = { + subnet_id = config.resource.oci_core_subnet.subnet "id"; + display_name = "trantor-vnic"; + assign_public_ip = true; + hostname_label = config.variable.instance_name.default; + }; + + metadata = { + ssh_authorized_keys = builtins.concatStringsSep "\n" config.variable.ssh_public_keys.default; + }; + + preserve_boot_volume = false; + }; + + oci_budget_budget.trantor_budget = { + compartment_id = config.variable.tenancy_ocid.default; + targets = [ (config.resource.oci_identity_compartment.trantor "id") ]; + amount = 1; + reset_period = "MONTHLY"; + display_name = "trantor-budget"; + description = "Monthly budget for trantor compartment"; + target_type = "COMPARTMENT"; + }; + + oci_budget_alert_rule.daily_spend_alert = { + budget_id = config.resource.oci_budget_budget.trantor_budget "id"; + type = "ACTUAL"; + threshold = 5; + threshold_type = "PERCENTAGE"; + display_name = "daily-spend-alert"; + recipients = "baduhai@proton.me"; + description = "Alert when daily spending exceeds $0.05"; + message = "Daily spending has exceeded $0.05 in the trantor compartment"; + }; + }; + + output = { + compartment_id = { + value = config.resource.oci_identity_compartment.trantor "id"; + }; + + instance_public_ip = { + value = config.resource.oci_core_instance.trantor "public_ip"; + }; + }; + } + ) + ]; + }; + }; +} diff --git a/terranixConfigurations.nix b/terranixConfigurations.nix deleted file mode 100644 index 12c90d1..0000000 --- a/terranixConfigurations.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ - inputs.terranix.flakeModule - ]; - - perSystem = - { pkgs, ... }: - - { - terranix.terranixConfigurations = { - oci-trantor = { - modules = [ ./terranix/oci/trantor.nix ]; - terraformWrapper.package = pkgs.opentofu; - }; - cloudflare-baduhaidev = { - modules = [ ./terranix/cloudflare/baduhai.dev.nix ]; - terraformWrapper.package = pkgs.opentofu; - }; - tailscale-tailnet = { - modules = [ ./terranix/tailscale/tailnet.nix ]; - terraformWrapper.package = pkgs.opentofu; - }; - }; - }; -} From 4bbf14f7505809fb3029c91cc5d88a07369c8d69 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 08:18:49 -0300 Subject: [PATCH 089/138] terranix: import flakeModule once in flake.nix Fixes duplicate module declaration error by importing terranix flakeModule once at the top level instead of in each config file. Co-Authored-By: Claude Opus 4.5 --- flake.nix | 1 + terranix/baduhai.dev.nix | 4 +--- terranix/kernelpanic.space.nix | 4 +--- terranix/tailnet.nix | 4 +--- terranix/terminus.nix | 4 +--- terranix/trantor.nix | 4 +--- 6 files changed, 6 insertions(+), 15 deletions(-) diff --git a/flake.nix b/flake.nix index c3fa2f6..f995bad 100644 --- a/flake.nix +++ b/flake.nix @@ -72,6 +72,7 @@ imports = [ flake-parts.flakeModules.modules + inputs.terranix.flakeModule ] ++ aspectsModule.imports ++ packagesModule.imports ++ shellsModule.imports diff --git a/terranix/baduhai.dev.nix b/terranix/baduhai.dev.nix index 396ecf4..cea9f22 100644 --- a/terranix/baduhai.dev.nix +++ b/terranix/baduhai.dev.nix @@ -3,11 +3,9 @@ # AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage # AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage -{ inputs, ... }: +{ ... }: { - imports = [ inputs.terranix.flakeModule ]; - perSystem = { pkgs, ... }: { diff --git a/terranix/kernelpanic.space.nix b/terranix/kernelpanic.space.nix index e3bfe72..01e5c08 100644 --- a/terranix/kernelpanic.space.nix +++ b/terranix/kernelpanic.space.nix @@ -1,9 +1,7 @@ # Cloudflare kernelpanic.space configuration placeholder -{ inputs, ... }: +{ ... }: { - imports = [ inputs.terranix.flakeModule ]; - perSystem = { pkgs, ... }: { diff --git a/terranix/tailnet.nix b/terranix/tailnet.nix index 7bc55f2..4e01ab9 100644 --- a/terranix/tailnet.nix +++ b/terranix/tailnet.nix @@ -4,11 +4,9 @@ # AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage # AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage -{ inputs, ... }: +{ ... }: { - imports = [ inputs.terranix.flakeModule ]; - perSystem = { pkgs, ... }: { diff --git a/terranix/terminus.nix b/terranix/terminus.nix index 25e227e..7a0fa5b 100644 --- a/terranix/terminus.nix +++ b/terranix/terminus.nix @@ -1,9 +1,7 @@ # OCI Terminus configuration placeholder -{ inputs, ... }: +{ ... }: { - imports = [ inputs.terranix.flakeModule ]; - perSystem = { pkgs, ... }: { diff --git a/terranix/trantor.nix b/terranix/trantor.nix index 0f1f9ba..5f19e22 100644 --- a/terranix/trantor.nix +++ b/terranix/trantor.nix @@ -8,11 +8,9 @@ # AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage # AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage -{ inputs, ... }: +{ ... }: { - imports = [ inputs.terranix.flakeModule ]; - perSystem = { pkgs, ... }: { From ab69b26b40dbba3345aa3c1ab60df6c468d900ff Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 08:21:02 -0300 Subject: [PATCH 090/138] this shouldn't ever have been commited --- plan.md | 89 --------------------------------------------------------- 1 file changed, 89 deletions(-) delete mode 100644 plan.md diff --git a/plan.md b/plan.md deleted file mode 100644 index af88fb9..0000000 --- a/plan.md +++ /dev/null @@ -1,89 +0,0 @@ -# Current structure: - -``` - hosts -├──  alexandria -│ ├──  hardware-configuration.nix -│ ├──  jellyfin.nix -│ ├──  kanidm.nix -│ ├──  nextcloud.nix -│ ├──  nginx.nix -│ ├──  unbound.nix -│ └──  vaultwarden.nix -├──  io -│ ├──  boot.nix -│ ├──  disko.nix -│ ├──  hardware-configuration.nix -│ ├──  programs.nix -│ └──  services.nix -├──  modules -│ ├──  common -│ │ ├──  boot.nix -│ │ ├──  console.nix -│ │ ├──  firewall.nix -│ │ ├──  locale.nix -│ │ ├──  nix.nix -│ │ ├──  openssh.nix -│ │ ├──  programs.nix -│ │ ├──  security.nix -│ │ ├──  services.nix -│ │ ├──  tailscale.nix -│ │ └──  users.nix -│ ├──  desktop -│ │ ├──  boot.nix -│ │ ├──  desktop.nix -│ │ ├──  nix.nix -│ │ └──  services.nix -│ ├──  server -│ │ ├──  boot.nix -│ │ ├──  nix.nix -│ │ └──  tailscale.nix -│ ├──  ai.nix -│ ├──  bluetooth.nix -│ ├──  dev.nix -│ ├──  ephemeral.nix -│ ├──  fwupd.nix -│ ├──  gaming.nix -│ ├──  libvirtd.nix -│ ├──  networkmanager.nix -│ └──  podman.nix -├──  rotterdam -│ ├──  boot.nix -│ ├──  hardware-configuration.nix -│ ├──  hardware.nix -│ ├──  programs.nix -│ └──  services.nix -└──  trantor - ├──  boot.nix - ├──  disko.nix - ├──  fail2ban.nix - ├──  forgejo.nix - ├──  hardware-configuration.nix - ├──  networking.nix - ├──  nginx.nix - ├──  openssh.nix - └──  unbound.nix - modules -└──  ephemeral.nix - users -├──  modules -│ ├──  common -│ │ ├──  bash.nix -│ │ ├──  fish.nix -│ │ └──  hm-cli.nix -│ ├──  desktop -│ │ ├──  desktop.nix -│ │ └──  niri.nix -│ ├──  btop.nix -│ ├──  comma.nix -│ ├──  direnv.nix -│ ├──  gaming.nix -│ ├──  helix.nix -│ ├──  obs-studio.nix -│ ├──  starship.nix -│ ├──  stylix.nix -│ └──  tmux.nix -└──  user - └──  git.nix -``` - From d83172f48758bb768def8b7d665fd414b8b2359b Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 09:31:14 -0300 Subject: [PATCH 091/138] eza uses --git by default --- aspects/common/programs.nix | 70 +++++++++++++++++++------------------ 1 file changed, 36 insertions(+), 34 deletions(-) diff --git a/aspects/common/programs.nix b/aspects/common/programs.nix index a3233e9..7d12f09 100644 --- a/aspects/common/programs.nix +++ b/aspects/common/programs.nix @@ -1,41 +1,43 @@ { ... }: { - flake.modules.nixos.common-programs = { lib, pkgs, ... }: { - environment = { - systemPackages = with pkgs; [ - ### Dev Tools ### - git - ### System Utilities ### - btop - fastfetch - helix - nixos-firewall-tool - nvd - sysz - tmux - wget - yazi - ]; - shellAliases = { - cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; - ls = "${lib.getExe pkgs.eza} --icons --group-directories-first"; - tree = "ls --tree"; + flake.modules.nixos.common-programs = + { lib, pkgs, ... }: + { + environment = { + systemPackages = with pkgs; [ + ### Dev Tools ### + git + ### System Utilities ### + btop + fastfetch + helix + nixos-firewall-tool + nvd + sysz + tmux + wget + yazi + ]; + shellAliases = { + cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; + ls = "${lib.getExe pkgs.eza} --git --icons --group-directories-first"; + tree = "ls --tree"; + }; }; - }; - programs = { - command-not-found.enable = false; - fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - if set -q SSH_CONNECTION - export TERM=xterm-256color - clear - fastfetch - end - ''; + programs = { + command-not-found.enable = false; + fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + if set -q SSH_CONNECTION + export TERM=xterm-256color + clear + fastfetch + end + ''; + }; }; }; - }; } From c6fbd210097e7adb193b25ea410a058fae583f7b Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 09:33:55 -0300 Subject: [PATCH 092/138] move podmand security options to podman aspect --- aspects/common/security.nix | 9 ++++----- aspects/podman.nix | 29 +++++++++++++++++++---------- 2 files changed, 23 insertions(+), 15 deletions(-) diff --git a/aspects/common/security.nix b/aspects/common/security.nix index b63074b..2ad04a0 100644 --- a/aspects/common/security.nix +++ b/aspects/common/security.nix @@ -1,14 +1,13 @@ { ... }: { - flake.modules.nixos.common-security = { ... }: { - security = { - unprivilegedUsernsClone = true; # Needed for rootless podman - sudo = { + flake.modules.nixos.common-security = + { ... }: + { + security.sudo = { wheelNeedsPassword = false; extraConfig = '' Defaults lecture = never ''; }; }; - }; } diff --git a/aspects/podman.nix b/aspects/podman.nix index 04e7e04..6afa327 100644 --- a/aspects/podman.nix +++ b/aspects/podman.nix @@ -1,15 +1,24 @@ { ... }: { - flake.modules.nixos.podman = { config, lib, pkgs, ... }: { - virtualisation.podman = { - enable = true; - autoPrune.enable = true; - extraPackages = [ pkgs.podman-compose ]; - }; + flake.modules.nixos.podman = + { + config, + lib, + pkgs, + ... + }: + { + virtualisation.podman = { + enable = true; + autoPrune.enable = true; + extraPackages = [ pkgs.podman-compose ]; + }; - systemd = { - services.podman-auto-update.enable = true; - timers.podman-auto-update.enable = true; + security.unprivilegedUsernsClone = true; # Needed for rootless podman + + systemd = { + services.podman-auto-update.enable = true; + timers.podman-auto-update.enable = true; + }; }; - }; } From 0112637288a29a1eb11f5803e0d3ecc68a279374 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 09:49:52 -0300 Subject: [PATCH 093/138] move common/users.nix into users/ --- aspects/common/users.nix | 25 ------ aspects/hosts/alexandria.nix | 12 ++- aspects/hosts/io.nix | 12 ++- aspects/hosts/rotterdam.nix | 12 ++- aspects/hosts/trantor.nix | 12 ++- aspects/users/root.nix | 12 +++ aspects/users/user.nix | 169 ++++++++++++++++++++--------------- 7 files changed, 150 insertions(+), 104 deletions(-) delete mode 100644 aspects/common/users.nix create mode 100644 aspects/users/root.nix diff --git a/aspects/common/users.nix b/aspects/common/users.nix deleted file mode 100644 index e911663..0000000 --- a/aspects/common/users.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ ... }: -{ - flake.modules.nixos.common-users = { pkgs, ... }: { - users.users = { - user = { - isNormalUser = true; - shell = pkgs.fish; - extraGroups = [ - "networkmanager" - "wheel" - ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" - ]; - hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; - }; - root = { - shell = pkgs.fish; - hashedPassword = "!"; - }; - }; - }; -} diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index 28a367d..83304b1 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -6,7 +6,12 @@ modules = [ inputs.agenix.nixosModules.default { networking.hostName = "alexandria"; } - { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } # Common aspects (always included) inputs.self.modules.nixos.common-boot @@ -19,7 +24,10 @@ inputs.self.modules.nixos.common-security inputs.self.modules.nixos.common-services inputs.self.modules.nixos.common-tailscale - inputs.self.modules.nixos.common-users + + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root # Server aspects inputs.self.modules.nixos.server-boot diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix index 1d7f15a..6e5b237 100644 --- a/aspects/hosts/io.nix +++ b/aspects/hosts/io.nix @@ -6,7 +6,12 @@ modules = [ inputs.agenix.nixosModules.default { networking.hostName = "io"; } - { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } # Common aspects (always included) inputs.self.modules.nixos.common-boot @@ -19,7 +24,10 @@ inputs.self.modules.nixos.common-security inputs.self.modules.nixos.common-services inputs.self.modules.nixos.common-tailscale - inputs.self.modules.nixos.common-users + + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root # Desktop aspects inputs.self.modules.nixos.desktop-boot diff --git a/aspects/hosts/rotterdam.nix b/aspects/hosts/rotterdam.nix index e9d3f18..76ffbb0 100644 --- a/aspects/hosts/rotterdam.nix +++ b/aspects/hosts/rotterdam.nix @@ -6,7 +6,12 @@ modules = [ inputs.agenix.nixosModules.default { networking.hostName = "rotterdam"; } - { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } # Common aspects (always included) inputs.self.modules.nixos.common-boot @@ -19,7 +24,10 @@ inputs.self.modules.nixos.common-security inputs.self.modules.nixos.common-services inputs.self.modules.nixos.common-tailscale - inputs.self.modules.nixos.common-users + + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root # Desktop aspects inputs.self.modules.nixos.desktop-boot diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix index 646cc73..c43c6f2 100644 --- a/aspects/hosts/trantor.nix +++ b/aspects/hosts/trantor.nix @@ -6,7 +6,12 @@ modules = [ inputs.agenix.nixosModules.default { networking.hostName = "trantor"; } - { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } # Common aspects (always included) inputs.self.modules.nixos.common-boot @@ -19,7 +24,10 @@ inputs.self.modules.nixos.common-security inputs.self.modules.nixos.common-services inputs.self.modules.nixos.common-tailscale - inputs.self.modules.nixos.common-users + + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root # Server aspects inputs.self.modules.nixos.server-boot diff --git a/aspects/users/root.nix b/aspects/users/root.nix new file mode 100644 index 0000000..18b70eb --- /dev/null +++ b/aspects/users/root.nix @@ -0,0 +1,12 @@ +{ ... }: + +{ + flake.modules.nixos.root = + { pkgs, ... }: + { + users.root = { + shell = pkgs.fish; + hashedPassword = "!"; + }; + }; +} diff --git a/aspects/users/user.nix b/aspects/users/user.nix index 5130abf..050b1a5 100644 --- a/aspects/users/user.nix +++ b/aspects/users/user.nix @@ -1,91 +1,118 @@ -# aspects/users/user.nix { inputs, ... }: + { - flake.homeConfigurations = { - "user@rotterdam" = inputs.home-manager.lib.homeManagerConfiguration { - pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = { inherit inputs; hostname = "rotterdam"; }; - modules = [ - { nixpkgs.overlays = [ inputs.self.overlays.default ]; } + flake = { + modules.nixos.user = + { pkgs, ... }: + { + users.users.user = { + isNormalUser = true; + shell = pkgs.fish; + extraGroups = [ + "networkmanager" + "wheel" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + ]; + hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; + }; + }; - # CLI aspects (common module included) - inputs.self.modules.homeManager.cli-base - inputs.self.modules.homeManager.cli-btop - inputs.self.modules.homeManager.cli-comma - inputs.self.modules.homeManager.cli-direnv - inputs.self.modules.homeManager.cli-helix - inputs.self.modules.homeManager.cli-starship - inputs.self.modules.homeManager.cli-tmux + homeConfigurations = { + "user@rotterdam" = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { + inherit inputs; + hostname = "rotterdam"; + }; + modules = [ + { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - # Shell - inputs.self.modules.homeManager.shell-fish - inputs.self.modules.homeManager.shell-bash + # CLI aspects (common module included) + inputs.self.modules.homeManager.cli-base + inputs.self.modules.homeManager.cli-btop + inputs.self.modules.homeManager.cli-comma + inputs.self.modules.homeManager.cli-direnv + inputs.self.modules.homeManager.cli-helix + inputs.self.modules.homeManager.cli-starship + inputs.self.modules.homeManager.cli-tmux - # Desktop - inputs.self.modules.homeManager.desktop-desktop - inputs.self.modules.homeManager.desktop-niri + # Shell + inputs.self.modules.homeManager.shell-fish + inputs.self.modules.homeManager.shell-bash - # Gaming - inputs.self.modules.homeManager.gaming-mangohud + # Desktop + inputs.self.modules.homeManager.desktop-desktop + inputs.self.modules.homeManager.desktop-niri - # Programs - inputs.self.modules.homeManager.programs-media # for obs-studio + # Gaming + inputs.self.modules.homeManager.gaming-mangohud - # Stylix - inputs.self.modules.homeManager.stylix + # Programs + inputs.self.modules.homeManager.programs-media # for obs-studio - # User-specific (from _user/) - ./_user/git.nix + # Stylix + inputs.self.modules.homeManager.stylix - # Home configuration - { - home = { - username = "user"; - homeDirectory = "/home/user"; - stateVersion = "22.05"; - }; - } - ]; - }; + # User-specific (from _user/) + ./_user/git.nix - "user@io" = inputs.home-manager.lib.homeManagerConfiguration { - pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = { inherit inputs; hostname = "io"; }; - modules = [ - { nixpkgs.overlays = [ inputs.self.overlays.default ]; } + # Home configuration + { + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + }; + } + ]; + }; - # CLI aspects (common module included) - inputs.self.modules.homeManager.cli-base - inputs.self.modules.homeManager.cli-btop - inputs.self.modules.homeManager.cli-comma - inputs.self.modules.homeManager.cli-direnv - inputs.self.modules.homeManager.cli-helix - inputs.self.modules.homeManager.cli-starship - inputs.self.modules.homeManager.cli-tmux + "user@io" = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { + inherit inputs; + hostname = "io"; + }; + modules = [ + { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - # Shell - inputs.self.modules.homeManager.shell-fish - inputs.self.modules.homeManager.shell-bash + # CLI aspects (common module included) + inputs.self.modules.homeManager.cli-base + inputs.self.modules.homeManager.cli-btop + inputs.self.modules.homeManager.cli-comma + inputs.self.modules.homeManager.cli-direnv + inputs.self.modules.homeManager.cli-helix + inputs.self.modules.homeManager.cli-starship + inputs.self.modules.homeManager.cli-tmux - # Desktop - inputs.self.modules.homeManager.desktop-desktop - inputs.self.modules.homeManager.desktop-niri + # Shell + inputs.self.modules.homeManager.shell-fish + inputs.self.modules.homeManager.shell-bash - # Stylix - inputs.self.modules.homeManager.stylix + # Desktop + inputs.self.modules.homeManager.desktop-desktop + inputs.self.modules.homeManager.desktop-niri - # User-specific (from _user/) - ./_user/git.nix + # Stylix + inputs.self.modules.homeManager.stylix - # Home configuration - { - home = { - username = "user"; - homeDirectory = "/home/user"; - stateVersion = "22.05"; - }; - } - ]; + # User-specific (from _user/) + ./_user/git.nix + + # Home configuration + { + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + }; + } + ]; + }; }; }; } From 6d28510dcaa41d4c193e80531152035ed3100e01 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 10:00:06 -0300 Subject: [PATCH 094/138] reformat programs --- aspects/programs/graphics.nix | 42 +++++++------- aspects/programs/media.nix | 42 +++++++------- aspects/programs/office.nix | 37 ++++++------ aspects/programs/utilities.nix | 101 ++++++++++++++++----------------- aspects/programs/web.nix | 31 +++++----- 5 files changed, 124 insertions(+), 129 deletions(-) diff --git a/aspects/programs/graphics.nix b/aspects/programs/graphics.nix index 1488125..4b7a16b 100644 --- a/aspects/programs/graphics.nix +++ b/aspects/programs/graphics.nix @@ -1,27 +1,25 @@ { ... }: { - flake.modules.nixos.programs-graphics = { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - # Image Editing - gimp - inkscape - # CAD & 3D Modeling - plasticity - ]; + flake.modules.nixos.programs-graphics = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + gimp + inkscape + plasticity + ]; - services.flatpak.packages = [ - # Vector Graphics - "com.boxy_svg.BoxySVG" - # 3D Printing / Slicing - rec { - appId = "io.github.softfever.OrcaSlicer"; - sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; - bundle = "${pkgs.fetchurl { - url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; - inherit sha256; - }}"; - } - ]; - }; + services.flatpak.packages = [ + "com.boxy_svg.BoxySVG" + rec { + appId = "io.github.softfever.OrcaSlicer"; + sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; + bundle = "${pkgs.fetchurl { + url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; + inherit sha256; + }}"; + } + ]; + }; } diff --git a/aspects/programs/media.nix b/aspects/programs/media.nix index 8b50b2e..7daaa87 100644 --- a/aspects/programs/media.nix +++ b/aspects/programs/media.nix @@ -2,28 +2,28 @@ { flake.modules = { - nixos.programs-media = { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - # Audio - decibels - # Video - showtime - # Image Viewer - loupe - # Recording & Streaming - obs-studio - ]; - }; - - homeManager.programs-media = { pkgs, ... }: { - programs.obs-studio = { - enable = true; - plugins = with pkgs.obs-studio-plugins; [ - obs-vkcapture - obs-backgroundremoval - obs-pipewire-audio-capture + nixos.programs-media = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + decibels + loupe + obs-studio + showtime ]; }; - }; + + homeManager.programs-media = + { pkgs, ... }: + { + programs.obs-studio = { + enable = true; + plugins = with pkgs.obs-studio-plugins; [ + obs-vkcapture + obs-backgroundremoval + obs-pipewire-audio-capture + ]; + }; + }; }; } diff --git a/aspects/programs/office.nix b/aspects/programs/office.nix index 1fc6817..c3349f3 100644 --- a/aspects/programs/office.nix +++ b/aspects/programs/office.nix @@ -1,25 +1,22 @@ { ... }: { - flake.modules.nixos.programs-office = { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - # Spelling - aspell - aspellDicts.de - aspellDicts.en - aspellDicts.en-computers - aspellDicts.pt_BR - # Document Viewing - papers - # Presentations - presenterm - # Note Taking & Drawing - rnote - ]; + flake.modules.nixos.programs-office = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + aspell + aspellDicts.de + aspellDicts.en + aspellDicts.en-computers + aspellDicts.pt_BR + papers + presenterm + rnote + ]; - services.flatpak.packages = [ - # Office Suite - "com.collabora.Office" - ]; - }; + services.flatpak.packages = [ + "com.collabora.Office" + ]; + }; } diff --git a/aspects/programs/utilities.nix b/aspects/programs/utilities.nix index 15b267f..4a207af 100644 --- a/aspects/programs/utilities.nix +++ b/aspects/programs/utilities.nix @@ -2,64 +2,61 @@ { flake.modules = { - nixos.programs-utilities = { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - # Terminal - ghostty - # File Management - nautilus - gnome-disk-utility - # Archive Tools - p7zip - unrar - # Cloud & Remote - rclone - # System Monitoring - mission-center - # Desktop Integration - adwaita-icon-theme - junction - libfido2 - toggleaudiosink - # Xwayland Support - xwayland-satellite - ]; + nixos.programs-utilities = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + ghostty + gnome-disk-utility + mission-center + nautilus + p7zip + rclone + unrar + # Desktop Integration + adwaita-icon-theme + junction + libfido2 + toggleaudiosink + # Xwayland Support + xwayland-satellite + ]; - services.flatpak.packages = [ - # Flatpak Management - "com.github.tchx84.Flatseal" - # Remote Desktop - "com.rustdesk.RustDesk" - ]; - }; + services.flatpak.packages = [ + "com.github.tchx84.Flatseal" + "com.rustdesk.RustDesk" + ]; + }; - homeManager.programs-utilities = { pkgs, ... }: { - programs = { - ghostty = { - enable = true; - settings = { - cursor-style = "block"; - shell-integration-features = "no-cursor"; - cursor-style-blink = false; - custom-shader = "${builtins.fetchurl { - url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; - sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; - }}"; - bell-features = ""; - gtk-titlebar-style = "tabs"; - keybind = [ "shift+enter=text:\\x1b\\r" ]; + homeManager.programs-utilities = + { pkgs, ... }: + { + programs = { + ghostty = { + enable = true; + settings = { + cursor-style = "block"; + shell-integration-features = "no-cursor"; + cursor-style-blink = false; + custom-shader = "${builtins.fetchurl { + url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; + sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; + }}"; + bell-features = ""; + gtk-titlebar-style = "tabs"; + keybind = [ "shift+enter=text:\\x1b\\r" ]; + }; + }; + + password-store = { + enable = true; + package = pkgs.pass-wayland; }; }; - password-store = { - enable = true; - package = pkgs.pass-wayland; + home.sessionVariables = { + TERMINAL = "ghostty"; }; }; - - home.sessionVariables = { - TERMINAL = "ghostty"; - }; - }; }; } diff --git a/aspects/programs/web.nix b/aspects/programs/web.nix index cc3753b..a11ca57 100644 --- a/aspects/programs/web.nix +++ b/aspects/programs/web.nix @@ -1,18 +1,21 @@ { ... }: { - flake.modules.nixos.programs-web = { inputs, pkgs, system, ... }: { - environment.systemPackages = with pkgs; [ - # Browsers - inputs.zen-browser.packages."${system}".default - tor-browser - # Communication - vesktop - # Cloud & Sync - bitwarden-desktop - nextcloud-client - # Downloads - fragments - ]; - }; + flake.modules.nixos.programs-web = + { + inputs, + pkgs, + system, + ... + }: + { + environment.systemPackages = with pkgs; [ + inputs.zen-browser.packages."${system}".default + bitwarden-desktop + fragments + nextcloud-client + tor-browser + vesktop + ]; + }; } From d482fd06945b6c3422b998552472cff21e6dde0e Mon Sep 17 00:00:00 2001 From: William Date: Sun, 8 Feb 2026 14:02:12 -0300 Subject: [PATCH 095/138] flake file rearranging --- flake.nix | 57 +++++++++++++++++++++++++------------------------------ 1 file changed, 26 insertions(+), 31 deletions(-) diff --git a/flake.nix b/flake.nix index f995bad..482ebea 100644 --- a/flake.nix +++ b/flake.nix @@ -2,58 +2,52 @@ description = "My nix hosts"; inputs = { + # nix tools flake-parts.url = "github:hercules-ci/flake-parts"; import-tree.url = "github:vic/import-tree"; + # nixos/hm nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11"; - home-manager = { url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; }; + # nixos/hm functionality modules agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs-stable"; }; - disko.url = "github:nix-community/disko"; - - noctalia = { - url = "github:noctalia-dev/noctalia-shell"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - + impermanence.url = "github:nix-community/impermanence"; + nixos-cli.url = "github:nix-community/nixos-cli"; + nix-flatpak.url = "github:gmodena/nix-flatpak/main"; stylix.url = "github:danth/stylix"; - nixos-cli.url = "github:nix-community/nixos-cli"; - - nix-flatpak.url = "github:gmodena/nix-flatpak/main"; - - zen-browser.url = "github:0xc000022070/zen-browser-flake"; - - impermanence.url = "github:nix-community/impermanence"; - - deploy-rs.url = "github:serokell/deploy-rs"; - + # nixos/hm program modules niri-flake.url = "github:sodiboo/niri-flake"; - - niri.url = "github:baduhai/niri/auto-center-when-space-available"; - + nix-ai-tools.url = "github:numtide/llm-agents.nix"; nix-index-database = { url = "github:nix-community/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; }; + noctalia = { + url = "github:noctalia-dev/noctalia-shell"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + vicinae.url = "github:vicinaehq/vicinae"; + zen-browser.url = "github:0xc000022070/zen-browser-flake"; + # stand-alone tools + deploy-rs.url = "github:serokell/deploy-rs"; terranix = { url = "github:terranix/terranix"; inputs.nixpkgs.follows = "nixpkgs"; }; - nix-ai-tools.url = "github:numtide/llm-agents.nix"; - - vicinae.url = "github:vicinaehq/vicinae"; + # others + niri.url = "github:baduhai/niri/auto-center-when-space-available"; }; outputs = @@ -73,12 +67,13 @@ imports = [ flake-parts.flakeModules.modules inputs.terranix.flakeModule - ] ++ aspectsModule.imports - ++ packagesModule.imports - ++ shellsModule.imports - ++ terranixModule.imports - ++ [ - ./deploy.nix - ]; + ] + ++ aspectsModule.imports + ++ packagesModule.imports + ++ shellsModule.imports + ++ terranixModule.imports + ++ [ + ./deploy.nix + ]; }; } From aac98fda2e7d555cea374996493f1bac305b9ac9 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 11 Feb 2026 18:07:31 -0300 Subject: [PATCH 096/138] move deploy outputs to self-contained aspects --- aspects/hosts/alexandria.nix | 94 ++++++++++++++++------------- aspects/hosts/io.nix | 111 +++++++++++++++++++---------------- aspects/hosts/trantor.nix | 102 +++++++++++++++++--------------- aspects/users/user.nix | 8 ++- deploy.nix | 48 --------------- flake.nix | 19 +++--- 6 files changed, 184 insertions(+), 198 deletions(-) delete mode 100644 deploy.nix diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index 83304b1..b63c370 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -1,50 +1,60 @@ -{ inputs, ... }: +{ inputs, self, ... }: { - flake.nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "alexandria"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } + flake = { + nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "alexandria"; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root - # Server aspects - inputs.self.modules.nixos.server-boot - inputs.self.modules.nixos.server-nix - inputs.self.modules.nixos.server-tailscale + # Server aspects + inputs.self.modules.nixos.server-boot + inputs.self.modules.nixos.server-nix + inputs.self.modules.nixos.server-tailscale - # Other aspects based on tags - inputs.self.modules.nixos.fwupd + # Other aspects based on tags + inputs.self.modules.nixos.fwupd - # Host-specific files (from _alexandria/) - ./_alexandria/hardware-configuration.nix - ./_alexandria/jellyfin.nix - ./_alexandria/kanidm.nix - ./_alexandria/nextcloud.nix - ./_alexandria/nginx.nix - ./_alexandria/unbound.nix - ./_alexandria/vaultwarden.nix - ]; + # Host-specific files (from _alexandria/) + ./_alexandria/hardware-configuration.nix + ./_alexandria/jellyfin.nix + ./_alexandria/kanidm.nix + ./_alexandria/nextcloud.nix + ./_alexandria/nginx.nix + ./_alexandria/unbound.nix + ./_alexandria/vaultwarden.nix + ]; + }; + deploy.nodes.alexandria = { + hostname = "alexandria"; + profiles.system = { + sshUser = "user"; + path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; + user = "root"; + }; + }; }; } diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix index 6e5b237..2b5f72f 100644 --- a/aspects/hosts/io.nix +++ b/aspects/hosts/io.nix @@ -1,59 +1,70 @@ -{ inputs, ... }: +{ inputs, self, ... }: { - flake.nixosConfigurations.io = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "io"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } + flake = { + nixosConfigurations.io = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "io"; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root - # Desktop aspects - inputs.self.modules.nixos.desktop-boot - inputs.self.modules.nixos.desktop-desktop - inputs.self.modules.nixos.desktop-nix - inputs.self.modules.nixos.desktop-services + # Desktop aspects + inputs.self.modules.nixos.desktop-boot + inputs.self.modules.nixos.desktop-desktop + inputs.self.modules.nixos.desktop-nix + inputs.self.modules.nixos.desktop-services - # Other aspects based on tags - inputs.self.modules.nixos.ai - inputs.self.modules.nixos.bluetooth - inputs.self.modules.nixos.dev - inputs.self.modules.nixos.libvirtd - inputs.self.modules.nixos.networkmanager - inputs.self.modules.nixos.podman + # Other aspects based on tags + inputs.self.modules.nixos.ai + inputs.self.modules.nixos.bluetooth + inputs.self.modules.nixos.dev + inputs.self.modules.nixos.libvirtd + inputs.self.modules.nixos.networkmanager + inputs.self.modules.nixos.podman - # Factory-generated ephemeral module - (inputs.self.factory.ephemeral { - rootDevice = "/dev/mapper/cryptroot"; - }) + # Factory-generated ephemeral module + (inputs.self.factory.ephemeral { + rootDevice = "/dev/mapper/cryptroot"; + }) - # Host-specific files (from _io/) - ./_io/hardware-configuration.nix - ./_io/disko.nix - ./_io/boot.nix - ./_io/programs.nix - ./_io/services.nix - ]; + # Host-specific files (from _io/) + ./_io/hardware-configuration.nix + ./_io/disko.nix + ./_io/boot.nix + ./_io/programs.nix + ./_io/services.nix + ]; + }; + deploy.nodes.io = { + hostname = "io"; + profiles.system = { + sshUser = "user"; + path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.io; + user = "root"; + remoteBuild = false; + }; + }; }; } diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix index c43c6f2..c806987 100644 --- a/aspects/hosts/trantor.nix +++ b/aspects/hosts/trantor.nix @@ -1,54 +1,64 @@ -{ inputs, ... }: +{ inputs, self, ... }: { - flake.nixosConfigurations.trantor = inputs.nixpkgs-stable.lib.nixosSystem { - system = "aarch64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "trantor"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } + flake = { + nixosConfigurations.trantor = inputs.nixpkgs-stable.lib.nixosSystem { + system = "aarch64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "trantor"; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root - # Server aspects - inputs.self.modules.nixos.server-boot - inputs.self.modules.nixos.server-nix - inputs.self.modules.nixos.server-tailscale + # Server aspects + inputs.self.modules.nixos.server-boot + inputs.self.modules.nixos.server-nix + inputs.self.modules.nixos.server-tailscale - # Factory-generated ephemeral module - (inputs.self.factory.ephemeral { - rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; - }) + # Factory-generated ephemeral module + (inputs.self.factory.ephemeral { + rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; + }) - # Host-specific files (from _trantor/) - ./_trantor/hardware-configuration.nix - ./_trantor/disko.nix - ./_trantor/boot.nix - ./_trantor/fail2ban.nix - ./_trantor/forgejo.nix - ./_trantor/networking.nix - ./_trantor/nginx.nix - ./_trantor/openssh.nix - ./_trantor/unbound.nix - ]; + # Host-specific files (from _trantor/) + ./_trantor/hardware-configuration.nix + ./_trantor/disko.nix + ./_trantor/boot.nix + ./_trantor/fail2ban.nix + ./_trantor/forgejo.nix + ./_trantor/networking.nix + ./_trantor/nginx.nix + ./_trantor/openssh.nix + ./_trantor/unbound.nix + ]; + }; + deploy.nodes.trantor = { + hostname = "trantor"; + profiles.system = { + sshUser = "user"; + path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.trantor; + user = "root"; + }; + }; }; } diff --git a/aspects/users/user.nix b/aspects/users/user.nix index 050b1a5..4106ffb 100644 --- a/aspects/users/user.nix +++ b/aspects/users/user.nix @@ -1,4 +1,4 @@ -{ inputs, ... }: +{ inputs, self, ... }: { flake = { @@ -114,5 +114,11 @@ ]; }; }; + deploy.nodes.io.profiles.user = { + sshUser = "user"; + path = inputs.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations."user@io"; + user = "user"; + remoteBuild = false; + }; }; } diff --git a/deploy.nix b/deploy.nix deleted file mode 100644 index 187c92f..0000000 --- a/deploy.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ inputs, self, ... }: -{ - flake.deploy = { - remoteBuild = true; - nodes = { - alexandria = { - hostname = "alexandria"; - profiles.system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; - user = "root"; - }; - }; - - trantor = { - hostname = "trantor"; - profiles.system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.trantor; - user = "root"; - }; - }; - - io = { - hostname = "io"; - profiles = { - system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.io; - user = "root"; - remoteBuild = false; - }; - user = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations."user@io"; - user = "user"; - remoteBuild = false; - }; - }; - }; - }; - }; - perSystem = - { system, ... }: - { - checks = inputs.deploy-rs.lib.${system}.deployChecks self.deploy; - }; -} diff --git a/flake.nix b/flake.nix index 482ebea..35735d0 100644 --- a/flake.nix +++ b/flake.nix @@ -53,10 +53,10 @@ outputs = inputs@{ flake-parts, import-tree, ... }: let - aspectsModule = import-tree ./aspects; - packagesModule = import-tree ./packages; - shellsModule = import-tree ./shells; - terranixModule = import-tree ./terranix; + aspectsModules = import-tree ./aspects; + packagesModules = import-tree ./packages; + shellsModules = import-tree ./shells; + terranixModules = import-tree ./terranix; in flake-parts.lib.mkFlake { inherit inputs; } { systems = [ @@ -68,12 +68,9 @@ flake-parts.flakeModules.modules inputs.terranix.flakeModule ] - ++ aspectsModule.imports - ++ packagesModule.imports - ++ shellsModule.imports - ++ terranixModule.imports - ++ [ - ./deploy.nix - ]; + ++ aspectsModules.imports + ++ packagesModules.imports + ++ shellsModules.imports + ++ terranixModules.imports; }; } From e89cd6e91d68322020f03eee6546464140777078 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 11 Feb 2026 18:13:30 -0300 Subject: [PATCH 097/138] stylix: flake output `homeManagerModules` has been renamed to `homeModules` and will be removed after 26.05. --- aspects/stylix.nix | 135 ++++++++++++++++++++++++--------------------- 1 file changed, 72 insertions(+), 63 deletions(-) diff --git a/aspects/stylix.nix b/aspects/stylix.nix index e64386f..ec3fd42 100644 --- a/aspects/stylix.nix +++ b/aspects/stylix.nix @@ -1,71 +1,80 @@ { ... }: { flake.modules = { - nixos.stylix = { inputs, ... }: { - imports = [ inputs.stylix.nixosModules.stylix ]; - }; - - homeManager.stylix = { config, inputs, pkgs, ... }: { - imports = [ - inputs.stylix.homeManagerModules.stylix - inputs.zen-browser.homeModules.beta - ]; - - stylix = { - enable = true; - polarity = "dark"; - base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyodark.yaml"; - cursor = { - package = pkgs.kdePackages.breeze; - name = "breeze_cursors"; - size = 24; - }; - icons = { - enable = true; - package = pkgs.morewaita-icon-theme; - light = "MoreWaita"; - dark = "MoreWaita"; - }; - opacity = { - applications = 1.0; - desktop = 1.0; - popups = config.stylix.opacity.desktop; - terminal = 1.0; - }; - fonts = { - serif = { - package = pkgs.source-serif; - name = "Source Serif 4 Display"; - }; - sansSerif = { - package = pkgs.inter; - name = "Inter"; - }; - monospace = { - package = pkgs.nerd-fonts.fira-code; - name = "FiraCode Nerd Font"; - }; - emoji = { - package = pkgs.noto-fonts-color-emoji; - name = "Noto Color Emoji"; - }; - sizes = { - applications = 10; - desktop = config.stylix.fonts.sizes.applications; - popups = config.stylix.fonts.sizes.applications; - terminal = 12; - }; - }; - targets.zen-browser = { - enable = true; - profileNames = [ "william" ]; - }; + nixos.stylix = + { inputs, ... }: + { + imports = [ inputs.stylix.nixosModules.stylix ]; }; - programs.zen-browser = { - enable = true; - profiles.william = { }; + homeManager.stylix = + { + config, + inputs, + pkgs, + ... + }: + { + imports = [ + inputs.stylix.homeModules.stylix + inputs.zen-browser.homeModules.beta + ]; + + stylix = { + enable = true; + polarity = "dark"; + base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyodark.yaml"; + cursor = { + package = pkgs.kdePackages.breeze; + name = "breeze_cursors"; + size = 24; + }; + icons = { + enable = true; + package = pkgs.morewaita-icon-theme; + light = "MoreWaita"; + dark = "MoreWaita"; + }; + opacity = { + applications = 1.0; + desktop = 1.0; + popups = config.stylix.opacity.desktop; + terminal = 1.0; + }; + fonts = { + serif = { + package = pkgs.source-serif; + name = "Source Serif 4 Display"; + }; + sansSerif = { + package = pkgs.inter; + name = "Inter"; + }; + monospace = { + package = pkgs.nerd-fonts.fira-code; + name = "FiraCode Nerd Font"; + }; + emoji = { + package = pkgs.noto-fonts-color-emoji; + name = "Noto Color Emoji"; + }; + sizes = { + applications = 10; + desktop = config.stylix.fonts.sizes.applications; + popups = config.stylix.fonts.sizes.applications; + terminal = 12; + }; + }; + targets.zen-browser = { + enable = true; + profileNames = [ "william" ]; + }; + }; + + programs.zen-browser = { + enable = true; + profiles.william = { }; + }; }; - }; }; } From 2998dd81adcab30bb04112eebe48c737675222e4 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 11 Feb 2026 18:14:00 -0300 Subject: [PATCH 098/138] users.root -> users.users.root --- aspects/users/root.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspects/users/root.nix b/aspects/users/root.nix index 18b70eb..ff04c56 100644 --- a/aspects/users/root.nix +++ b/aspects/users/root.nix @@ -4,7 +4,7 @@ flake.modules.nixos.root = { pkgs, ... }: { - users.root = { + users.users.root = { shell = pkgs.fish; hashedPassword = "!"; }; From 06b0c379601d71d9fe9e5c8a1b7b94a6f632d560 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 12 Feb 2026 16:41:53 -0300 Subject: [PATCH 099/138] no more deploy-rs --- aspects/hosts/alexandria.nix | 92 +++++++++--------- aspects/hosts/io.nix | 109 ++++++++++------------ aspects/hosts/trantor.nix | 100 +++++++++----------- aspects/users/user.nix | 6 -- flake.lock | 174 +++++++++-------------------------- flake.nix | 1 - shells/default.nix | 1 - 7 files changed, 179 insertions(+), 304 deletions(-) diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index b63c370..28c333e 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -1,60 +1,50 @@ { inputs, self, ... }: { - flake = { - nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "alexandria"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } + flake.nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "alexandria"; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root - # Server aspects - inputs.self.modules.nixos.server-boot - inputs.self.modules.nixos.server-nix - inputs.self.modules.nixos.server-tailscale + # Server aspects + inputs.self.modules.nixos.server-boot + inputs.self.modules.nixos.server-nix + inputs.self.modules.nixos.server-tailscale - # Other aspects based on tags - inputs.self.modules.nixos.fwupd + # Other aspects based on tags + inputs.self.modules.nixos.fwupd - # Host-specific files (from _alexandria/) - ./_alexandria/hardware-configuration.nix - ./_alexandria/jellyfin.nix - ./_alexandria/kanidm.nix - ./_alexandria/nextcloud.nix - ./_alexandria/nginx.nix - ./_alexandria/unbound.nix - ./_alexandria/vaultwarden.nix - ]; - }; - deploy.nodes.alexandria = { - hostname = "alexandria"; - profiles.system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; - user = "root"; - }; - }; + # Host-specific files (from _alexandria/) + ./_alexandria/hardware-configuration.nix + ./_alexandria/jellyfin.nix + ./_alexandria/kanidm.nix + ./_alexandria/nextcloud.nix + ./_alexandria/nginx.nix + ./_alexandria/unbound.nix + ./_alexandria/vaultwarden.nix + ]; }; } diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix index 2b5f72f..c6c3dbf 100644 --- a/aspects/hosts/io.nix +++ b/aspects/hosts/io.nix @@ -1,70 +1,59 @@ { inputs, self, ... }: { - flake = { - nixosConfigurations.io = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "io"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } + flake.nixosConfigurations.io = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "io"; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root - # Desktop aspects - inputs.self.modules.nixos.desktop-boot - inputs.self.modules.nixos.desktop-desktop - inputs.self.modules.nixos.desktop-nix - inputs.self.modules.nixos.desktop-services + # Desktop aspects + inputs.self.modules.nixos.desktop-boot + inputs.self.modules.nixos.desktop-desktop + inputs.self.modules.nixos.desktop-nix + inputs.self.modules.nixos.desktop-services - # Other aspects based on tags - inputs.self.modules.nixos.ai - inputs.self.modules.nixos.bluetooth - inputs.self.modules.nixos.dev - inputs.self.modules.nixos.libvirtd - inputs.self.modules.nixos.networkmanager - inputs.self.modules.nixos.podman + # Other aspects based on tags + inputs.self.modules.nixos.ai + inputs.self.modules.nixos.bluetooth + inputs.self.modules.nixos.dev + inputs.self.modules.nixos.libvirtd + inputs.self.modules.nixos.networkmanager + inputs.self.modules.nixos.podman - # Factory-generated ephemeral module - (inputs.self.factory.ephemeral { - rootDevice = "/dev/mapper/cryptroot"; - }) + # Factory-generated ephemeral module + (inputs.self.factory.ephemeral { + rootDevice = "/dev/mapper/cryptroot"; + }) - # Host-specific files (from _io/) - ./_io/hardware-configuration.nix - ./_io/disko.nix - ./_io/boot.nix - ./_io/programs.nix - ./_io/services.nix - ]; - }; - deploy.nodes.io = { - hostname = "io"; - profiles.system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.io; - user = "root"; - remoteBuild = false; - }; - }; + # Host-specific files (from _io/) + ./_io/hardware-configuration.nix + ./_io/disko.nix + ./_io/boot.nix + ./_io/programs.nix + ./_io/services.nix + ]; }; } diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix index c806987..3de68a9 100644 --- a/aspects/hosts/trantor.nix +++ b/aspects/hosts/trantor.nix @@ -1,64 +1,54 @@ { inputs, self, ... }: { - flake = { - nixosConfigurations.trantor = inputs.nixpkgs-stable.lib.nixosSystem { - system = "aarch64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "trantor"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } + flake.nixosConfigurations.trantor = inputs.nixpkgs-stable.lib.nixosSystem { + system = "aarch64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "trantor"; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root - # Server aspects - inputs.self.modules.nixos.server-boot - inputs.self.modules.nixos.server-nix - inputs.self.modules.nixos.server-tailscale + # Server aspects + inputs.self.modules.nixos.server-boot + inputs.self.modules.nixos.server-nix + inputs.self.modules.nixos.server-tailscale - # Factory-generated ephemeral module - (inputs.self.factory.ephemeral { - rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; - }) + # Factory-generated ephemeral module + (inputs.self.factory.ephemeral { + rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; + }) - # Host-specific files (from _trantor/) - ./_trantor/hardware-configuration.nix - ./_trantor/disko.nix - ./_trantor/boot.nix - ./_trantor/fail2ban.nix - ./_trantor/forgejo.nix - ./_trantor/networking.nix - ./_trantor/nginx.nix - ./_trantor/openssh.nix - ./_trantor/unbound.nix - ]; - }; - deploy.nodes.trantor = { - hostname = "trantor"; - profiles.system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.trantor; - user = "root"; - }; - }; + # Host-specific files (from _trantor/) + ./_trantor/hardware-configuration.nix + ./_trantor/disko.nix + ./_trantor/boot.nix + ./_trantor/fail2ban.nix + ./_trantor/forgejo.nix + ./_trantor/networking.nix + ./_trantor/nginx.nix + ./_trantor/openssh.nix + ./_trantor/unbound.nix + ]; }; } diff --git a/aspects/users/user.nix b/aspects/users/user.nix index 4106ffb..ad1b8ca 100644 --- a/aspects/users/user.nix +++ b/aspects/users/user.nix @@ -114,11 +114,5 @@ ]; }; }; - deploy.nodes.io.profiles.user = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations."user@io"; - user = "user"; - remoteBuild = false; - }; }; } diff --git a/flake.lock b/flake.lock index c7b2e16..05b233b 100644 --- a/flake.lock +++ b/flake.lock @@ -97,7 +97,7 @@ "nix-ai-tools", "nixpkgs" ], - "systems": "systems_3" + "systems": "systems_2" }, "locked": { "lastModified": 1767386128, @@ -135,29 +135,9 @@ "type": "github" } }, - "deploy-rs": { - "inputs": { - "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs", - "utils": "utils" - }, - "locked": { - "lastModified": 1766051518, - "narHash": "sha256-znKOwPXQnt3o7lDb3hdf19oDo0BLP4MfBOYiWkEHoik=", - "owner": "serokell", - "repo": "deploy-rs", - "rev": "d5eff7f948535b9c723d60cd8239f8f11ddc90fa", - "type": "github" - }, - "original": { - "owner": "serokell", - "repo": "deploy-rs", - "type": "github" - } - }, "disko": { "inputs": { - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs" }, "locked": { "lastModified": 1768923567, @@ -190,22 +170,6 @@ } }, "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { "flake": false, "locked": { "lastModified": 1767039857, @@ -221,7 +185,7 @@ "type": "github" } }, - "flake-compat_3": { + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1747046372, @@ -437,7 +401,7 @@ "impermanence": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1768835187, @@ -470,7 +434,7 @@ }, "niri": { "inputs": { - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_3", "rust-overlay": "rust-overlay" }, "locked": { @@ -492,7 +456,7 @@ "inputs": { "niri-stable": "niri-stable", "niri-unstable": "niri-unstable", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "nixpkgs-stable": "nixpkgs-stable", "xwayland-satellite-stable": "xwayland-satellite-stable", "xwayland-satellite-unstable": "xwayland-satellite-unstable" @@ -547,7 +511,7 @@ "nix-ai-tools": { "inputs": { "blueprint": "blueprint", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_5", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -602,9 +566,9 @@ }, "nixos-cli": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat", "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_6", "optnix": "optnix" }, "locked": { @@ -623,11 +587,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743014863, - "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=", + "lastModified": 1768661221, + "narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f", + "rev": "3327b113f2ef698d380df83fbccefad7e83d7769", "type": "github" }, "original": { @@ -700,22 +664,6 @@ } }, "nixpkgs_10": { - "locked": { - "lastModified": 1767767207, - "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { "locked": { "lastModified": 1762111121, "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", @@ -731,7 +679,7 @@ "type": "github" } }, - "nixpkgs_12": { + "nixpkgs_11": { "locked": { "lastModified": 1768127708, "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", @@ -748,22 +696,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1768661221, - "narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "3327b113f2ef698d380df83fbccefad7e83d7769", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1768564909, "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", @@ -779,7 +711,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1757967192, "narHash": "sha256-/aA9A/OBmnuOMgwfzdsXRusqzUpd8rQnQY8jtrHK+To=", @@ -795,7 +727,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { "lastModified": 1768564909, "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", @@ -811,7 +743,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { "lastModified": 1768783163, "narHash": "sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo+w8KsY4=", @@ -827,7 +759,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_6": { "locked": { "lastModified": 1767151656, "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", @@ -843,7 +775,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_7": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -859,7 +791,7 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_8": { "locked": { "lastModified": 1768564909, "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", @@ -875,6 +807,22 @@ "type": "github" } }, + "nixpkgs_9": { + "locked": { + "lastModified": 1767767207, + "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "noctalia": { "inputs": { "nixpkgs": [ @@ -922,8 +870,8 @@ }, "optnix": { "inputs": { - "flake-compat": "flake-compat_3", - "nixpkgs": "nixpkgs_8" + "flake-compat": "flake-compat_2", + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1765418479, @@ -942,7 +890,6 @@ "root": { "inputs": { "agenix": "agenix", - "deploy-rs": "deploy-rs", "disko": "disko", "flake-parts": "flake-parts", "home-manager": "home-manager_2", @@ -954,7 +901,7 @@ "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_8", "nixpkgs-stable": "nixpkgs-stable_2", "noctalia": "noctalia", "stylix": "stylix", @@ -993,9 +940,9 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_3", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_9", "nur": "nur", - "systems": "systems_4", + "systems": "systems_3", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -1091,28 +1038,13 @@ "type": "github" } }, - "systems_6": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "terranix": { "inputs": { "flake-parts": "flake-parts_4", "nixpkgs": [ "nixpkgs" ], - "systems": "systems_5" + "systems": "systems_4" }, "locked": { "lastModified": 1762472226, @@ -1230,28 +1162,10 @@ "type": "github" } }, - "utils": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "vicinae": { "inputs": { - "nixpkgs": "nixpkgs_11", - "systems": "systems_6" + "nixpkgs": "nixpkgs_10", + "systems": "systems_5" }, "locked": { "lastModified": 1768856963, @@ -1303,7 +1217,7 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_4", - "nixpkgs": "nixpkgs_12" + "nixpkgs": "nixpkgs_11" }, "locked": { "lastModified": 1768919538, diff --git a/flake.nix b/flake.nix index 35735d0..6026fa3 100644 --- a/flake.nix +++ b/flake.nix @@ -40,7 +40,6 @@ zen-browser.url = "github:0xc000022070/zen-browser-flake"; # stand-alone tools - deploy-rs.url = "github:serokell/deploy-rs"; terranix = { url = "github:terranix/terranix"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/shells/default.nix b/shells/default.nix index 1c93cf3..a7cda20 100644 --- a/shells/default.nix +++ b/shells/default.nix @@ -7,7 +7,6 @@ devShells.default = pkgs.mkShell { packages = with pkgs; [ inputs.agenix.packages.${system}.default - deploy-rs nil nixfmt ]; From 7309074f25a641007e38bdbca3bca2e9d342a44b Mon Sep 17 00:00:00 2001 From: William Date: Thu, 12 Feb 2026 17:16:01 -0300 Subject: [PATCH 100/138] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/fcdea223397448d35d9b31f798479227e80183f6?narHash=sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L%2BVSybPfiIgzU8lbQ%3D' (2025-11-08) → 'github:ryantm/agenix/b027ee29d959fda4b60b57566d64c98a202e0feb?narHash=sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I%3D' (2026-02-04) • Updated input 'disko': 'github:nix-community/disko/00395d188e3594a1507f214a2f15d4ce5c07cb28?narHash=sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q%3D' (2026-01-20) → 'github:nix-community/disko/71a3fc97d80881e91710fe721f1158d3b96ae14d?narHash=sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE%3D' (2026-01-27) • Updated input 'disko/nixpkgs': 'github:NixOS/nixpkgs/3327b113f2ef698d380df83fbccefad7e83d7769?narHash=sha256-MJwOjrIISfOpdI9x4C%2B5WFQXvHtOuj5mqLZ4TMEtk1M%3D' (2026-01-17) → 'github:NixOS/nixpkgs/48698d12cc10555a4f3e3222d9c669b884a49dfe?narHash=sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv%2B6jcvA212M%3D' (2026-01-25) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/80daad04eddbbf5a4d883996a73f3f542fa437ac?narHash=sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY%3D' (2026-01-11) → 'github:hercules-ci/flake-parts/57928607ea566b5db3ad13af0e57e921e6b12381?narHash=sha256-AnYjnFWgS49RlqX7LrC4uA%2BsCCDBj0Ry/WOJ5XWAsa0%3D' (2026-02-02) • Updated input 'flake-parts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/2075416fcb47225d9b68ac469a5c4801a9c4dd85?narHash=sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo%3D' (2025-12-14) → 'github:nix-community/nixpkgs.lib/72716169fe93074c333e8d0173151350670b824c?narHash=sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ%2BQDT/KDuyHXVJOpM%3D' (2026-02-01) • Updated input 'home-manager': 'github:nix-community/home-manager/63a87808f5f9b6e4195a1d33f6ea25d23f4aa0df?narHash=sha256-zyMpWHqcpKVmRc1W2NEK7DAuyVJZV62Jdjqudg70b1k%3D' (2026-01-20) → 'github:nix-community/home-manager/6a1f7101d2c3ee87d485a87880d73b4665c6a4bd?narHash=sha256-ZwU5wXKNqpOQvjNz6aBp1j5peiBZow1%2B%2B6pLnk5VAhs%3D' (2026-02-12) • Updated input 'impermanence': 'github:nix-community/impermanence/0d633a69480bb3a3e2f18c080d34a8fa81da6395?narHash=sha256-6nY0ixjGjPQCL%2B/sUC1B1MRiO1LOI3AkRSIywm3i3bE%3D' (2026-01-19) → 'github:nix-community/impermanence/7b1d382faf603b6d264f58627330f9faa5cba149?narHash=sha256-03%2BJxvzmfwRu%2B5JafM0DLbxgHttOQZkUtDWBmeUkN8Y%3D' (2026-01-27) • Updated input 'niri-flake': 'github:sodiboo/niri-flake/6581f5458309233622c1b73c8902dcaea7be16eb?narHash=sha256-ct4qxmFJeJbaJKiOnXOZmRmVmk7TpT%2BlohuTgTr%2BkYQ%3D' (2026-01-20) → 'github:sodiboo/niri-flake/7634add8bf2dd225d04f535de4bd0ee60982f367?narHash=sha256-QgJZ%2BW6YE6nAzO/m7ezamAzr9DTflIEXRozMivL0%2Bhc%3D' (2026-02-11) • Updated input 'niri-flake/niri-unstable': 'github:YaLTeR/niri/d7184a04b904e07113f4623610775ae78d32394c?narHash=sha256-Ub8eed4DsfIDWyg30xEe%2B8bSxL/z5Af/gCjmvJ0V/Hs%3D' (2026-01-17) → 'github:YaLTeR/niri/41b5de87692b8262fbdbff7faab93f04ff0be453?narHash=sha256-8GzUa8bCyQ688jYW2waXrOqetTr7oV8UPTO2He%2B5Hsg%3D' (2026-02-10) • Updated input 'niri-flake/nixpkgs': 'github:NixOS/nixpkgs/e4bae1bd10c9c57b2cf517953ab70060a828ee6f?narHash=sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc%3D' (2026-01-16) → 'github:NixOS/nixpkgs/d6c71932130818840fc8fe9509cf50be8c64634f?narHash=sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84%3D' (2026-02-08) • Updated input 'niri-flake/nixpkgs-stable': 'github:NixOS/nixpkgs/77ef7a29d276c6d8303aece3444d61118ef71ac2?narHash=sha256-XsM7GP3jHlephymxhDE%2B/TKKO1Q16phz/vQiLBGhpF4%3D' (2026-01-18) → 'github:NixOS/nixpkgs/6c5e707c6b5339359a9a9e215c5e66d6d802fd7a?narHash=sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs%3D' (2026-02-11) • Updated input 'niri-flake/xwayland-satellite-unstable': 'github:Supreeeme/xwayland-satellite/ed1cef792b4def3321ff9ab5479df09609f17a69?narHash=sha256-C1JbyJ3ftogmN3vmLNfyPtnJw2wY64TiUTIhFtk1Leg%3D' (2026-01-18) → 'github:Supreeeme/xwayland-satellite/86f5bd5d867ad6e120935dfe825f6b903ebbeddd?narHash=sha256-Q75S8cEqJoZ92s1y4zArvk2U1ayAy2E4SaF7gbNXkYQ%3D' (2026-02-08) • Updated input 'nix-ai-tools': 'github:numtide/llm-agents.nix/78f3fdc13ef903475aa5bfc0f85eeefaa36af837?narHash=sha256-gFoGvnW2YDWsxKD56kdiXbhh9vBPAU3yusssbXF0UMo%3D' (2026-01-20) → 'github:numtide/llm-agents.nix/266d4d8a55eef6dd23cd0adced301053d8fc23c9?narHash=sha256-HQXK2CXAhBuTBw99Ip018Vp9MMAPfJVywgRrkwMUgMc%3D' (2026-02-12) • Updated input 'nix-ai-tools/blueprint': 'github:numtide/blueprint/0ed984d51a3031065925ab08812a5434f40b93d4?narHash=sha256-BJDu7dIMauO2nYRSL4aI8wDNtEm2KOb7lDKP3hxdrpo%3D' (2026-01-02) → 'github:numtide/blueprint/c7da5c70ad1c9b60b6f5d4f674fbe205d48d8f6c?narHash=sha256-zI%2B7cbMI4wMIR57jMjDSEsVb3grapTnURDxxJPYFIW0%3D' (2026-01-25) • Updated input 'nix-ai-tools/nixpkgs': 'github:NixOS/nixpkgs/bde09022887110deb780067364a0818e89258968?narHash=sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo%2Bw8KsY4%3D' (2026-01-19) → 'github:NixOS/nixpkgs/2343bbb58f99267223bc2aac4fc9ea301a155a16?narHash=sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8%3D' (2026-02-11) • Updated input 'nix-ai-tools/treefmt-nix': 'github:numtide/treefmt-nix/e96d59dff5c0d7fddb9d113ba108f03c3ef99eca?narHash=sha256-67vyT1%2BxClLldnumAzCTBvU0jLZ1YBcf4vANRWP3%2BAk%3D' (2026-01-11) → 'github:numtide/treefmt-nix/337a4fe074be1042a35086f15481d763b8ddc0e7?narHash=sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD%2BFyxk%3D' (2026-02-04) • Updated input 'nix-index-database': 'github:nix-community/nix-index-database/82befcf7dc77c909b0f2a09f5da910ec95c5b78f?narHash=sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws%3D' (2025-12-09) → 'github:nix-community/nix-index-database/2684bb8080a6f2ca5f9d494de5ef875bc1c4ecdb?narHash=sha256-hy0gcAgAcxrnSWKGuNO%2BOb0x6jQ2xkR6hoaR0qJBHYs%3D' (2026-02-05) • Updated input 'nixos-cli': 'github:nix-community/nixos-cli/5e79001c7a8b556c3c61d4ef38f0f0fa1187ee90?narHash=sha256-6w1Mhg6%2B46LlaheCa1O/jIk02ukerZ7DdUf9GlQVGxc%3D' (2026-01-18) → 'github:nix-community/nixos-cli/9a2e97e8832b211df22c5cb21a55ebf1c3eb2be1?narHash=sha256-TFRhwVzPg3ly388J3CYYvjrma/dWjsBVpNE437bWeHk%3D' (2026-02-12) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/e4bae1bd10c9c57b2cf517953ab70060a828ee6f?narHash=sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc%3D' (2026-01-16) → 'github:nixos/nixpkgs/d6c71932130818840fc8fe9509cf50be8c64634f?narHash=sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84%3D' (2026-02-08) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/77ef7a29d276c6d8303aece3444d61118ef71ac2?narHash=sha256-XsM7GP3jHlephymxhDE%2B/TKKO1Q16phz/vQiLBGhpF4%3D' (2026-01-18) → 'github:nixos/nixpkgs/6c5e707c6b5339359a9a9e215c5e66d6d802fd7a?narHash=sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs%3D' (2026-02-11) • Updated input 'noctalia': 'github:noctalia-dev/noctalia-shell/1ef5c0eb307e8a4f30dfa6bcc75cf90ae8c6af46?narHash=sha256-T4H/VMjGwBuHEIrPYWfXQ73XV0foCuFGgH7k3SNSJDo%3D' (2026-01-20) → 'github:noctalia-dev/noctalia-shell/d87364964948b9d691f8363f85a5e23bee154df9?narHash=sha256-xg40mnp5KKBepACmvlPzmn5iPyUBxktfv50saSVUn0M%3D' (2026-02-12) • Updated input 'stylix': 'github:danth/stylix/06684f00cfbee14da96fd4307b966884de272d3a?narHash=sha256-3%2Bh7OxqfrPIB/tRsiZXWE9sCbTm7NQN5Ie428p%2BS6BA%3D' (2026-01-18) → 'github:danth/stylix/db03fed72e5ca02be34e1d24789345a943329738?narHash=sha256-QHFYyngohNhih4w%2B3IqQty5DV%2Bp1txsx1kkk6XJWar8%3D' (2026-02-12) • Updated input 'vicinae': 'github:vicinaehq/vicinae/934bc0ad47be6dbd6498a0dac655c4613fd0ab27?narHash=sha256-u5bWDuwk6oieTnvm1YjNotcYK8iJSddH5%2BS68%2BX4TSc%3D' (2026-01-19) → 'github:vicinaehq/vicinae/0c70267ab7e07d7972012fcf8ae58808a32a2e86?narHash=sha256-21lurBRyHgJbVD3E0/i7Fhxi4rBUxyznGfKpdGVtEdc%3D' (2026-02-12) • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/37149a5b77e8fd2b5332e8cec9edf39ca5b8e8bc?narHash=sha256-w10iy/aqd5LtD78NDWWG%2BeKGzkb%2BcGhAAo7PVciLbWE%3D' (2026-01-20) → 'github:0xc000022070/zen-browser-flake/0078cf2d5e81eb56a9356d51f2738f7141194de1?narHash=sha256-iJ9c0ZewfRRYUflaEOj43n5TWaB6Ezygn2UA/ZHGQJA%3D' (2026-02-12) • Updated input 'zen-browser/home-manager': 'github:nix-community/home-manager/b4d88c9ac42ae1a745283f6547701da43b6e9f9b?narHash=sha256-cJbFn17oyg6qAraLr%2BNVeNJrXsrzJdrudkzI4H2iTcg%3D' (2026-01-14) → 'github:nix-community/home-manager/f4ad5068ee8e89e4a7c2e963e10dd35cd77b37b7?narHash=sha256-07HMIGQ/WJeAQJooA7Kkg1SDKxhAiV6eodvOwTX6WKI%3D' (2026-01-31) • Updated input 'zen-browser/nixpkgs': 'github:nixos/nixpkgs/ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38?narHash=sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs%3D' (2026-01-11) → 'github:nixos/nixpkgs/bfc1b8a4574108ceef22f02bafcf6611380c100d?narHash=sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI%3D' (2026-01-26) --- flake.lock | 156 ++++++++++++++++++++++++++--------------------------- 1 file changed, 78 insertions(+), 78 deletions(-) diff --git a/flake.lock b/flake.lock index 05b233b..806550a 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1762618334, - "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "lastModified": 1770165109, + "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", "owner": "ryantm", "repo": "agenix", - "rev": "fcdea223397448d35d9b31f798479227e80183f6", + "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", "type": "github" }, "original": { @@ -100,11 +100,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1767386128, - "narHash": "sha256-BJDu7dIMauO2nYRSL4aI8wDNtEm2KOb7lDKP3hxdrpo=", + "lastModified": 1769353768, + "narHash": "sha256-zI+7cbMI4wMIR57jMjDSEsVb3grapTnURDxxJPYFIW0=", "owner": "numtide", "repo": "blueprint", - "rev": "0ed984d51a3031065925ab08812a5434f40b93d4", + "rev": "c7da5c70ad1c9b60b6f5d4f674fbe205d48d8f6c", "type": "github" }, "original": { @@ -140,11 +140,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1768923567, - "narHash": "sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q=", + "lastModified": 1769524058, + "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=", "owner": "nix-community", "repo": "disko", - "rev": "00395d188e3594a1507f214a2f15d4ce5c07cb28", + "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d", "type": "github" }, "original": { @@ -206,11 +206,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1768135262, - "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "type": "github" }, "original": { @@ -342,11 +342,11 @@ ] }, "locked": { - "lastModified": 1768927746, - "narHash": "sha256-zyMpWHqcpKVmRc1W2NEK7DAuyVJZV62Jdjqudg70b1k=", + "lastModified": 1770915843, + "narHash": "sha256-ZwU5wXKNqpOQvjNz6aBp1j5peiBZow1++6pLnk5VAhs=", "owner": "nix-community", "repo": "home-manager", - "rev": "63a87808f5f9b6e4195a1d33f6ea25d23f4aa0df", + "rev": "6a1f7101d2c3ee87d485a87880d73b4665c6a4bd", "type": "github" }, "original": { @@ -385,11 +385,11 @@ ] }, "locked": { - "lastModified": 1768434960, - "narHash": "sha256-cJbFn17oyg6qAraLr+NVeNJrXsrzJdrudkzI4H2iTcg=", + "lastModified": 1769872935, + "narHash": "sha256-07HMIGQ/WJeAQJooA7Kkg1SDKxhAiV6eodvOwTX6WKI=", "owner": "nix-community", "repo": "home-manager", - "rev": "b4d88c9ac42ae1a745283f6547701da43b6e9f9b", + "rev": "f4ad5068ee8e89e4a7c2e963e10dd35cd77b37b7", "type": "github" }, "original": { @@ -404,11 +404,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1768835187, - "narHash": "sha256-6nY0ixjGjPQCL+/sUC1B1MRiO1LOI3AkRSIywm3i3bE=", + "lastModified": 1769548169, + "narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=", "owner": "nix-community", "repo": "impermanence", - "rev": "0d633a69480bb3a3e2f18c080d34a8fa81da6395", + "rev": "7b1d382faf603b6d264f58627330f9faa5cba149", "type": "github" }, "original": { @@ -462,11 +462,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1768877436, - "narHash": "sha256-ct4qxmFJeJbaJKiOnXOZmRmVmk7TpT+lohuTgTr+kYQ=", + "lastModified": 1770844822, + "narHash": "sha256-QgJZ+W6YE6nAzO/m7ezamAzr9DTflIEXRozMivL0+hc=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "6581f5458309233622c1b73c8902dcaea7be16eb", + "rev": "7634add8bf2dd225d04f535de4bd0ee60982f367", "type": "github" }, "original": { @@ -495,11 +495,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1768678265, - "narHash": "sha256-Ub8eed4DsfIDWyg30xEe+8bSxL/z5Af/gCjmvJ0V/Hs=", + "lastModified": 1770735554, + "narHash": "sha256-8GzUa8bCyQ688jYW2waXrOqetTr7oV8UPTO2He+5Hsg=", "owner": "YaLTeR", "repo": "niri", - "rev": "d7184a04b904e07113f4623610775ae78d32394c", + "rev": "41b5de87692b8262fbdbff7faab93f04ff0be453", "type": "github" }, "original": { @@ -515,11 +515,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1768922080, - "narHash": "sha256-gFoGvnW2YDWsxKD56kdiXbhh9vBPAU3yusssbXF0UMo=", + "lastModified": 1770907059, + "narHash": "sha256-HQXK2CXAhBuTBw99Ip018Vp9MMAPfJVywgRrkwMUgMc=", "owner": "numtide", "repo": "llm-agents.nix", - "rev": "78f3fdc13ef903475aa5bfc0f85eeefaa36af837", + "rev": "266d4d8a55eef6dd23cd0adced301053d8fc23c9", "type": "github" }, "original": { @@ -551,11 +551,11 @@ ] }, "locked": { - "lastModified": 1765267181, - "narHash": "sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws=", + "lastModified": 1770315571, + "narHash": "sha256-hy0gcAgAcxrnSWKGuNO+Ob0x6jQ2xkR6hoaR0qJBHYs=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "82befcf7dc77c909b0f2a09f5da910ec95c5b78f", + "rev": "2684bb8080a6f2ca5f9d494de5ef875bc1c4ecdb", "type": "github" }, "original": { @@ -572,11 +572,11 @@ "optnix": "optnix" }, "locked": { - "lastModified": 1768778579, - "narHash": "sha256-6w1Mhg6+46LlaheCa1O/jIk02ukerZ7DdUf9GlQVGxc=", + "lastModified": 1770862985, + "narHash": "sha256-TFRhwVzPg3ly388J3CYYvjrma/dWjsBVpNE437bWeHk=", "owner": "nix-community", "repo": "nixos-cli", - "rev": "5e79001c7a8b556c3c61d4ef38f0f0fa1187ee90", + "rev": "9a2e97e8832b211df22c5cb21a55ebf1c3eb2be1", "type": "github" }, "original": { @@ -587,11 +587,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1768661221, - "narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=", + "lastModified": 1769330179, + "narHash": "sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv+6jcvA212M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3327b113f2ef698d380df83fbccefad7e83d7769", + "rev": "48698d12cc10555a4f3e3222d9c669b884a49dfe", "type": "github" }, "original": { @@ -603,11 +603,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1765674936, - "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", + "lastModified": 1769909678, + "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", + "rev": "72716169fe93074c333e8d0173151350670b824c", "type": "github" }, "original": { @@ -633,11 +633,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1768773494, - "narHash": "sha256-XsM7GP3jHlephymxhDE+/TKKO1Q16phz/vQiLBGhpF4=", + "lastModified": 1770770419, + "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "77ef7a29d276c6d8303aece3444d61118ef71ac2", + "rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a", "type": "github" }, "original": { @@ -649,11 +649,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1768773494, - "narHash": "sha256-XsM7GP3jHlephymxhDE+/TKKO1Q16phz/vQiLBGhpF4=", + "lastModified": 1770770419, + "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "77ef7a29d276c6d8303aece3444d61118ef71ac2", + "rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a", "type": "github" }, "original": { @@ -681,11 +681,11 @@ }, "nixpkgs_11": { "locked": { - "lastModified": 1768127708, - "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", + "lastModified": 1769461804, + "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38", + "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", "type": "github" }, "original": { @@ -729,11 +729,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1768564909, - "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", + "lastModified": 1770562336, + "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", + "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", "type": "github" }, "original": { @@ -745,11 +745,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1768783163, - "narHash": "sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo+w8KsY4=", + "lastModified": 1770843696, + "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bde09022887110deb780067364a0818e89258968", + "rev": "2343bbb58f99267223bc2aac4fc9ea301a155a16", "type": "github" }, "original": { @@ -793,11 +793,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1768564909, - "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", + "lastModified": 1770562336, + "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", + "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", "type": "github" }, "original": { @@ -830,11 +830,11 @@ ] }, "locked": { - "lastModified": 1768924718, - "narHash": "sha256-T4H/VMjGwBuHEIrPYWfXQ73XV0foCuFGgH7k3SNSJDo=", + "lastModified": 1770922006, + "narHash": "sha256-xg40mnp5KKBepACmvlPzmn5iPyUBxktfv50saSVUn0M=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "1ef5c0eb307e8a4f30dfa6bcc75cf90ae8c6af46", + "rev": "d87364964948b9d691f8363f85a5e23bee154df9", "type": "github" }, "original": { @@ -950,11 +950,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1768744881, - "narHash": "sha256-3+h7OxqfrPIB/tRsiZXWE9sCbTm7NQN5Ie428p+S6BA=", + "lastModified": 1770914701, + "narHash": "sha256-QHFYyngohNhih4w+3IqQty5DV+p1txsx1kkk6XJWar8=", "owner": "danth", "repo": "stylix", - "rev": "06684f00cfbee14da96fd4307b966884de272d3a", + "rev": "db03fed72e5ca02be34e1d24789345a943329738", "type": "github" }, "original": { @@ -1149,11 +1149,11 @@ ] }, "locked": { - "lastModified": 1768158989, - "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=", + "lastModified": 1770228511, + "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca", + "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7", "type": "github" }, "original": { @@ -1168,11 +1168,11 @@ "systems": "systems_5" }, "locked": { - "lastModified": 1768856963, - "narHash": "sha256-u5bWDuwk6oieTnvm1YjNotcYK8iJSddH5+S68+X4TSc=", + "lastModified": 1770912475, + "narHash": "sha256-21lurBRyHgJbVD3E0/i7Fhxi4rBUxyznGfKpdGVtEdc=", "owner": "vicinaehq", "repo": "vicinae", - "rev": "934bc0ad47be6dbd6498a0dac655c4613fd0ab27", + "rev": "0c70267ab7e07d7972012fcf8ae58808a32a2e86", "type": "github" }, "original": { @@ -1201,11 +1201,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1768765571, - "narHash": "sha256-C1JbyJ3ftogmN3vmLNfyPtnJw2wY64TiUTIhFtk1Leg=", + "lastModified": 1770583271, + "narHash": "sha256-Q75S8cEqJoZ92s1y4zArvk2U1ayAy2E4SaF7gbNXkYQ=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "ed1cef792b4def3321ff9ab5479df09609f17a69", + "rev": "86f5bd5d867ad6e120935dfe825f6b903ebbeddd", "type": "github" }, "original": { @@ -1220,11 +1220,11 @@ "nixpkgs": "nixpkgs_11" }, "locked": { - "lastModified": 1768919538, - "narHash": "sha256-w10iy/aqd5LtD78NDWWG+eKGzkb+cGhAAo7PVciLbWE=", + "lastModified": 1770919290, + "narHash": "sha256-iJ9c0ZewfRRYUflaEOj43n5TWaB6Ezygn2UA/ZHGQJA=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "37149a5b77e8fd2b5332e8cec9edf39ca5b8e8bc", + "rev": "0078cf2d5e81eb56a9356d51f2738f7141194de1", "type": "github" }, "original": { From 8f98f7d420f4ee6747d839160b8275d1581c2626 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 12 Feb 2026 18:50:38 -0300 Subject: [PATCH 101/138] nixfmt --- aspects/ai.nix | 20 +- aspects/bluetooth.nix | 13 +- aspects/cli/btop.nix | 23 +- aspects/cli/comma.nix | 16 +- aspects/cli/direnv.nix | 17 +- aspects/cli/helix.nix | 89 +++-- aspects/cli/hm-cli.nix | 19 +- aspects/cli/starship.nix | 77 ++-- aspects/cli/tmux.nix | 23 +- aspects/common/boot.nix | 28 +- aspects/common/console.nix | 12 +- aspects/common/firewall.nix | 12 +- aspects/common/locale.nix | 34 +- aspects/common/nix.nix | 62 +-- aspects/common/openssh.nix | 18 +- aspects/common/services.nix | 14 +- aspects/common/tailscale.nix | 12 +- aspects/constants.nix | 26 +- aspects/desktop/boot.nix | 51 +-- aspects/desktop/desktop.nix | 541 +++++++++++++------------- aspects/desktop/niri.nix | 10 +- aspects/desktop/nix.nix | 25 +- aspects/desktop/services.nix | 27 +- aspects/dev.nix | 37 +- aspects/ephemeral.nix | 23 +- aspects/fwupd.nix | 13 +- aspects/gaming/flatpak.nix | 40 +- aspects/gaming/hardware.nix | 14 +- aspects/gaming/launchers.nix | 16 +- aspects/gaming/mangohud.nix | 72 ++-- aspects/gaming/steam.nix | 22 +- aspects/hosts/_alexandria/unbound.nix | 3 +- aspects/hosts/_trantor/nginx.nix | 4 +- aspects/hosts/alexandria.nix | 1 + aspects/libvirtd.nix | 35 +- aspects/networkmanager.nix | 21 +- aspects/server/boot.nix | 13 +- aspects/server/nix.nix | 25 +- aspects/server/tailscale.nix | 25 +- aspects/shell/bash.nix | 17 +- aspects/shell/fish.nix | 65 ++-- packages/claude-desktop.nix | 3 +- packages/overlays.nix | 19 +- terranix/kernelpanic.space.nix | 9 +- terranix/terminus.nix | 9 +- 45 files changed, 932 insertions(+), 723 deletions(-) diff --git a/aspects/ai.nix b/aspects/ai.nix index 6befeae..f67bbbc 100644 --- a/aspects/ai.nix +++ b/aspects/ai.nix @@ -1,12 +1,14 @@ { ... }: { - flake.modules.nixos.ai = { inputs, pkgs, ... }: { - environment.systemPackages = - (with pkgs; [claude-desktop]) ++ - (with inputs.nix-ai-tools.packages.${pkgs.system}; [ - claude-code - claudebox - opencode - ]); - }; + flake.modules.nixos.ai = + { inputs, pkgs, ... }: + { + environment.systemPackages = + (with pkgs; [ claude-desktop ]) + ++ (with inputs.nix-ai-tools.packages.${pkgs.system}; [ + claude-code + claudebox + opencode + ]); + }; } diff --git a/aspects/bluetooth.nix b/aspects/bluetooth.nix index 222bdf2..2027ac1 100644 --- a/aspects/bluetooth.nix +++ b/aspects/bluetooth.nix @@ -1,6 +1,13 @@ { ... }: { - flake.modules.nixos.bluetooth = { config, lib, pkgs, ... }: { - hardware.bluetooth.enable = true; - }; + flake.modules.nixos.bluetooth = + { + config, + lib, + pkgs, + ... + }: + { + hardware.bluetooth.enable = true; + }; } diff --git a/aspects/cli/btop.nix b/aspects/cli/btop.nix index 09a815e..2b9c3fc 100644 --- a/aspects/cli/btop.nix +++ b/aspects/cli/btop.nix @@ -1,13 +1,20 @@ { ... }: { - flake.modules.homeManager.cli-btop = { config, lib, pkgs, ... }: { - programs.btop = { - enable = true; - settings = { - theme_background = false; - proc_sorting = "cpu direct"; - update_ms = 500; + flake.modules.homeManager.cli-btop = + { + config, + lib, + pkgs, + ... + }: + { + programs.btop = { + enable = true; + settings = { + theme_background = false; + proc_sorting = "cpu direct"; + update_ms = 500; + }; }; }; - }; } diff --git a/aspects/cli/comma.nix b/aspects/cli/comma.nix index b8e6c2a..71ddb9c 100644 --- a/aspects/cli/comma.nix +++ b/aspects/cli/comma.nix @@ -1,8 +1,16 @@ { ... }: { - flake.modules.homeManager.cli-comma = { config, lib, pkgs, inputs, ... }: { - imports = [ inputs.nix-index-database.homeModules.nix-index ]; + flake.modules.homeManager.cli-comma = + { + config, + lib, + pkgs, + inputs, + ... + }: + { + imports = [ inputs.nix-index-database.homeModules.nix-index ]; - programs.nix-index-database.comma.enable = true; - }; + programs.nix-index-database.comma.enable = true; + }; } diff --git a/aspects/cli/direnv.nix b/aspects/cli/direnv.nix index 4399283..60ea7ad 100644 --- a/aspects/cli/direnv.nix +++ b/aspects/cli/direnv.nix @@ -1,9 +1,16 @@ { ... }: { - flake.modules.homeManager.cli-direnv = { config, lib, pkgs, ... }: { - programs.direnv = { - enable = true; - nix-direnv.enable = true; + flake.modules.homeManager.cli-direnv = + { + config, + lib, + pkgs, + ... + }: + { + programs.direnv = { + enable = true; + nix-direnv.enable = true; + }; }; - }; } diff --git a/aspects/cli/helix.nix b/aspects/cli/helix.nix index 1fa2baf..fe0cf74 100644 --- a/aspects/cli/helix.nix +++ b/aspects/cli/helix.nix @@ -1,50 +1,57 @@ { ... }: { - flake.modules.homeManager.cli-helix = { config, lib, pkgs, ... }: { - home.sessionVariables = { - EDITOR = "hx"; - }; + flake.modules.homeManager.cli-helix = + { + config, + lib, + pkgs, + ... + }: + { + home.sessionVariables = { + EDITOR = "hx"; + }; - programs.helix = { - enable = true; - settings = { - editor = { - file-picker.hidden = false; - idle-timeout = 0; - line-number = "relative"; - cursor-shape = { - normal = "underline"; - insert = "bar"; - select = "underline"; + programs.helix = { + enable = true; + settings = { + editor = { + file-picker.hidden = false; + idle-timeout = 0; + line-number = "relative"; + cursor-shape = { + normal = "underline"; + insert = "bar"; + select = "underline"; + }; + soft-wrap.enable = true; + auto-format = true; + indent-guides.render = true; }; - soft-wrap.enable = true; - auto-format = true; - indent-guides.render = true; - }; - keys.normal = { - space = { - o = "file_picker_in_current_buffer_directory"; - esc = [ - "collapse_selection" - "keep_primary_selection" - ]; + keys.normal = { + space = { + o = "file_picker_in_current_buffer_directory"; + esc = [ + "collapse_selection" + "keep_primary_selection" + ]; + }; }; }; - }; - languages = { - language = [ - { - name = "nix"; - auto-format = true; - formatter.command = "nixfmt"; - } - { - name = "typst"; - auto-format = true; - formatter.command = "typstyle -c 1000 -i"; - } - ]; + languages = { + language = [ + { + name = "nix"; + auto-format = true; + formatter.command = "nixfmt"; + } + { + name = "typst"; + auto-format = true; + formatter.command = "typstyle -c 1000 -i"; + } + ]; + }; }; }; - }; } diff --git a/aspects/cli/hm-cli.nix b/aspects/cli/hm-cli.nix index acee59d..7064a3f 100644 --- a/aspects/cli/hm-cli.nix +++ b/aspects/cli/hm-cli.nix @@ -1,11 +1,18 @@ { ... }: { - flake.modules.homeManager.cli-base = { config, lib, pkgs, ... }: { - home = { - packages = with pkgs; [ hm-cli ]; - sessionVariables = { - HM_PATH = "/etc/nixos"; + flake.modules.homeManager.cli-base = + { + config, + lib, + pkgs, + ... + }: + { + home = { + packages = with pkgs; [ hm-cli ]; + sessionVariables = { + HM_PATH = "/etc/nixos"; + }; }; }; - }; } diff --git a/aspects/cli/starship.nix b/aspects/cli/starship.nix index e9884a7..7ba3a54 100644 --- a/aspects/cli/starship.nix +++ b/aspects/cli/starship.nix @@ -1,41 +1,48 @@ { ... }: { - flake.modules.homeManager.cli-starship = { config, lib, pkgs, ... }: { - programs.starship = { - enable = true; - enableBashIntegration = true; - enableFishIntegration = true; - settings = { - add_newline = false; - format = '' - $hostname$directory$git_branch$git_status$nix_shell - [ ❯ ](bold green) - ''; - right_format = "$cmd_duration$character"; - hostname = { - ssh_symbol = "󰖟 "; - }; - character = { - error_symbol = "[](red)"; - success_symbol = "[󱐋](green)"; - }; - cmd_duration = { - format = "[󰄉 $duration ]($style)"; - style = "yellow"; - min_time = 500; - }; - git_branch = { - symbol = " "; - style = "purple"; - }; - git_status.style = "red"; - nix_shell = { - format = "via [$symbol$state]($style)"; - heuristic = true; - style = "blue"; - symbol = "󱄅 "; + flake.modules.homeManager.cli-starship = + { + config, + lib, + pkgs, + ... + }: + { + programs.starship = { + enable = true; + enableBashIntegration = true; + enableFishIntegration = true; + settings = { + add_newline = false; + format = '' + $hostname$directory$git_branch$git_status$nix_shell + [ ❯ ](bold green) + ''; + right_format = "$cmd_duration$character"; + hostname = { + ssh_symbol = "󰖟 "; + }; + character = { + error_symbol = "[](red)"; + success_symbol = "[󱐋](green)"; + }; + cmd_duration = { + format = "[󰄉 $duration ]($style)"; + style = "yellow"; + min_time = 500; + }; + git_branch = { + symbol = " "; + style = "purple"; + }; + git_status.style = "red"; + nix_shell = { + format = "via [$symbol$state]($style)"; + heuristic = true; + style = "blue"; + symbol = "󱄅 "; + }; }; }; }; - }; } diff --git a/aspects/cli/tmux.nix b/aspects/cli/tmux.nix index 078a6aa..1238501 100644 --- a/aspects/cli/tmux.nix +++ b/aspects/cli/tmux.nix @@ -1,12 +1,19 @@ { ... }: { - flake.modules.homeManager.cli-tmux = { config, lib, pkgs, ... }: { - programs.tmux = { - enable = true; - clock24 = true; - terminal = "xterm-256color"; - mouse = true; - keyMode = "vi"; + flake.modules.homeManager.cli-tmux = + { + config, + lib, + pkgs, + ... + }: + { + programs.tmux = { + enable = true; + clock24 = true; + terminal = "xterm-256color"; + mouse = true; + keyMode = "vi"; + }; }; - }; } diff --git a/aspects/common/boot.nix b/aspects/common/boot.nix index 109d6f2..b74b68c 100644 --- a/aspects/common/boot.nix +++ b/aspects/common/boot.nix @@ -1,21 +1,23 @@ { ... }: { - flake.modules.nixos.common-boot = { pkgs, ... }: { - boot = { - loader = { - timeout = 1; - efi.canTouchEfiVariables = true; - systemd-boot = { - enable = true; - editor = false; - consoleMode = "max"; - sortKey = "aa"; - netbootxyz = { + flake.modules.nixos.common-boot = + { pkgs, ... }: + { + boot = { + loader = { + timeout = 1; + efi.canTouchEfiVariables = true; + systemd-boot = { enable = true; - sortKey = "zz"; + editor = false; + consoleMode = "max"; + sortKey = "aa"; + netbootxyz = { + enable = true; + sortKey = "zz"; + }; }; }; }; }; - }; } diff --git a/aspects/common/console.nix b/aspects/common/console.nix index 6f6be9f..128b914 100644 --- a/aspects/common/console.nix +++ b/aspects/common/console.nix @@ -1,9 +1,11 @@ { ... }: { - flake.modules.nixos.common-console = { ... }: { - console = { - useXkbConfig = true; - earlySetup = true; + flake.modules.nixos.common-console = + { ... }: + { + console = { + useXkbConfig = true; + earlySetup = true; + }; }; - }; } diff --git a/aspects/common/firewall.nix b/aspects/common/firewall.nix index af1a8f7..0e5297d 100644 --- a/aspects/common/firewall.nix +++ b/aspects/common/firewall.nix @@ -1,9 +1,11 @@ { ... }: { - flake.modules.nixos.common-firewall = { ... }: { - networking = { - firewall.enable = true; - nftables.enable = true; + flake.modules.nixos.common-firewall = + { ... }: + { + networking = { + firewall.enable = true; + nftables.enable = true; + }; }; - }; } diff --git a/aspects/common/locale.nix b/aspects/common/locale.nix index 2b91759..a6b5754 100644 --- a/aspects/common/locale.nix +++ b/aspects/common/locale.nix @@ -1,22 +1,24 @@ { ... }: { - flake.modules.nixos.common-locale = { ... }: { - time.timeZone = "America/Bahia"; + flake.modules.nixos.common-locale = + { ... }: + { + time.timeZone = "America/Bahia"; - i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocaleSettings = { - LC_ADDRESS = "pt_BR.utf8"; - LC_COLLATE = "pt_BR.utf8"; - LC_IDENTIFICATION = "pt_BR.utf8"; - LC_MEASUREMENT = "pt_BR.utf8"; - LC_MONETARY = "pt_BR.utf8"; - LC_NAME = "pt_BR.utf8"; - LC_NUMERIC = "pt_BR.utf8"; - LC_PAPER = "pt_BR.utf8"; - LC_TELEPHONE = "pt_BR.utf8"; - LC_TIME = "en_IE.utf8"; + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocaleSettings = { + LC_ADDRESS = "pt_BR.utf8"; + LC_COLLATE = "pt_BR.utf8"; + LC_IDENTIFICATION = "pt_BR.utf8"; + LC_MEASUREMENT = "pt_BR.utf8"; + LC_MONETARY = "pt_BR.utf8"; + LC_NAME = "pt_BR.utf8"; + LC_NUMERIC = "pt_BR.utf8"; + LC_PAPER = "pt_BR.utf8"; + LC_TELEPHONE = "pt_BR.utf8"; + LC_TIME = "en_IE.utf8"; + }; }; }; - }; } diff --git a/aspects/common/nix.nix b/aspects/common/nix.nix index 414c315..cd76f62 100644 --- a/aspects/common/nix.nix +++ b/aspects/common/nix.nix @@ -1,39 +1,41 @@ { ... }: { - flake.modules.nixos.common-nix = { inputs, ... }: { - imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; + flake.modules.nixos.common-nix = + { inputs, ... }: + { + imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; - nix = { - settings = { - auto-optimise-store = true; - connect-timeout = 10; - log-lines = 25; - min-free = 128000000; - max-free = 1000000000; - trusted-users = [ "@wheel" ]; + nix = { + settings = { + auto-optimise-store = true; + connect-timeout = 10; + log-lines = 25; + min-free = 128000000; + max-free = 1000000000; + trusted-users = [ "@wheel" ]; + }; + extraOptions = "experimental-features = nix-command flakes"; + gc = { + automatic = true; + options = "--delete-older-than 8d"; + }; }; - extraOptions = "experimental-features = nix-command flakes"; - gc = { - automatic = true; - options = "--delete-older-than 8d"; + + nixpkgs.config = { + allowUnfree = true; + enableParallelBuilding = true; + buildManPages = false; + buildDocs = false; }; - }; - nixpkgs.config = { - allowUnfree = true; - enableParallelBuilding = true; - buildManPages = false; - buildDocs = false; - }; - - services.nixos-cli = { - enable = true; - config = { - use_nvd = true; - ignore_dirty_tree = true; + services.nixos-cli = { + enable = true; + config = { + use_nvd = true; + ignore_dirty_tree = true; + }; }; - }; - system.stateVersion = "22.11"; - }; + system.stateVersion = "22.11"; + }; } diff --git a/aspects/common/openssh.nix b/aspects/common/openssh.nix index c515d81..b8179f2 100644 --- a/aspects/common/openssh.nix +++ b/aspects/common/openssh.nix @@ -1,12 +1,14 @@ { ... }: { - flake.modules.nixos.common-openssh = { ... }: { - services.openssh = { - enable = true; - settings.PermitRootLogin = "no"; - extraConfig = '' - PrintLastLog no - ''; + flake.modules.nixos.common-openssh = + { ... }: + { + services.openssh = { + enable = true; + settings.PermitRootLogin = "no"; + extraConfig = '' + PrintLastLog no + ''; + }; }; - }; } diff --git a/aspects/common/services.nix b/aspects/common/services.nix index befdbb9..e05dcf0 100644 --- a/aspects/common/services.nix +++ b/aspects/common/services.nix @@ -1,10 +1,12 @@ { ... }: { - flake.modules.nixos.common-services = { ... }: { - services = { - dbus.implementation = "broker"; - irqbalance.enable = true; - fstrim.enable = true; + flake.modules.nixos.common-services = + { ... }: + { + services = { + dbus.implementation = "broker"; + irqbalance.enable = true; + fstrim.enable = true; + }; }; - }; } diff --git a/aspects/common/tailscale.nix b/aspects/common/tailscale.nix index 13eb82a..74381ac 100644 --- a/aspects/common/tailscale.nix +++ b/aspects/common/tailscale.nix @@ -1,9 +1,11 @@ { ... }: { - flake.modules.nixos.common-tailscale = { ... }: { - services.tailscale = { - enable = true; - extraUpFlags = [ "--operator=user" ]; + flake.modules.nixos.common-tailscale = + { ... }: + { + services.tailscale = { + enable = true; + extraUpFlags = [ "--operator=user" ]; + }; }; - }; } diff --git a/aspects/constants.nix b/aspects/constants.nix index 2d980e1..7d77098 100644 --- a/aspects/constants.nix +++ b/aspects/constants.nix @@ -54,12 +54,15 @@ let sharedData = import ../data/services.nix; # Enrich services with host IP information - enrichServices = hosts: services: - map (svc: + enrichServices = + hosts: services: + map ( + svc: let - hostInfo = hosts.${svc.host} or {}; + hostInfo = hosts.${svc.host} or { }; in - svc // { + svc + // { lanIP = hostInfo.lanIP or null; tailscaleIP = hostInfo.tailscaleIP or null; } @@ -70,19 +73,19 @@ in options.flake = { hosts = lib.mkOption { type = lib.types.attrsOf hostType; - default = {}; + default = { }; description = "Host definitions with IP addresses"; }; services = lib.mkOption { type = lib.types.listOf serviceType; - default = []; + default = [ ]; description = "Service definitions with enriched host information"; }; lib = lib.mkOption { type = lib.types.attrsOf lib.types.raw; - default = {}; + default = { }; description = "Utility functions for flake configuration"; }; }; @@ -94,9 +97,11 @@ in lib = { # Nginx virtual host utilities - mkNginxVHosts = { domains }: + mkNginxVHosts = + { domains }: let - mkVHostConfig = domain: vhostConfig: + mkVHostConfig = + domain: vhostConfig: lib.recursiveUpdate { useACMEHost = domain; forceSSL = true; @@ -107,7 +112,8 @@ in # Split DNS utilities for unbound # Generates unbound view config from a list of DNS entries - mkSplitDNS = entries: + mkSplitDNS = + entries: let tailscaleData = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') entries; lanData = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') entries; diff --git a/aspects/desktop/boot.nix b/aspects/desktop/boot.nix index 48f879d..cd0fa9c 100644 --- a/aspects/desktop/boot.nix +++ b/aspects/desktop/boot.nix @@ -1,27 +1,34 @@ { ... }: { - flake.modules.nixos.desktop-boot = { config, lib, pkgs, ... }: { - boot = { - plymouth.enable = true; - initrd.systemd.enable = true; - loader.efi.efiSysMountPoint = "/boot/efi"; - kernelPackages = pkgs.linuxPackages_xanmod_latest; - extraModprobeConfig = '' - options bluetooth disable_ertm=1 - ''; - kernel.sysctl = { - "net.ipv4.tcp_mtu_probing" = 1; + flake.modules.nixos.desktop-boot = + { + config, + lib, + pkgs, + ... + }: + { + boot = { + plymouth.enable = true; + initrd.systemd.enable = true; + loader.efi.efiSysMountPoint = "/boot/efi"; + kernelPackages = pkgs.linuxPackages_xanmod_latest; + extraModprobeConfig = '' + options bluetooth disable_ertm=1 + ''; + kernel.sysctl = { + "net.ipv4.tcp_mtu_probing" = 1; + }; + kernelParams = [ + "quiet" + "splash" + "i2c-dev" + "i2c-piix4" + "loglevel=3" + "udev.log_priority=3" + "rd.udev.log_level=3" + "rd.systemd.show_status=false" + ]; }; - kernelParams = [ - "quiet" - "splash" - "i2c-dev" - "i2c-piix4" - "loglevel=3" - "udev.log_priority=3" - "rd.udev.log_level=3" - "rd.systemd.show_status=false" - ]; }; - }; } diff --git a/aspects/desktop/desktop.nix b/aspects/desktop/desktop.nix index f2298e7..fb54f55 100644 --- a/aspects/desktop/desktop.nix +++ b/aspects/desktop/desktop.nix @@ -4,289 +4,304 @@ }: { flake.modules = { - nixos.desktop-desktop = { config, lib, pkgs, ... }: { - imports = [ - inputs.niri-flake.nixosModules.niri - inputs.nix-flatpak.nixosModules.nix-flatpak - ]; - - environment = { - sessionVariables = { - KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir - NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland - }; - systemPackages = with pkgs; [ - ### Web ### - bitwarden-desktop - fragments - nextcloud-client - tor-browser - vesktop - inputs.zen-browser.packages."${system}".default - ### Office & Productivity ### - aspell - aspellDicts.de - aspellDicts.en - aspellDicts.en-computers - aspellDicts.pt_BR - papers - presenterm - rnote - ### Graphics & Design ### - gimp - inkscape - plasticity - ### System Utilities ### - adwaita-icon-theme - ghostty - gnome-disk-utility - junction - libfido2 - mission-center - nautilus - p7zip - rclone - toggleaudiosink - unrar - ### Media ### - decibels - loupe - obs-studio - showtime + nixos.desktop-desktop = + { + config, + lib, + pkgs, + ... + }: + { + imports = [ + inputs.niri-flake.nixosModules.niri + inputs.nix-flatpak.nixosModules.nix-flatpak ]; - }; - services = { - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - wireplumber.enable = true; - }; - greetd = { - enable = true; - settings = { - default_session = { - command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; - user = "greeter"; - }; - } - // lib.optionalAttrs (config.networking.hostName == "io") { - initial_session = { - command = "${config.programs.niri.package}/bin/niri-session"; - user = "user"; - }; + environment = { + sessionVariables = { + KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir + NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland }; - }; - flatpak = { - enable = true; - packages = [ + systemPackages = with pkgs; [ + ### Web ### + bitwarden-desktop + fragments + nextcloud-client + tor-browser + vesktop + inputs.zen-browser.packages."${system}".default ### Office & Productivity ### - "com.collabora.Office" + aspell + aspellDicts.de + aspellDicts.en + aspellDicts.en-computers + aspellDicts.pt_BR + papers + presenterm + rnote ### Graphics & Design ### - "com.boxy_svg.BoxySVG" - rec { - appId = "io.github.softfever.OrcaSlicer"; - sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; - bundle = "${pkgs.fetchurl { - url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; - inherit sha256; - }}"; - } + gimp + inkscape + plasticity ### System Utilities ### - "com.github.tchx84.Flatseal" - "com.rustdesk.RustDesk" - ]; - uninstallUnmanaged = true; - update.auto.enable = true; - }; - gvfs.enable = true; - }; - - security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority - - users = { - users.greeter = { - isSystemUser = true; - group = "greeter"; - }; - groups.greeter = { }; - }; - - programs = { - niri = { - enable = true; - package = inputs.niri.packages.${pkgs.system}.niri; - }; - kdeconnect = { - enable = true; - package = pkgs.valent; - }; - dconf.enable = true; - appimage = { - enable = true; - binfmt = true; - }; - }; - - niri-flake.cache.enable = false; - - fonts = { - fontDir.enable = true; - packages = with pkgs; [ - corefonts - inter - nerd-fonts.fira-code - noto-fonts-cjk-sans - noto-fonts-color-emoji - roboto - ]; - }; - - xdg.portal = { - extraPortals = with pkgs; [ - xdg-desktop-portal-gnome - xdg-desktop-portal-gtk - ]; - config = { - common.default = "*"; - niri.default = [ - "gtk" - "gnome" + adwaita-icon-theme + ghostty + gnome-disk-utility + junction + libfido2 + mission-center + nautilus + p7zip + rclone + toggleaudiosink + unrar + ### Media ### + decibels + loupe + obs-studio + showtime ]; }; - }; - }; - homeManager.desktop-desktop = { config, lib, pkgs, inputs, ... }: { - imports = [ inputs.vicinae.homeManagerModules.default ]; - - fonts.fontconfig.enable = true; - - home.packages = with pkgs; [ xwayland-satellite ]; - - services.vicinae = { - enable = true; - systemd = { - enable = true; - autoStart = true; + services = { + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + wireplumber.enable = true; + }; + greetd = { + enable = true; + settings = { + default_session = { + command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; + user = "greeter"; + }; + } + // lib.optionalAttrs (config.networking.hostName == "io") { + initial_session = { + command = "${config.programs.niri.package}/bin/niri-session"; + user = "user"; + }; + }; + }; + flatpak = { + enable = true; + packages = [ + ### Office & Productivity ### + "com.collabora.Office" + ### Graphics & Design ### + "com.boxy_svg.BoxySVG" + rec { + appId = "io.github.softfever.OrcaSlicer"; + sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; + bundle = "${pkgs.fetchurl { + url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; + inherit sha256; + }}"; + } + ### System Utilities ### + "com.github.tchx84.Flatseal" + "com.rustdesk.RustDesk" + ]; + uninstallUnmanaged = true; + update.auto.enable = true; + }; + gvfs.enable = true; }; - }; - programs = { - ghostty = { - enable = true; - settings = { - cursor-style = "block"; - shell-integration-features = "no-cursor"; - cursor-style-blink = false; - custom-shader = "${builtins.fetchurl { - url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; - sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; - }}"; - bell-features = ""; - gtk-titlebar-style = "tabs"; - keybind = [ "shift+enter=text:\\x1b\\r" ]; + security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority + + users = { + users.greeter = { + isSystemUser = true; + group = "greeter"; + }; + groups.greeter = { }; + }; + + programs = { + niri = { + enable = true; + package = inputs.niri.packages.${pkgs.system}.niri; + }; + kdeconnect = { + enable = true; + package = pkgs.valent; + }; + dconf.enable = true; + appimage = { + enable = true; + binfmt = true; }; }; - password-store = { - enable = true; - package = pkgs.pass-wayland; - }; - }; + niri-flake.cache.enable = false; - xdg = { - enable = true; - userDirs.enable = true; - mimeApps = { - enable = true; - defaultApplications = { - "text/html" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" + fonts = { + fontDir.enable = true; + packages = with pkgs; [ + corefonts + inter + nerd-fonts.fira-code + noto-fonts-cjk-sans + noto-fonts-color-emoji + roboto + ]; + }; + + xdg.portal = { + extraPortals = with pkgs; [ + xdg-desktop-portal-gnome + xdg-desktop-portal-gtk + ]; + config = { + common.default = "*"; + niri.default = [ + "gtk" + "gnome" ]; - "x-scheme-handler/http" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/https" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/about" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/unknown" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "image/jpeg" = "org.gnome.Loupe.desktop"; - "image/png" = "org.gnome.Loupe.desktop"; - "image/gif" = "org.gnome.Loupe.desktop"; - "image/webp" = "org.gnome.Loupe.desktop"; - "image/bmp" = "org.gnome.Loupe.desktop"; - "image/svg+xml" = "org.gnome.Loupe.desktop"; - "image/tiff" = "org.gnome.Loupe.desktop"; - "video/mp4" = "io.bassi.Showtime.desktop"; - "video/x-matroska" = "io.bassi.Showtime.desktop"; - "video/webm" = "io.bassi.Showtime.desktop"; - "video/mpeg" = "io.bassi.Showtime.desktop"; - "video/x-msvideo" = "io.bassi.Showtime.desktop"; - "video/quicktime" = "io.bassi.Showtime.desktop"; - "video/x-flv" = "io.bassi.Showtime.desktop"; - "audio/mpeg" = "io.bassi.Showtime.desktop"; - "audio/flac" = "io.bassi.Showtime.desktop"; - "audio/ogg" = "io.bassi.Showtime.desktop"; - "audio/wav" = "io.bassi.Showtime.desktop"; - "audio/mp4" = "io.bassi.Showtime.desktop"; - "audio/x-opus+ogg" = "io.bassi.Showtime.desktop"; - "application/pdf" = [ - "org.gnome.Papers.desktop" - "zen-browser.desktop" - ]; - "text/plain" = "Helix.desktop"; - "text/markdown" = "Helix.desktop"; - "text/x-log" = "Helix.desktop"; - "application/x-shellscript" = "Helix.desktop"; - "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = - "com.collabora.Office.desktop"; # DOCX - "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = - "com.collabora.Office.desktop"; # XLSX - "application/vnd.openxmlformats-officedocument.presentationml.presentation" = - "com.collabora.Office.desktop"; # PPTX - "application/vnd.oasis.opendocument.text" = "com.collabora.Office.desktop"; # ODT - "application/vnd.oasis.opendocument.spreadsheet" = "com.collabora.Office.desktop"; # ODS - "application/vnd.oasis.opendocument.presentation" = "com.collabora.Office.desktop"; # ODP - "application/msword" = "com.collabora.Office.desktop"; # DOC - "application/vnd.ms-excel" = "com.collabora.Office.desktop"; # XLS - "application/vnd.ms-powerpoint" = "com.collabora.Office.desktop"; # PPT - "application/zip" = "org.gnome.FileRoller.desktop"; - "application/x-tar" = "org.gnome.FileRoller.desktop"; - "application/x-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-bzip-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-xz-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-7z-compressed" = "org.gnome.FileRoller.desktop"; - "application/x-rar" = "org.gnome.FileRoller.desktop"; - "application/gzip" = "org.gnome.FileRoller.desktop"; - "application/x-bzip" = "org.gnome.FileRoller.desktop"; - "inode/directory" = "org.gnome.Nautilus.desktop"; }; }; }; - # Set Ghostty as default terminal - home.sessionVariables = { - TERMINAL = "ghostty"; + homeManager.desktop-desktop = + { + config, + lib, + pkgs, + inputs, + ... + }: + { + imports = [ inputs.vicinae.homeManagerModules.default ]; + + fonts.fontconfig.enable = true; + + home.packages = with pkgs; [ xwayland-satellite ]; + + services.vicinae = { + enable = true; + systemd = { + enable = true; + autoStart = true; + }; + }; + + programs = { + ghostty = { + enable = true; + settings = { + cursor-style = "block"; + shell-integration-features = "no-cursor"; + cursor-style-blink = false; + custom-shader = "${builtins.fetchurl { + url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; + sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; + }}"; + bell-features = ""; + gtk-titlebar-style = "tabs"; + keybind = [ "shift+enter=text:\\x1b\\r" ]; + }; + }; + + password-store = { + enable = true; + package = pkgs.pass-wayland; + }; + }; + + xdg = { + enable = true; + userDirs.enable = true; + mimeApps = { + enable = true; + defaultApplications = { + "text/html" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/http" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/https" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/about" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/unknown" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "image/jpeg" = "org.gnome.Loupe.desktop"; + "image/png" = "org.gnome.Loupe.desktop"; + "image/gif" = "org.gnome.Loupe.desktop"; + "image/webp" = "org.gnome.Loupe.desktop"; + "image/bmp" = "org.gnome.Loupe.desktop"; + "image/svg+xml" = "org.gnome.Loupe.desktop"; + "image/tiff" = "org.gnome.Loupe.desktop"; + "video/mp4" = "io.bassi.Showtime.desktop"; + "video/x-matroska" = "io.bassi.Showtime.desktop"; + "video/webm" = "io.bassi.Showtime.desktop"; + "video/mpeg" = "io.bassi.Showtime.desktop"; + "video/x-msvideo" = "io.bassi.Showtime.desktop"; + "video/quicktime" = "io.bassi.Showtime.desktop"; + "video/x-flv" = "io.bassi.Showtime.desktop"; + "audio/mpeg" = "io.bassi.Showtime.desktop"; + "audio/flac" = "io.bassi.Showtime.desktop"; + "audio/ogg" = "io.bassi.Showtime.desktop"; + "audio/wav" = "io.bassi.Showtime.desktop"; + "audio/mp4" = "io.bassi.Showtime.desktop"; + "audio/x-opus+ogg" = "io.bassi.Showtime.desktop"; + "application/pdf" = [ + "org.gnome.Papers.desktop" + "zen-browser.desktop" + ]; + "text/plain" = "Helix.desktop"; + "text/markdown" = "Helix.desktop"; + "text/x-log" = "Helix.desktop"; + "application/x-shellscript" = "Helix.desktop"; + "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = + "com.collabora.Office.desktop"; # DOCX + "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = + "com.collabora.Office.desktop"; # XLSX + "application/vnd.openxmlformats-officedocument.presentationml.presentation" = + "com.collabora.Office.desktop"; # PPTX + "application/vnd.oasis.opendocument.text" = "com.collabora.Office.desktop"; # ODT + "application/vnd.oasis.opendocument.spreadsheet" = "com.collabora.Office.desktop"; # ODS + "application/vnd.oasis.opendocument.presentation" = "com.collabora.Office.desktop"; # ODP + "application/msword" = "com.collabora.Office.desktop"; # DOC + "application/vnd.ms-excel" = "com.collabora.Office.desktop"; # XLS + "application/vnd.ms-powerpoint" = "com.collabora.Office.desktop"; # PPT + "application/zip" = "org.gnome.FileRoller.desktop"; + "application/x-tar" = "org.gnome.FileRoller.desktop"; + "application/x-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-bzip-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-xz-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-7z-compressed" = "org.gnome.FileRoller.desktop"; + "application/x-rar" = "org.gnome.FileRoller.desktop"; + "application/gzip" = "org.gnome.FileRoller.desktop"; + "application/x-bzip" = "org.gnome.FileRoller.desktop"; + "inode/directory" = "org.gnome.Nautilus.desktop"; + }; + }; + }; + + # Set Ghostty as default terminal + home.sessionVariables = { + TERMINAL = "ghostty"; + }; }; - }; }; } diff --git a/aspects/desktop/niri.nix b/aspects/desktop/niri.nix index 6458ab0..cdd02ac 100644 --- a/aspects/desktop/niri.nix +++ b/aspects/desktop/niri.nix @@ -1,6 +1,14 @@ { ... }: { - flake.modules.homeManager.desktop-niri = { config, lib, pkgs, inputs, hostname ? null, ... }: + flake.modules.homeManager.desktop-niri = + { + config, + lib, + pkgs, + inputs, + hostname ? null, + ... + }: let isRotterdam = hostname == "rotterdam"; in diff --git a/aspects/desktop/nix.nix b/aspects/desktop/nix.nix index a3aa421..3a9e71e 100644 --- a/aspects/desktop/nix.nix +++ b/aspects/desktop/nix.nix @@ -1,14 +1,21 @@ { inputs, ... }: { - flake.modules.nixos.desktop-nix = { config, lib, pkgs, ... }: { - environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; + flake.modules.nixos.desktop-nix = + { + config, + lib, + pkgs, + ... + }: + { + environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; - nix = { - registry.nixpkgs.flake = inputs.nixpkgs; - nixPath = [ - "nixpkgs=${inputs.nixpkgs}" - "/nix/var/nix/profiles/per-user/root/channels" - ]; + nix = { + registry.nixpkgs.flake = inputs.nixpkgs; + nixPath = [ + "nixpkgs=${inputs.nixpkgs}" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; }; - }; } diff --git a/aspects/desktop/services.nix b/aspects/desktop/services.nix index 8ebbb6b..eb9482a 100644 --- a/aspects/desktop/services.nix +++ b/aspects/desktop/services.nix @@ -1,16 +1,23 @@ { ... }: { - flake.modules.nixos.desktop-services = { config, lib, pkgs, ... }: { - services = { - printing.enable = true; - udev.packages = with pkgs; [ yubikey-personalization ]; - keyd = { - enable = true; - keyboards.all = { - ids = [ "*" ]; - settings.main.capslock = "overload(meta, esc)"; + flake.modules.nixos.desktop-services = + { + config, + lib, + pkgs, + ... + }: + { + services = { + printing.enable = true; + udev.packages = with pkgs; [ yubikey-personalization ]; + keyd = { + enable = true; + keyboards.all = { + ids = [ "*" ]; + settings.main.capslock = "overload(meta, esc)"; + }; }; }; }; - }; } diff --git a/aspects/dev.nix b/aspects/dev.nix index cc84646..89a1026 100644 --- a/aspects/dev.nix +++ b/aspects/dev.nix @@ -1,19 +1,26 @@ { ... }: { - flake.modules.nixos.dev = { config, lib, pkgs, ... }: { - environment.systemPackages = with pkgs; [ - android-tools - bat - lazygit - fd - fzf - glow - nixfmt - nix-init - nix-output-monitor - ripgrep - ]; + flake.modules.nixos.dev = + { + config, + lib, + pkgs, + ... + }: + { + environment.systemPackages = with pkgs; [ + android-tools + bat + lazygit + fd + fzf + glow + nixfmt + nix-init + nix-output-monitor + ripgrep + ]; - users.users.user.extraGroups = [ "adbusers" ]; - }; + users.users.user.extraGroups = [ "adbusers" ]; + }; } diff --git a/aspects/ephemeral.nix b/aspects/ephemeral.nix index 724f931..90c03c6 100644 --- a/aspects/ephemeral.nix +++ b/aspects/ephemeral.nix @@ -3,7 +3,8 @@ { inputs, ... }: { # Base module with options (for external flakes or direct use) - flake.modules.nixos.ephemeral = { lib, config, ... }: + flake.modules.nixos.ephemeral = + { lib, config, ... }: let cfg = config.ephemeral; in @@ -89,18 +90,19 @@ # Factory function that generates configured modules flake.factory.ephemeral = - { rootDevice - , rootSubvolume ? "@root" - , retentionDays ? 30 - , persistentStoragePath ? "/persistent" - , persistentFiles ? [ + { + rootDevice, + rootSubvolume ? "@root", + retentionDays ? 30, + persistentStoragePath ? "/persistent", + persistentFiles ? [ "/etc/machine-id" "/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_ed25519_key.pub" "/etc/ssh/ssh_host_rsa_key" "/etc/ssh/ssh_host_rsa_key.pub" - ] - , persistentDirectories ? [ + ], + persistentDirectories ? [ "/etc/NetworkManager/system-connections" "/etc/nixos" "/var/lib/bluetooth" @@ -111,9 +113,10 @@ "/var/lib/systemd/timers" "/var/lib/tailscale" "/var/log" - ] + ], }: - { ... }: { + { ... }: + { imports = [ inputs.impermanence.nixosModules.impermanence inputs.self.modules.nixos.ephemeral diff --git a/aspects/fwupd.nix b/aspects/fwupd.nix index 746f1d0..217f1eb 100644 --- a/aspects/fwupd.nix +++ b/aspects/fwupd.nix @@ -1,6 +1,13 @@ { ... }: { - flake.modules.nixos.fwupd = { config, lib, pkgs, ... }: { - services.fwupd.enable = true; - }; + flake.modules.nixos.fwupd = + { + config, + lib, + pkgs, + ... + }: + { + services.fwupd.enable = true; + }; } diff --git a/aspects/gaming/flatpak.nix b/aspects/gaming/flatpak.nix index ad50c7c..cc4d0ee 100644 --- a/aspects/gaming/flatpak.nix +++ b/aspects/gaming/flatpak.nix @@ -1,23 +1,25 @@ { ... }: { - flake.modules.nixos.gaming-flatpak = { pkgs, ... }: { - services.flatpak.packages = [ - "com.github.k4zmu2a.spacecadetpinball" - "com.steamgriddb.SGDBoop" - "io.github.Foldex.AdwSteamGtk" - "io.itch.itch" - "io.mrarm.mcpelauncher" - "net.retrodeck.retrodeck" - "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08" - rec { - appId = "com.hypixel.HytaleLauncher"; - sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv"; - bundle = "${pkgs.fetchurl { - url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak"; - inherit sha256; - }}"; - } - ]; - }; + flake.modules.nixos.gaming-flatpak = + { pkgs, ... }: + { + services.flatpak.packages = [ + "com.github.k4zmu2a.spacecadetpinball" + "com.steamgriddb.SGDBoop" + "io.github.Foldex.AdwSteamGtk" + "io.itch.itch" + "io.mrarm.mcpelauncher" + "net.retrodeck.retrodeck" + "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08" + rec { + appId = "com.hypixel.HytaleLauncher"; + sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv"; + bundle = "${pkgs.fetchurl { + url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak"; + inherit sha256; + }}"; + } + ]; + }; } diff --git a/aspects/gaming/hardware.nix b/aspects/gaming/hardware.nix index f1bd75b..e3b5c4b 100644 --- a/aspects/gaming/hardware.nix +++ b/aspects/gaming/hardware.nix @@ -1,11 +1,13 @@ { ... }: { - flake.modules.nixos.gaming-hardware = { ... }: { - hardware = { - xpadneo.enable = true; - steam-hardware.enable = true; # Allow steam client to manage controllers - graphics.enable32Bit = true; # For OpenGL games + flake.modules.nixos.gaming-hardware = + { ... }: + { + hardware = { + xpadneo.enable = true; + steam-hardware.enable = true; # Allow steam client to manage controllers + graphics.enable32Bit = true; # For OpenGL games + }; }; - }; } diff --git a/aspects/gaming/launchers.nix b/aspects/gaming/launchers.nix index 5684f9f..1fd3bb4 100644 --- a/aspects/gaming/launchers.nix +++ b/aspects/gaming/launchers.nix @@ -1,11 +1,13 @@ { ... }: { - flake.modules.nixos.gaming-launchers = { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - clonehero - heroic - prismlauncher - ]; - }; + flake.modules.nixos.gaming-launchers = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + clonehero + heroic + prismlauncher + ]; + }; } diff --git a/aspects/gaming/mangohud.nix b/aspects/gaming/mangohud.nix index 7f83644..2856b8f 100644 --- a/aspects/gaming/mangohud.nix +++ b/aspects/gaming/mangohud.nix @@ -2,42 +2,46 @@ { flake.modules = { - nixos.gaming-mangohud = { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - mangohud - ]; - }; + nixos.gaming-mangohud = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + mangohud + ]; + }; - homeManager.gaming-mangohud = { config, ... }: { - programs.mangohud = { - enable = true; - enableSessionWide = true; - settings = { - position = "top-left"; - fps = true; - frametime = false; - frame_timing = false; - gpu_stats = true; - gpu_temp = true; - gpu_power = true; - cpu_stats = true; - cpu_temp = true; - cpu_power = true; - ram = true; - vram = true; - gamemode = false; - vkbasalt = false; - version = false; - engine_version = false; - vulkan_driver = false; - wine = false; - time = false; - fps_sampling_period = 500; - toggle_hud = "Shift_L+F12"; - toggle_logging = "Ctrl_L+F2"; - output_folder = "${config.home.homeDirectory}/.local/share/mangohud"; + homeManager.gaming-mangohud = + { config, ... }: + { + programs.mangohud = { + enable = true; + enableSessionWide = true; + settings = { + position = "top-left"; + fps = true; + frametime = false; + frame_timing = false; + gpu_stats = true; + gpu_temp = true; + gpu_power = true; + cpu_stats = true; + cpu_temp = true; + cpu_power = true; + ram = true; + vram = true; + gamemode = false; + vkbasalt = false; + version = false; + engine_version = false; + vulkan_driver = false; + wine = false; + time = false; + fps_sampling_period = 500; + toggle_hud = "Shift_L+F12"; + toggle_logging = "Ctrl_L+F2"; + output_folder = "${config.home.homeDirectory}/.local/share/mangohud"; + }; }; }; - }; }; } diff --git a/aspects/gaming/steam.nix b/aspects/gaming/steam.nix index e0ab9a8..530c99b 100644 --- a/aspects/gaming/steam.nix +++ b/aspects/gaming/steam.nix @@ -1,17 +1,19 @@ { ... }: { - flake.modules.nixos.gaming-steam = { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - steam-run - ]; + flake.modules.nixos.gaming-steam = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + steam-run + ]; - programs = { - steam = { - enable = true; - extraCompatPackages = [ pkgs.proton-ge-bin ]; + programs = { + steam = { + enable = true; + extraCompatPackages = [ pkgs.proton-ge-bin ]; + }; + gamemode.enable = true; }; - gamemode.enable = true; }; - }; } diff --git a/aspects/hosts/_alexandria/unbound.nix b/aspects/hosts/_alexandria/unbound.nix index 07c8850..8aedc37 100644 --- a/aspects/hosts/_alexandria/unbound.nix +++ b/aspects/hosts/_alexandria/unbound.nix @@ -34,8 +34,7 @@ in # LAN-only DNS records local-zone = ''"baduhai.dev." transparent''; - local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') - (lib.filter (e: e.lanIP != null) services); + local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') (lib.filter (e: e.lanIP != null) services); }; forward-zone = [ diff --git a/aspects/hosts/_trantor/nginx.nix b/aspects/hosts/_trantor/nginx.nix index 5522e24..899666e 100644 --- a/aspects/hosts/_trantor/nginx.nix +++ b/aspects/hosts/_trantor/nginx.nix @@ -9,9 +9,7 @@ let services = inputs.self.services; # Get all unique domains from shared services on trantor (host = "trantor") - localDomains = lib.unique ( - map (s: s.domain) (lib.filter (s: s.host == "trantor") services) - ); + localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "trantor") services)); # Generate ACME cert configs for all local domains acmeCerts = lib.genAttrs localDomains (domain: { diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index 28c333e..aacf3b0 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -1,4 +1,5 @@ { inputs, self, ... }: + { flake.nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { system = "x86_64-linux"; diff --git a/aspects/libvirtd.nix b/aspects/libvirtd.nix index 6487999..1135306 100644 --- a/aspects/libvirtd.nix +++ b/aspects/libvirtd.nix @@ -1,18 +1,25 @@ { ... }: { - flake.modules.nixos.libvirtd = { config, lib, pkgs, ... }: { - virtualisation = { - libvirtd.enable = true; - spiceUSBRedirection.enable = true; + flake.modules.nixos.libvirtd = + { + config, + lib, + pkgs, + ... + }: + { + virtualisation = { + libvirtd.enable = true; + spiceUSBRedirection.enable = true; + }; + + programs.virt-manager.enable = true; + + networking.firewall.trustedInterfaces = [ "virbr0" ]; + + users.users.user.extraGroups = [ + "libvirt" + "libvirtd" + ]; }; - - programs.virt-manager.enable = true; - - networking.firewall.trustedInterfaces = [ "virbr0" ]; - - users.users.user.extraGroups = [ - "libvirt" - "libvirtd" - ]; - }; } diff --git a/aspects/networkmanager.nix b/aspects/networkmanager.nix index 74c9260..8bcb1f2 100644 --- a/aspects/networkmanager.nix +++ b/aspects/networkmanager.nix @@ -1,11 +1,18 @@ { ... }: { - flake.modules.nixos.networkmanager = { config, lib, pkgs, ... }: { - networking.networkmanager = { - enable = true; - wifi.backend = "iwd"; - }; + flake.modules.nixos.networkmanager = + { + config, + lib, + pkgs, + ... + }: + { + networking.networkmanager = { + enable = true; + wifi.backend = "iwd"; + }; - users.users.user.extraGroups = [ "networkmanager" ]; - }; + users.users.user.extraGroups = [ "networkmanager" ]; + }; } diff --git a/aspects/server/boot.nix b/aspects/server/boot.nix index ff5ef25..38634d1 100644 --- a/aspects/server/boot.nix +++ b/aspects/server/boot.nix @@ -1,7 +1,14 @@ # aspects/server/boot.nix { ... }: { - flake.modules.nixos.server-boot = { config, lib, pkgs, ... }: { - boot.kernelPackages = pkgs.linuxPackages_hardened; - }; + flake.modules.nixos.server-boot = + { + config, + lib, + pkgs, + ... + }: + { + boot.kernelPackages = pkgs.linuxPackages_hardened; + }; } diff --git a/aspects/server/nix.nix b/aspects/server/nix.nix index 84bec67..1cb8e8b 100644 --- a/aspects/server/nix.nix +++ b/aspects/server/nix.nix @@ -1,15 +1,22 @@ # aspects/server/nix.nix { inputs, ... }: { - flake.modules.nixos.server-nix = { config, lib, pkgs, ... }: { - environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; + flake.modules.nixos.server-nix = + { + config, + lib, + pkgs, + ... + }: + { + environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; - nix = { - registry.nixpkgs.flake = inputs.nixpkgs-stable; - nixPath = [ - "nixpkgs=/etc/channels/nixpkgs" - "/nix/var/nix/profiles/per-user/root/channels" - ]; + nix = { + registry.nixpkgs.flake = inputs.nixpkgs-stable; + nixPath = [ + "nixpkgs=/etc/channels/nixpkgs" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; }; - }; } diff --git a/aspects/server/tailscale.nix b/aspects/server/tailscale.nix index 5a48799..cf2fa4b 100644 --- a/aspects/server/tailscale.nix +++ b/aspects/server/tailscale.nix @@ -1,15 +1,22 @@ # aspects/server/tailscale.nix { ... }: { - flake.modules.nixos.server-tailscale = { config, lib, pkgs, ... }: { - services.tailscale = { - extraSetFlags = [ "--advertise-exit-node" ]; - useRoutingFeatures = "server"; - }; + flake.modules.nixos.server-tailscale = + { + config, + lib, + pkgs, + ... + }: + { + services.tailscale = { + extraSetFlags = [ "--advertise-exit-node" ]; + useRoutingFeatures = "server"; + }; - boot.kernel.sysctl = { - "net.ipv4.ip_forward" = 1; - "net.ipv6.conf.all.forwarding" = 1; + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + }; }; - }; } diff --git a/aspects/shell/bash.nix b/aspects/shell/bash.nix index 3ec7237..e451148 100644 --- a/aspects/shell/bash.nix +++ b/aspects/shell/bash.nix @@ -1,9 +1,16 @@ { ... }: { - flake.modules.homeManager.shell-bash = { config, lib, pkgs, ... }: { - programs.bash = { - enable = true; - historyFile = "~/.cache/bash_history"; + flake.modules.homeManager.shell-bash = + { + config, + lib, + pkgs, + ... + }: + { + programs.bash = { + enable = true; + historyFile = "~/.cache/bash_history"; + }; }; - }; } diff --git a/aspects/shell/fish.nix b/aspects/shell/fish.nix index e2ae9cf..22c0f5c 100644 --- a/aspects/shell/fish.nix +++ b/aspects/shell/fish.nix @@ -1,33 +1,40 @@ { ... }: { - flake.modules.homeManager.shell-fish = { config, lib, pkgs, ... }: { - programs.fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - ${lib.getExe pkgs.nix-your-shell} fish | source - ''; - loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; - plugins = [ - { - name = "bang-bang"; - src = pkgs.fetchFromGitHub { - owner = "oh-my-fish"; - repo = "plugin-bang-bang"; - rev = "f969c618301163273d0a03d002614d9a81952c1e"; - sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; - }; - } - { - name = "z"; - src = pkgs.fetchFromGitHub { - owner = "jethrokuan"; - repo = "z"; - rev = "067e867debee59aee231e789fc4631f80fa5788e"; - sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU="; - }; - } - ]; + flake.modules.homeManager.shell-fish = + { + config, + lib, + pkgs, + ... + }: + { + programs.fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + ${lib.getExe pkgs.nix-your-shell} fish | source + ''; + loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; + plugins = [ + { + name = "bang-bang"; + src = pkgs.fetchFromGitHub { + owner = "oh-my-fish"; + repo = "plugin-bang-bang"; + rev = "f969c618301163273d0a03d002614d9a81952c1e"; + sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; + }; + } + { + name = "z"; + src = pkgs.fetchFromGitHub { + owner = "jethrokuan"; + repo = "z"; + rev = "067e867debee59aee231e789fc4631f80fa5788e"; + sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU="; + }; + } + ]; + }; }; - }; } diff --git a/packages/claude-desktop.nix b/packages/claude-desktop.nix index e93f3af..c21ec8e 100644 --- a/packages/claude-desktop.nix +++ b/packages/claude-desktop.nix @@ -18,7 +18,8 @@ }; src = - srcs.${pkgs.stdenv.hostPlatform.system} or (throw "Unsupported system: ${pkgs.stdenv.hostPlatform.system}"); + srcs.${pkgs.stdenv.hostPlatform.system} + or (throw "Unsupported system: ${pkgs.stdenv.hostPlatform.system}"); claudeNativeStub = '' // Stub implementation of claude-native using KeyboardKey enum values diff --git a/packages/overlays.nix b/packages/overlays.nix index a36ed60..169a67b 100644 --- a/packages/overlays.nix +++ b/packages/overlays.nix @@ -4,19 +4,20 @@ let packageDir = builtins.readDir ./.; # Filter to .nix files, excluding overlays.nix - isPackageFile = name: - name != "overlays.nix" && builtins.match ".*\\.nix$" name != null; + isPackageFile = name: name != "overlays.nix" && builtins.match ".*\\.nix$" name != null; # Extract package name from filename (e.g., "foo-bar.nix" -> "foo-bar") - toPackageName = filename: - builtins.head (builtins.match "(.+)\\.nix$" filename); + toPackageName = filename: builtins.head (builtins.match "(.+)\\.nix$" filename); packageNames = map toPackageName (builtins.filter isPackageFile (builtins.attrNames packageDir)); in { - flake.overlays.default = final: prev: - builtins.listToAttrs (map (name: { - inherit name; - value = inputs.self.packages.${final.system}.${name}; - }) packageNames); + flake.overlays.default = + final: prev: + builtins.listToAttrs ( + map (name: { + inherit name; + value = inputs.self.packages.${final.system}.${name}; + }) packageNames + ); } diff --git a/terranix/kernelpanic.space.nix b/terranix/kernelpanic.space.nix index 01e5c08..91b615e 100644 --- a/terranix/kernelpanic.space.nix +++ b/terranix/kernelpanic.space.nix @@ -8,9 +8,12 @@ terranix.terranixConfigurations.cloudflare-kernelpanicspace = { terraformWrapper.package = pkgs.opentofu; modules = [ - ({ config, ... }: { - # Terraform config goes here - }) + ( + { config, ... }: + { + # Terraform config goes here + } + ) ]; }; }; diff --git a/terranix/terminus.nix b/terranix/terminus.nix index 7a0fa5b..d7689f9 100644 --- a/terranix/terminus.nix +++ b/terranix/terminus.nix @@ -8,9 +8,12 @@ terranix.terranixConfigurations.oci-terminus = { terraformWrapper.package = pkgs.opentofu; modules = [ - ({ config, ... }: { - # Terraform config goes here - }) + ( + { config, ... }: + { + # Terraform config goes here + } + ) ]; }; }; From c1dcb7e31636ecd730710f1349e825c5bc5d768b Mon Sep 17 00:00:00 2001 From: William Date: Thu, 12 Feb 2026 19:04:34 -0300 Subject: [PATCH 102/138] kanidm upgrade process is a pain I currenty have two other possible oauth providers running: forgejo & nextcloud --- aspects/hosts/_alexandria/kanidm.nix | 82 ---------------------------- aspects/hosts/alexandria.nix | 1 - 2 files changed, 83 deletions(-) delete mode 100644 aspects/hosts/_alexandria/kanidm.nix diff --git a/aspects/hosts/_alexandria/kanidm.nix b/aspects/hosts/_alexandria/kanidm.nix deleted file mode 100644 index 35e08c8..0000000 --- a/aspects/hosts/_alexandria/kanidm.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ - config, - lib, - inputs, - pkgs, - ... -}: - -let - mkNginxVHosts = inputs.self.lib.mkNginxVHosts; - kanidmCertDir = "/var/lib/kanidm/certs"; -in - -{ - services.kanidm = { - enableServer = true; - enableClient = true; - package = pkgs.kanidm; - - serverSettings = { - domain = "auth.baduhai.dev"; - origin = "https://auth.baduhai.dev"; - bindaddress = "127.0.0.1:8443"; - ldapbindaddress = "127.0.0.1:636"; - trust_x_forward_for = true; - # Use self-signed certificates for internal TLS - tls_chain = "${kanidmCertDir}/cert.pem"; - tls_key = "${kanidmCertDir}/key.pem"; - }; - - clientSettings = { - uri = "https://auth.baduhai.dev"; - }; - }; - - services.nginx.virtualHosts = mkNginxVHosts { - domains."auth.baduhai.dev" = { - locations."/" = { - proxyPass = "https://127.0.0.1:8443"; - extraConfig = '' - proxy_ssl_verify off; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $host; - ''; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ 636 ]; - - # Generate self-signed certificates for kanidm's internal TLS - systemd.services.kanidm-generate-certs = { - description = "Generate self-signed TLS certificates for Kanidm"; - wantedBy = [ "multi-user.target" ]; - before = [ "kanidm.service" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - mkdir -p ${kanidmCertDir} - if [ ! -f ${kanidmCertDir}/key.pem ]; then - ${pkgs.openssl}/bin/openssl req -x509 -newkey rsa:4096 \ - -keyout ${kanidmCertDir}/key.pem \ - -out ${kanidmCertDir}/cert.pem \ - -days 3650 -nodes \ - -subj "/CN=localhost" \ - -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" - chown -R kanidm:kanidm ${kanidmCertDir} - chmod 600 ${kanidmCertDir}/key.pem - chmod 644 ${kanidmCertDir}/cert.pem - fi - ''; - }; - - # Ensure certificate generation runs before kanidm starts - systemd.services.kanidm = { - after = [ "kanidm-generate-certs.service" ]; - wants = [ "kanidm-generate-certs.service" ]; - }; -} diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index aacf3b0..03a02b9 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -41,7 +41,6 @@ # Host-specific files (from _alexandria/) ./_alexandria/hardware-configuration.nix ./_alexandria/jellyfin.nix - ./_alexandria/kanidm.nix ./_alexandria/nextcloud.nix ./_alexandria/nginx.nix ./_alexandria/unbound.nix From b2747359901c1a7482035a44b2105f121ea92de6 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 12 Feb 2026 19:22:40 -0300 Subject: [PATCH 103/138] podmand for alexandria --- aspects/hosts/alexandria.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index 03a02b9..7da2c39 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -1,4 +1,4 @@ -{ inputs, self, ... }: +{ inputs, ... }: { flake.nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { @@ -35,8 +35,9 @@ inputs.self.modules.nixos.server-nix inputs.self.modules.nixos.server-tailscale - # Other aspects based on tags + # Other aspects inputs.self.modules.nixos.fwupd + inputs.self.modules.nixos.podman # Host-specific files (from _alexandria/) ./_alexandria/hardware-configuration.nix From 66b72be5b8564c5226ed096b7e2963806994a610 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 13 Feb 2026 16:38:05 -0300 Subject: [PATCH 104/138] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/0078cf2d5e81eb56a9356d51f2738f7141194de1?narHash=sha256-iJ9c0ZewfRRYUflaEOj43n5TWaB6Ezygn2UA/ZHGQJA%3D' (2026-02-12) → 'github:0xc000022070/zen-browser-flake/80ce62fd26af1934454f405bcb2510ceeea8d3a2?narHash=sha256-5UDaXr770MaDac9HcFvGlUjsqyOoNbFdHArmjmtHcVk%3D' (2026-02-13) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 806550a..8587eb2 100644 --- a/flake.lock +++ b/flake.lock @@ -1220,11 +1220,11 @@ "nixpkgs": "nixpkgs_11" }, "locked": { - "lastModified": 1770919290, - "narHash": "sha256-iJ9c0ZewfRRYUflaEOj43n5TWaB6Ezygn2UA/ZHGQJA=", + "lastModified": 1771000521, + "narHash": "sha256-5UDaXr770MaDac9HcFvGlUjsqyOoNbFdHArmjmtHcVk=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "0078cf2d5e81eb56a9356d51f2738f7141194de1", + "rev": "80ce62fd26af1934454f405bcb2510ceeea8d3a2", "type": "github" }, "original": { From d184f75f5d393de07ac9549e8b27cfea4b67eff0 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 11:08:21 -0300 Subject: [PATCH 105/138] nixos-cli: retry as root, auto yes --- aspects/common/nix.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/aspects/common/nix.nix b/aspects/common/nix.nix index cd76f62..7fa6e49 100644 --- a/aspects/common/nix.nix +++ b/aspects/common/nix.nix @@ -33,6 +33,8 @@ config = { use_nvd = true; ignore_dirty_tree = true; + apply.reexec_as_root = true; + confirmation.empty = "default-yes"; }; }; From 5f1c05f090bdf4b4034bbbe68a7fe054ec2b9faf Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 11:54:34 -0300 Subject: [PATCH 106/138] ssh: only run fastfetch on initial ssh session --- aspects/common/programs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspects/common/programs.nix b/aspects/common/programs.nix index 7d12f09..b53b293 100644 --- a/aspects/common/programs.nix +++ b/aspects/common/programs.nix @@ -31,7 +31,7 @@ enable = true; interactiveShellInit = '' set fish_greeting - if set -q SSH_CONNECTION + if set -q SSH_CONNECTION; and not set -q IN_NIX_SHELL; or not set -q TMUX export TERM=xterm-256color clear fastfetch From bfa2521ed09c33f32b4f0405c3117e3a0381c2f6 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 12:53:05 -0300 Subject: [PATCH 107/138] re-work cli aspect for nixos and homeModules --- aspects/cli/btop.nix | 38 ++++++++----- aspects/cli/cli.nix | 28 +++++++++ aspects/cli/comma.nix | 2 +- aspects/cli/direnv.nix | 2 +- aspects/cli/helix.nix | 106 +++++++++++++++++++---------------- aspects/cli/hm-cli.nix | 2 +- aspects/cli/starship.nix | 2 +- aspects/cli/tmux.nix | 40 ++++++++----- aspects/common/programs.nix | 3 - aspects/hosts/alexandria.nix | 49 ++++++++-------- aspects/hosts/io.nix | 76 ++++++++++++------------- aspects/hosts/rotterdam.nix | 86 ++++++++++++++-------------- aspects/hosts/trantor.nix | 60 +++++++++----------- 13 files changed, 264 insertions(+), 230 deletions(-) create mode 100644 aspects/cli/cli.nix diff --git a/aspects/cli/btop.nix b/aspects/cli/btop.nix index 2b9c3fc..220a462 100644 --- a/aspects/cli/btop.nix +++ b/aspects/cli/btop.nix @@ -1,20 +1,28 @@ { ... }: { - flake.modules.homeManager.cli-btop = - { - config, - lib, - pkgs, - ... - }: - { - programs.btop = { - enable = true; - settings = { - theme_background = false; - proc_sorting = "cpu direct"; - update_ms = 500; + flake.modules = { + nixos.btop = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ btop ]; + }; + + homeManager.btop = + { + config, + lib, + pkgs, + ... + }: + { + programs.btop = { + enable = true; + settings = { + theme_background = false; + proc_sorting = "cpu direct"; + update_ms = 500; + }; }; }; - }; + }; } diff --git a/aspects/cli/cli.nix b/aspects/cli/cli.nix new file mode 100644 index 0000000..8a11616 --- /dev/null +++ b/aspects/cli/cli.nix @@ -0,0 +1,28 @@ +{ inputs, ... }: + +{ + flake.modules = { + nixos.cli = + { ... }: + { + imports = with inputs.self.modules.nixos; [ + btop + helix + tmux + ]; + }; + homeManager.cli = + { ... }: + { + imports = with inputs.self.modules.nixos; [ + btop + comma + direnv + helix + hm-cli + starship + tmux + ]; + }; + }; +} diff --git a/aspects/cli/comma.nix b/aspects/cli/comma.nix index 71ddb9c..169144f 100644 --- a/aspects/cli/comma.nix +++ b/aspects/cli/comma.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.homeManager.cli-comma = + flake.modules.homeManager.comma = { config, lib, diff --git a/aspects/cli/direnv.nix b/aspects/cli/direnv.nix index 60ea7ad..2cfb2ef 100644 --- a/aspects/cli/direnv.nix +++ b/aspects/cli/direnv.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.homeManager.cli-direnv = + flake.modules.homeManager.direnv = { config, lib, diff --git a/aspects/cli/helix.nix b/aspects/cli/helix.nix index fe0cf74..a21641a 100644 --- a/aspects/cli/helix.nix +++ b/aspects/cli/helix.nix @@ -1,57 +1,67 @@ { ... }: { - flake.modules.homeManager.cli-helix = - { - config, - lib, - pkgs, - ... - }: - { - home.sessionVariables = { - EDITOR = "hx"; + flake.modules = { + nixos.helix = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + helix + ]; }; - programs.helix = { - enable = true; - settings = { - editor = { - file-picker.hidden = false; - idle-timeout = 0; - line-number = "relative"; - cursor-shape = { - normal = "underline"; - insert = "bar"; - select = "underline"; - }; - soft-wrap.enable = true; - auto-format = true; - indent-guides.render = true; - }; - keys.normal = { - space = { - o = "file_picker_in_current_buffer_directory"; - esc = [ - "collapse_selection" - "keep_primary_selection" - ]; - }; - }; + homeManager.helix = + { + config, + lib, + pkgs, + ... + }: + { + home.sessionVariables = { + EDITOR = "hx"; }; - languages = { - language = [ - { - name = "nix"; + + programs.helix = { + enable = true; + settings = { + editor = { + file-picker.hidden = false; + idle-timeout = 0; + line-number = "relative"; + cursor-shape = { + normal = "underline"; + insert = "bar"; + select = "underline"; + }; + soft-wrap.enable = true; auto-format = true; - formatter.command = "nixfmt"; - } - { - name = "typst"; - auto-format = true; - formatter.command = "typstyle -c 1000 -i"; - } - ]; + indent-guides.render = true; + }; + keys.normal = { + space = { + o = "file_picker_in_current_buffer_directory"; + esc = [ + "collapse_selection" + "keep_primary_selection" + ]; + }; + }; + }; + languages = { + language = [ + { + name = "nix"; + auto-format = true; + formatter.command = "nixfmt"; + } + { + name = "typst"; + auto-format = true; + formatter.command = "typstyle -c 1000 -i"; + } + ]; + }; }; }; - }; + }; } diff --git a/aspects/cli/hm-cli.nix b/aspects/cli/hm-cli.nix index 7064a3f..97d79e4 100644 --- a/aspects/cli/hm-cli.nix +++ b/aspects/cli/hm-cli.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.homeManager.cli-base = + flake.modules.homeManager.hm-cli = { config, lib, diff --git a/aspects/cli/starship.nix b/aspects/cli/starship.nix index 7ba3a54..3ac5e4f 100644 --- a/aspects/cli/starship.nix +++ b/aspects/cli/starship.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.homeManager.cli-starship = + flake.modules.homeManager.starship = { config, lib, diff --git a/aspects/cli/tmux.nix b/aspects/cli/tmux.nix index 1238501..4937574 100644 --- a/aspects/cli/tmux.nix +++ b/aspects/cli/tmux.nix @@ -1,19 +1,29 @@ { ... }: { - flake.modules.homeManager.cli-tmux = - { - config, - lib, - pkgs, - ... - }: - { - programs.tmux = { - enable = true; - clock24 = true; - terminal = "xterm-256color"; - mouse = true; - keyMode = "vi"; + flake.modules = { + nixos.tmux = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + tmux + ]; }; - }; + + homeManager.tmux = + { + config, + lib, + pkgs, + ... + }: + { + programs.tmux = { + enable = true; + clock24 = true; + terminal = "xterm-256color"; + mouse = true; + keyMode = "vi"; + }; + }; + }; } diff --git a/aspects/common/programs.nix b/aspects/common/programs.nix index b53b293..ccdf185 100644 --- a/aspects/common/programs.nix +++ b/aspects/common/programs.nix @@ -8,13 +8,10 @@ ### Dev Tools ### git ### System Utilities ### - btop fastfetch - helix nixos-firewall-tool nvd sysz - tmux wget yazi ]; diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index 7da2c39..dedbed9 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -1,4 +1,4 @@ -{ inputs, ... }: +{ inputs, lib, ... }: { flake.nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { @@ -13,39 +13,34 @@ inputs.self.overlays.default ]; } + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_alexandria) + ] + ++ (with inputs.self.modules.nixos; [ + cli # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale + common-boot + common-console + common-firewall + common-locale + common-nix + common-openssh + common-programs + common-security + common-services + common-tailscale # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root + user + root # Server aspects - inputs.self.modules.nixos.server-boot - inputs.self.modules.nixos.server-nix - inputs.self.modules.nixos.server-tailscale + server-boot + server-nix + server-tailscale # Other aspects - inputs.self.modules.nixos.fwupd - inputs.self.modules.nixos.podman - - # Host-specific files (from _alexandria/) - ./_alexandria/hardware-configuration.nix - ./_alexandria/jellyfin.nix - ./_alexandria/nextcloud.nix - ./_alexandria/nginx.nix - ./_alexandria/unbound.nix - ./_alexandria/vaultwarden.nix - ]; + fwupd + ]); }; } diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix index c6c3dbf..ee610fa 100644 --- a/aspects/hosts/io.nix +++ b/aspects/hosts/io.nix @@ -1,4 +1,5 @@ -{ inputs, self, ... }: +{ inputs, lib, ... }: + { flake.nixosConfigurations.io = inputs.nixpkgs.lib.nixosSystem { system = "x86_64-linux"; @@ -12,48 +13,43 @@ inputs.self.overlays.default ]; } - - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale - - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root - - # Desktop aspects - inputs.self.modules.nixos.desktop-boot - inputs.self.modules.nixos.desktop-desktop - inputs.self.modules.nixos.desktop-nix - inputs.self.modules.nixos.desktop-services - - # Other aspects based on tags - inputs.self.modules.nixos.ai - inputs.self.modules.nixos.bluetooth - inputs.self.modules.nixos.dev - inputs.self.modules.nixos.libvirtd - inputs.self.modules.nixos.networkmanager - inputs.self.modules.nixos.podman - - # Factory-generated ephemeral module + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_io) (inputs.self.factory.ephemeral { rootDevice = "/dev/mapper/cryptroot"; }) + ] + ++ (with inputs.self.modules.nixos; [ + cli - # Host-specific files (from _io/) - ./_io/hardware-configuration.nix - ./_io/disko.nix - ./_io/boot.nix - ./_io/programs.nix - ./_io/services.nix - ]; + # Common aspects (always included) + common-boot + common-console + common-firewall + common-locale + common-nix + common-openssh + common-programs + common-security + common-services + common-tailscale + + # User aspects + user + root + + # Desktop aspects + desktop-boot + desktop-desktop + desktop-nix + desktop-services + + # Other aspects + ai + bluetooth + dev + libvirtd + networkmanager + podman + ]); }; } diff --git a/aspects/hosts/rotterdam.nix b/aspects/hosts/rotterdam.nix index 76ffbb0..4a91769 100644 --- a/aspects/hosts/rotterdam.nix +++ b/aspects/hosts/rotterdam.nix @@ -1,4 +1,5 @@ -{ inputs, ... }: +{ inputs, lib, ... }: + { flake.nixosConfigurations.rotterdam = inputs.nixpkgs.lib.nixosSystem { system = "x86_64-linux"; @@ -12,53 +13,48 @@ inputs.self.overlays.default ]; } - - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale - - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root - - # Desktop aspects - inputs.self.modules.nixos.desktop-boot - inputs.self.modules.nixos.desktop-desktop - inputs.self.modules.nixos.desktop-nix - inputs.self.modules.nixos.desktop-services - - # Other aspects based on tags - inputs.self.modules.nixos.ai - inputs.self.modules.nixos.bluetooth - inputs.self.modules.nixos.dev - inputs.self.modules.nixos.fwupd - inputs.self.modules.nixos.gaming-steam - inputs.self.modules.nixos.gaming-hardware - inputs.self.modules.nixos.gaming-flatpak - inputs.self.modules.nixos.gaming-launchers - inputs.self.modules.nixos.libvirtd - inputs.self.modules.nixos.networkmanager - inputs.self.modules.nixos.podman - - # Factory-generated ephemeral module + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_rotterdam) (inputs.self.factory.ephemeral { rootDevice = "/dev/mapper/cryptroot"; }) + ] + ++ (with inputs.self.modules.nixos; [ + cli - # Host-specific files (from _rotterdam/) - ./_rotterdam/hardware-configuration.nix - ./_rotterdam/boot.nix - ./_rotterdam/hardware.nix - ./_rotterdam/programs.nix - ./_rotterdam/services.nix - ]; + # Common aspects (always included) + common-boot + common-console + common-firewall + common-locale + common-nix + common-openssh + common-programs + common-security + common-services + common-tailscale + + # User aspects + user + root + + # Desktop aspects + desktop-boot + desktop-desktop + desktop-nix + desktop-services + + # Other aspects based on tags + ai + bluetooth + dev + fwupd + gaming-steam + gaming-hardware + gaming-flatpak + gaming-launchers + libvirtd + networkmanager + podman + ]); }; } diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix index 3de68a9..4b8b4b2 100644 --- a/aspects/hosts/trantor.nix +++ b/aspects/hosts/trantor.nix @@ -1,4 +1,4 @@ -{ inputs, self, ... }: +{ inputs, lib, ... }: { flake.nixosConfigurations.trantor = inputs.nixpkgs-stable.lib.nixosSystem { system = "aarch64-linux"; @@ -13,42 +13,36 @@ ]; } - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale - - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root - - # Server aspects - inputs.self.modules.nixos.server-boot - inputs.self.modules.nixos.server-nix - inputs.self.modules.nixos.server-tailscale - # Factory-generated ephemeral module (inputs.self.factory.ephemeral { rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; }) - # Host-specific files (from _trantor/) - ./_trantor/hardware-configuration.nix - ./_trantor/disko.nix - ./_trantor/boot.nix - ./_trantor/fail2ban.nix - ./_trantor/forgejo.nix - ./_trantor/networking.nix - ./_trantor/nginx.nix - ./_trantor/openssh.nix - ./_trantor/unbound.nix - ]; + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_trantor) + ] + ++ (with inputs.self.modules.nixos; [ + cli + + # Common aspects (always included) + common-boot + common-console + common-firewall + common-locale + common-nix + common-openssh + common-programs + common-security + common-services + common-tailscale + + # User aspects + user + root + + # Server aspects + server-boot + server-nix + server-tailscale + ]); }; } From 5d1b54c8bfc6bb2a0a82de70b20c5c2c64476f49 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 14:20:57 -0300 Subject: [PATCH 108/138] common aspects reworked into base aspect --- .../{common/programs.nix => base/base.nix} | 34 ++++++++++++------- aspects/{common => base}/boot.nix | 2 +- aspects/{common => base}/console.nix | 2 +- aspects/{common => base}/firewall.nix | 2 +- aspects/{common => base}/locale.nix | 2 +- aspects/{common => base}/nix.nix | 2 +- aspects/{common => base}/security.nix | 2 +- aspects/base/ssh.nix | 32 +++++++++++++++++ aspects/common/openssh.nix | 14 -------- aspects/common/services.nix | 12 ------- aspects/common/tailscale.nix | 11 ------ aspects/hosts/alexandria.nix | 16 ++------- aspects/hosts/io.nix | 16 ++------- aspects/hosts/rotterdam.nix | 16 ++------- aspects/hosts/trantor.nix | 21 +++--------- 15 files changed, 72 insertions(+), 112 deletions(-) rename aspects/{common/programs.nix => base/base.nix} (56%) rename aspects/{common => base}/boot.nix (92%) rename aspects/{common => base}/console.nix (75%) rename aspects/{common => base}/firewall.nix (76%) rename aspects/{common => base}/locale.nix (93%) rename aspects/{common => base}/nix.nix (96%) rename aspects/{common => base}/security.nix (81%) create mode 100644 aspects/base/ssh.nix delete mode 100644 aspects/common/openssh.nix delete mode 100644 aspects/common/services.nix delete mode 100644 aspects/common/tailscale.nix diff --git a/aspects/common/programs.nix b/aspects/base/base.nix similarity index 56% rename from aspects/common/programs.nix rename to aspects/base/base.nix index ccdf185..08841b2 100644 --- a/aspects/common/programs.nix +++ b/aspects/base/base.nix @@ -1,16 +1,22 @@ -{ ... }: +{ inputs, ... }: { - flake.modules.nixos.common-programs = + flake.modules.nixos.base = { lib, pkgs, ... }: { + imports = with inputs.self.modules.nixos; [ + boot + console + firewall + locale + nix + security + ssh + ]; environment = { systemPackages = with pkgs; [ - ### Dev Tools ### git - ### System Utilities ### fastfetch nixos-firewall-tool - nvd sysz wget yazi @@ -26,14 +32,16 @@ command-not-found.enable = false; fish = { enable = true; - interactiveShellInit = '' - set fish_greeting - if set -q SSH_CONNECTION; and not set -q IN_NIX_SHELL; or not set -q TMUX - export TERM=xterm-256color - clear - fastfetch - end - ''; + }; + }; + + services = { + dbus.implementation = "broker"; + irqbalance.enable = true; + fstrim.enable = true; + tailscale = { + enable = true; + extraUpFlags = [ "--operator=user" ]; }; }; }; diff --git a/aspects/common/boot.nix b/aspects/base/boot.nix similarity index 92% rename from aspects/common/boot.nix rename to aspects/base/boot.nix index b74b68c..ec8593d 100644 --- a/aspects/common/boot.nix +++ b/aspects/base/boot.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.nixos.common-boot = + flake.modules.nixos.boot = { pkgs, ... }: { boot = { diff --git a/aspects/common/console.nix b/aspects/base/console.nix similarity index 75% rename from aspects/common/console.nix rename to aspects/base/console.nix index 128b914..6bb7be4 100644 --- a/aspects/common/console.nix +++ b/aspects/base/console.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.nixos.common-console = + flake.modules.nixos.console = { ... }: { console = { diff --git a/aspects/common/firewall.nix b/aspects/base/firewall.nix similarity index 76% rename from aspects/common/firewall.nix rename to aspects/base/firewall.nix index 0e5297d..68ffa6e 100644 --- a/aspects/common/firewall.nix +++ b/aspects/base/firewall.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.nixos.common-firewall = + flake.modules.nixos.firewall = { ... }: { networking = { diff --git a/aspects/common/locale.nix b/aspects/base/locale.nix similarity index 93% rename from aspects/common/locale.nix rename to aspects/base/locale.nix index a6b5754..4d0c716 100644 --- a/aspects/common/locale.nix +++ b/aspects/base/locale.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.nixos.common-locale = + flake.modules.nixos.locale = { ... }: { time.timeZone = "America/Bahia"; diff --git a/aspects/common/nix.nix b/aspects/base/nix.nix similarity index 96% rename from aspects/common/nix.nix rename to aspects/base/nix.nix index 7fa6e49..16397a9 100644 --- a/aspects/common/nix.nix +++ b/aspects/base/nix.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.nixos.common-nix = + flake.modules.nixos.nix = { inputs, ... }: { imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; diff --git a/aspects/common/security.nix b/aspects/base/security.nix similarity index 81% rename from aspects/common/security.nix rename to aspects/base/security.nix index 2ad04a0..310e345 100644 --- a/aspects/common/security.nix +++ b/aspects/base/security.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.nixos.common-security = + flake.modules.nixos.security = { ... }: { security.sudo = { diff --git a/aspects/base/ssh.nix b/aspects/base/ssh.nix new file mode 100644 index 0000000..03fa556 --- /dev/null +++ b/aspects/base/ssh.nix @@ -0,0 +1,32 @@ +{ ... }: + +{ + flake.modules.nixos.ssh = + { ... }: + { + services.openssh = { + enable = true; + settings.PermitRootLogin = "no"; + extraConfig = '' + PrintLastLog no + ''; + }; + programs = { + bash.interactiveShellInit = '' + if { [ -n "$SSH_CONNECTION" ] && [ -z "$IN_NIX_SHELL" ]; } || [ -z "$TMUX" ]; then + export TERM=xterm-256color + clear + fastfetch + fi + ''; + fish.interactiveShellInit = '' + set fish_greeting + if set -q SSH_CONNECTION; and not set -q IN_NIX_SHELL; or not set -q TMUX + export TERM=xterm-256color + clear + fastfetch + end + ''; + }; + }; +} diff --git a/aspects/common/openssh.nix b/aspects/common/openssh.nix deleted file mode 100644 index b8179f2..0000000 --- a/aspects/common/openssh.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ ... }: -{ - flake.modules.nixos.common-openssh = - { ... }: - { - services.openssh = { - enable = true; - settings.PermitRootLogin = "no"; - extraConfig = '' - PrintLastLog no - ''; - }; - }; -} diff --git a/aspects/common/services.nix b/aspects/common/services.nix deleted file mode 100644 index e05dcf0..0000000 --- a/aspects/common/services.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ ... }: -{ - flake.modules.nixos.common-services = - { ... }: - { - services = { - dbus.implementation = "broker"; - irqbalance.enable = true; - fstrim.enable = true; - }; - }; -} diff --git a/aspects/common/tailscale.nix b/aspects/common/tailscale.nix deleted file mode 100644 index 74381ac..0000000 --- a/aspects/common/tailscale.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: -{ - flake.modules.nixos.common-tailscale = - { ... }: - { - services.tailscale = { - enable = true; - extraUpFlags = [ "--operator=user" ]; - }; - }; -} diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index dedbed9..d05639d 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -16,21 +16,11 @@ ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_alexandria) ] ++ (with inputs.self.modules.nixos; [ + # system aspects + base cli - # Common aspects (always included) - common-boot - common-console - common-firewall - common-locale - common-nix - common-openssh - common-programs - common-security - common-services - common-tailscale - - # User aspects + # user aspects user root diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix index ee610fa..6163244 100644 --- a/aspects/hosts/io.nix +++ b/aspects/hosts/io.nix @@ -19,21 +19,11 @@ }) ] ++ (with inputs.self.modules.nixos; [ + # system aspects + base cli - # Common aspects (always included) - common-boot - common-console - common-firewall - common-locale - common-nix - common-openssh - common-programs - common-security - common-services - common-tailscale - - # User aspects + # user aspects user root diff --git a/aspects/hosts/rotterdam.nix b/aspects/hosts/rotterdam.nix index 4a91769..77ffe54 100644 --- a/aspects/hosts/rotterdam.nix +++ b/aspects/hosts/rotterdam.nix @@ -19,21 +19,11 @@ }) ] ++ (with inputs.self.modules.nixos; [ + # system aspects + base cli - # Common aspects (always included) - common-boot - common-console - common-firewall - common-locale - common-nix - common-openssh - common-programs - common-security - common-services - common-tailscale - - # User aspects + # user aspects user root diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix index 4b8b4b2..e7934ab 100644 --- a/aspects/hosts/trantor.nix +++ b/aspects/hosts/trantor.nix @@ -12,30 +12,17 @@ inputs.self.overlays.default ]; } - - # Factory-generated ephemeral module + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_trantor) (inputs.self.factory.ephemeral { rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; }) - - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_trantor) ] ++ (with inputs.self.modules.nixos; [ + # system aspects + base cli - # Common aspects (always included) - common-boot - common-console - common-firewall - common-locale - common-nix - common-openssh - common-programs - common-security - common-services - common-tailscale - - # User aspects + # user aspects user root From 4e78805bdaad9f031287ec07fd525aa0ab79eb17 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 14:58:37 -0300 Subject: [PATCH 109/138] rework desktop and programs aspects --- aspects/cli/cli.nix | 7 +- aspects/desktop/boot.nix | 34 --- aspects/desktop/desktop.nix | 212 +++++----------- aspects/desktop/niri.nix | 445 +++++++++++++++++---------------- aspects/desktop/nix.nix | 21 -- aspects/desktop/services.nix | 23 -- aspects/hosts/io.nix | 8 +- aspects/hosts/rotterdam.nix | 12 +- aspects/programs/graphics.nix | 2 +- aspects/programs/media.nix | 2 +- aspects/programs/office.nix | 2 +- aspects/programs/utilities.nix | 62 ----- aspects/programs/web.nix | 2 +- aspects/users/_user/git.nix | 2 +- 14 files changed, 307 insertions(+), 527 deletions(-) delete mode 100644 aspects/desktop/boot.nix delete mode 100644 aspects/desktop/nix.nix delete mode 100644 aspects/desktop/services.nix delete mode 100644 aspects/programs/utilities.nix diff --git a/aspects/cli/cli.nix b/aspects/cli/cli.nix index 8a11616..1d379e8 100644 --- a/aspects/cli/cli.nix +++ b/aspects/cli/cli.nix @@ -3,13 +3,18 @@ { flake.modules = { nixos.cli = - { ... }: + { pkgs, ... }: { imports = with inputs.self.modules.nixos; [ btop helix tmux ]; + + environment.systemPackages = with pkgs; [ + p7zip + rclone + ]; }; homeManager.cli = { ... }: diff --git a/aspects/desktop/boot.nix b/aspects/desktop/boot.nix deleted file mode 100644 index cd0fa9c..0000000 --- a/aspects/desktop/boot.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ ... }: -{ - flake.modules.nixos.desktop-boot = - { - config, - lib, - pkgs, - ... - }: - { - boot = { - plymouth.enable = true; - initrd.systemd.enable = true; - loader.efi.efiSysMountPoint = "/boot/efi"; - kernelPackages = pkgs.linuxPackages_xanmod_latest; - extraModprobeConfig = '' - options bluetooth disable_ertm=1 - ''; - kernel.sysctl = { - "net.ipv4.tcp_mtu_probing" = 1; - }; - kernelParams = [ - "quiet" - "splash" - "i2c-dev" - "i2c-piix4" - "loglevel=3" - "udev.log_priority=3" - "rd.udev.log_level=3" - "rd.systemd.show_status=false" - ]; - }; - }; -} diff --git a/aspects/desktop/desktop.nix b/aspects/desktop/desktop.nix index fb54f55..39fd0e0 100644 --- a/aspects/desktop/desktop.nix +++ b/aspects/desktop/desktop.nix @@ -4,7 +4,7 @@ }: { flake.modules = { - nixos.desktop-desktop = + nixos.desktop = { config, lib, @@ -13,37 +13,53 @@ }: { imports = [ - inputs.niri-flake.nixosModules.niri inputs.nix-flatpak.nixosModules.nix-flatpak - ]; + ] + ++ (with inputs.self.modules.nixos; [ + graphics + media + office + web + ]); + + boot = { + plymouth.enable = true; + initrd.systemd.enable = true; + loader.efi.efiSysMountPoint = "/boot/efi"; + kernelPackages = pkgs.linuxPackages_xanmod_latest; + extraModprobeConfig = '' + options bluetooth disable_ertm=1 + ''; + kernel.sysctl = { + "net.ipv4.tcp_mtu_probing" = 1; + }; + kernelParams = [ + "quiet" + "splash" + "i2c-dev" + "i2c-piix4" + "loglevel=3" + "udev.log_priority=3" + "rd.udev.log_level=3" + "rd.systemd.show_status=false" + ]; + }; + + nix = { + registry.nixpkgs.flake = inputs.nixpkgs; + nixPath = [ + "nixpkgs=${inputs.nixpkgs}" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; environment = { + etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; sessionVariables = { KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland }; systemPackages = with pkgs; [ - ### Web ### - bitwarden-desktop - fragments - nextcloud-client - tor-browser - vesktop - inputs.zen-browser.packages."${system}".default - ### Office & Productivity ### - aspell - aspellDicts.de - aspellDicts.en - aspellDicts.en-computers - aspellDicts.pt_BR - papers - presenterm - rnote - ### Graphics & Design ### - gimp - inkscape - plasticity - ### System Utilities ### adwaita-icon-theme ghostty gnome-disk-utility @@ -51,19 +67,21 @@ libfido2 mission-center nautilus - p7zip - rclone toggleaudiosink unrar - ### Media ### - decibels - loupe - obs-studio - showtime ]; }; services = { + printing.enable = true; + udev.packages = with pkgs; [ yubikey-personalization ]; + keyd = { + enable = true; + keyboards.all = { + ids = [ "*" ]; + settings.main.capslock = "overload(meta, esc)"; + }; + }; pipewire = { enable = true; alsa.enable = true; @@ -74,35 +92,11 @@ }; greetd = { enable = true; - settings = { - default_session = { - command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; - user = "greeter"; - }; - } - // lib.optionalAttrs (config.networking.hostName == "io") { - initial_session = { - command = "${config.programs.niri.package}/bin/niri-session"; - user = "user"; - }; - }; + settings.default_session.user = "greeter"; }; flatpak = { enable = true; packages = [ - ### Office & Productivity ### - "com.collabora.Office" - ### Graphics & Design ### - "com.boxy_svg.BoxySVG" - rec { - appId = "io.github.softfever.OrcaSlicer"; - sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; - bundle = "${pkgs.fetchurl { - url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; - inherit sha256; - }}"; - } - ### System Utilities ### "com.github.tchx84.Flatseal" "com.rustdesk.RustDesk" ]; @@ -123,10 +117,6 @@ }; programs = { - niri = { - enable = true; - package = inputs.niri.packages.${pkgs.system}.niri; - }; kdeconnect = { enable = true; package = pkgs.valent; @@ -138,8 +128,6 @@ }; }; - niri-flake.cache.enable = false; - fonts = { fontDir.enable = true; packages = with pkgs; [ @@ -157,17 +145,11 @@ xdg-desktop-portal-gnome xdg-desktop-portal-gtk ]; - config = { - common.default = "*"; - niri.default = [ - "gtk" - "gnome" - ]; - }; + config.common.default = "*"; }; }; - homeManager.desktop-desktop = + homeManager.desktop = { config, lib, @@ -180,7 +162,10 @@ fonts.fontconfig.enable = true; - home.packages = with pkgs; [ xwayland-satellite ]; + home = { + packages = with pkgs; [ xwayland-satellite ]; + sessionVariables.TERMINAL = "ghostty"; + }; services.vicinae = { enable = true; @@ -216,91 +201,6 @@ xdg = { enable = true; userDirs.enable = true; - mimeApps = { - enable = true; - defaultApplications = { - "text/html" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/http" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/https" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/about" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/unknown" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "image/jpeg" = "org.gnome.Loupe.desktop"; - "image/png" = "org.gnome.Loupe.desktop"; - "image/gif" = "org.gnome.Loupe.desktop"; - "image/webp" = "org.gnome.Loupe.desktop"; - "image/bmp" = "org.gnome.Loupe.desktop"; - "image/svg+xml" = "org.gnome.Loupe.desktop"; - "image/tiff" = "org.gnome.Loupe.desktop"; - "video/mp4" = "io.bassi.Showtime.desktop"; - "video/x-matroska" = "io.bassi.Showtime.desktop"; - "video/webm" = "io.bassi.Showtime.desktop"; - "video/mpeg" = "io.bassi.Showtime.desktop"; - "video/x-msvideo" = "io.bassi.Showtime.desktop"; - "video/quicktime" = "io.bassi.Showtime.desktop"; - "video/x-flv" = "io.bassi.Showtime.desktop"; - "audio/mpeg" = "io.bassi.Showtime.desktop"; - "audio/flac" = "io.bassi.Showtime.desktop"; - "audio/ogg" = "io.bassi.Showtime.desktop"; - "audio/wav" = "io.bassi.Showtime.desktop"; - "audio/mp4" = "io.bassi.Showtime.desktop"; - "audio/x-opus+ogg" = "io.bassi.Showtime.desktop"; - "application/pdf" = [ - "org.gnome.Papers.desktop" - "zen-browser.desktop" - ]; - "text/plain" = "Helix.desktop"; - "text/markdown" = "Helix.desktop"; - "text/x-log" = "Helix.desktop"; - "application/x-shellscript" = "Helix.desktop"; - "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = - "com.collabora.Office.desktop"; # DOCX - "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = - "com.collabora.Office.desktop"; # XLSX - "application/vnd.openxmlformats-officedocument.presentationml.presentation" = - "com.collabora.Office.desktop"; # PPTX - "application/vnd.oasis.opendocument.text" = "com.collabora.Office.desktop"; # ODT - "application/vnd.oasis.opendocument.spreadsheet" = "com.collabora.Office.desktop"; # ODS - "application/vnd.oasis.opendocument.presentation" = "com.collabora.Office.desktop"; # ODP - "application/msword" = "com.collabora.Office.desktop"; # DOC - "application/vnd.ms-excel" = "com.collabora.Office.desktop"; # XLS - "application/vnd.ms-powerpoint" = "com.collabora.Office.desktop"; # PPT - "application/zip" = "org.gnome.FileRoller.desktop"; - "application/x-tar" = "org.gnome.FileRoller.desktop"; - "application/x-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-bzip-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-xz-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-7z-compressed" = "org.gnome.FileRoller.desktop"; - "application/x-rar" = "org.gnome.FileRoller.desktop"; - "application/gzip" = "org.gnome.FileRoller.desktop"; - "application/x-bzip" = "org.gnome.FileRoller.desktop"; - "inode/directory" = "org.gnome.Nautilus.desktop"; - }; - }; - }; - - # Set Ghostty as default terminal - home.sessionVariables = { - TERMINAL = "ghostty"; }; }; }; diff --git a/aspects/desktop/niri.nix b/aspects/desktop/niri.nix index cdd02ac..adb3f80 100644 --- a/aspects/desktop/niri.nix +++ b/aspects/desktop/niri.nix @@ -1,228 +1,251 @@ -{ ... }: +{ inputs, ... }: { - flake.modules.homeManager.desktop-niri = - { - config, - lib, - pkgs, - inputs, - hostname ? null, - ... - }: - let - isRotterdam = hostname == "rotterdam"; - in - { - imports = [ inputs.noctalia.homeModules.default ]; + flake.modules = { + nixos.niri = + { + config, + lib, + pkgs, + ... + }: + { + imports = [ inputs.niri-flake.nixosModules.niri ]; - services.kanshi = { - enable = true; - settings = [ - { - profile.name = "default"; - profile.outputs = [ - { - criteria = "*"; - scale = 1.0; + services.greetd.settings = { + default_session.command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; + }; + + programs.niri.enable = true; + + xdg.portal.config.niri.default = [ + "gtk" + "gnome" + ]; + }; + homeManager.niri = + { + config, + lib, + pkgs, + inputs, + hostname ? null, + ... + }: + let + isRotterdam = hostname == "rotterdam"; + in + { + imports = [ inputs.noctalia.homeModules.default ]; + + services.kanshi = { + enable = true; + settings = [ + { + profile.name = "default"; + profile.outputs = [ + { + criteria = "*"; + scale = 1.0; + } + ]; + } + ]; + }; + + home = { + packages = with pkgs; [ + xwayland-satellite + inputs.noctalia.packages.${pkgs.system}.default + ]; + sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; + }; + + xdg.configFile."niri/config.kdl".text = '' + input { + keyboard { + xkb { + layout "us" + variant "altgr-intl" } - ]; + } + touchpad { + tap + dwt + drag true + drag-lock + natural-scroll + accel-speed 0.2 + accel-profile "flat" + scroll-method "two-finger" + middle-emulation + } + mouse { + natural-scroll + accel-speed 0.2 + accel-profile "flat" + } + warp-mouse-to-focus mode="center-xy" + focus-follows-mouse } - ]; - }; - home = { - packages = with pkgs; [ - xwayland-satellite - inputs.noctalia.packages.${pkgs.system}.default - ]; - sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; - }; - - xdg.configFile."niri/config.kdl".text = '' - input { - keyboard { - xkb { - layout "us" - variant "altgr-intl" + layout { + gaps 8 + center-focused-column "never" + auto-center-when-space-available + preset-column-widths { + ${ + if isRotterdam then + '' + proportion 0.33333 + proportion 0.5 + proportion 0.66667 + '' + else + '' + proportion 0.5 + proportion 1.0 + '' + } + } + default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } + focus-ring { + off + } + border { + width 4 + active-color "#ffc87f" + inactive-color "#505050" + urgent-color "#9b0000" + } + tab-indicator { + width 4 + gap 4 + place-within-column } } - touchpad { - tap - dwt - drag true - drag-lock - natural-scroll - accel-speed 0.2 - accel-profile "flat" - scroll-method "two-finger" - middle-emulation + + overview { + zoom 0.65 } - mouse { - natural-scroll - accel-speed 0.2 - accel-profile "flat" + + spawn-at-startup "noctalia-shell" "-d" + layer-rule { + match namespace="^noctalia-overview*" + place-within-backdrop true } - warp-mouse-to-focus mode="center-xy" - focus-follows-mouse - } - layout { - gaps 8 - center-focused-column "never" - auto-center-when-space-available - preset-column-widths { - ${ - if isRotterdam then - '' - proportion 0.33333 - proportion 0.5 - proportion 0.66667 - '' - else - '' - proportion 0.5 - proportion 1.0 - '' - } + hotkey-overlay { + skip-at-startup } - default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } - focus-ring { - off + + prefer-no-csd + screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" + + animations { + slowdown 0.3 } - border { - width 4 - active-color "#ffc87f" - inactive-color "#505050" - urgent-color "#9b0000" + + window-rule { + match app-id="zen" + default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; } } - tab-indicator { - width 4 - gap 4 - place-within-column + + window-rule { + geometry-corner-radius 12 + clip-to-geometry true } - } - overview { - zoom 0.65 - } + config-notification { + disable-failed + } - spawn-at-startup "noctalia-shell" "-d" - layer-rule { - match namespace="^noctalia-overview*" - place-within-backdrop true - } - - hotkey-overlay { - skip-at-startup - } - - prefer-no-csd - screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" - - animations { - slowdown 0.3 - } - - window-rule { - match app-id="zen" - default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; } - } - - window-rule { - geometry-corner-radius 12 - clip-to-geometry true - } - - config-notification { - disable-failed - } - - binds { - Alt+Space repeat=false { spawn "vicinae" "toggle"; } - XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; } - XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; } - XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; } - XF86MonBrightnessUp allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "increase"; } - XF86MonBrightnessDown allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "decrease"; } - XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; } - XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } - XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } - XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } - Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; } - Mod+Shift+L repeat=false { spawn "noctalia-shell" "ipc" "call" "lockScreen" "lock"; } - Mod+Return { spawn "ghostty"; } - Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } - Mod+W repeat=false { toggle-overview; } - Mod+Q { close-window; } - Alt+Shift+Q { close-window;} - Mod+Shift+Q { close-window; } - Alt+F4 { close-window; } - Mod+Left { focus-column-left; } - Mod+Down { focus-window-or-workspace-down; } - Mod+Up { focus-window-or-workspace-up; } - Mod+Right { focus-column-right; } - Mod+H { focus-column-left; } - Mod+L { focus-column-right; } - Mod+J { focus-window-or-workspace-down; } - Mod+K { focus-window-or-workspace-up; } - Mod+Ctrl+Left { move-column-left; } - Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } - Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } - Mod+Ctrl+Right { move-column-right; } - Mod+Ctrl+H { move-column-left; } - Mod+Ctrl+J { move-window-down-or-to-workspace-down; } - Mod+Ctrl+K { move-window-up-or-to-workspace-up; } - Mod+Ctrl+L { move-column-right; } - Mod+Home { focus-column-first; } - Mod+End { focus-column-last; } - Mod+Ctrl+Home { move-column-to-first; } - Mod+Ctrl+End { move-column-to-last; } - Mod+Alt+Left { focus-monitor-left; } - Mod+Alt+Down { focus-monitor-down; } - Mod+Alt+Up { focus-monitor-up; } - Mod+Alt+Right { focus-monitor-right; } - Mod+Alt+H { focus-monitor-left; } - Mod+Alt+J { focus-monitor-down; } - Mod+Alt+K { focus-monitor-up; } - Mod+Alt+L { focus-monitor-right; } - Mod+Alt+Ctrl+Left { move-column-to-monitor-left; } - Mod+Alt+Ctrl+Down { move-column-to-monitor-down; } - Mod+Alt+Ctrl+Up { move-column-to-monitor-up; } - Mod+Alt+Ctrl+Right { move-column-to-monitor-right; } - Mod+Alt+Ctrl+H { move-column-to-monitor-left; } - Mod+Alt+Ctrl+J { move-column-to-monitor-down; } - Mod+Alt+Ctrl+K { move-column-to-monitor-up; } - Mod+Alt+Ctrl+L { move-column-to-monitor-right; } - Mod+Ctrl+U { move-workspace-down; } - Mod+Ctrl+I { move-workspace-up; } - Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; } - Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; } - Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; } - Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; } - Mod+Shift+WheelScrollDown { focus-column-right; } - Mod+Shift+WheelScrollUp { focus-column-left; } - Mod+Ctrl+Shift+WheelScrollDown { move-column-right; } - Mod+Ctrl+Shift+WheelScrollUp { move-column-left; } - Mod+BracketLeft { consume-or-expel-window-left; } - Mod+BracketRight { consume-or-expel-window-right; } - Mod+Comma { consume-window-into-column; } - Mod+Period { expel-window-from-column; } - Mod+R { switch-preset-column-width; } - Mod+F { maximize-column; } - Mod+Ctrl+F { fullscreen-window; } - Mod+C { center-visible-columns; } - Mod+Ctrl+C { center-column; } - Mod+Space { toggle-window-floating; } - Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; } - Mod+T { toggle-column-tabbed-display; } - Print { screenshot-screen; } - Mod+Print { screenshot; } - Ctrl+Print { screenshot-window; } - Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } - Mod+Alt+E { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } - Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } - Mod+Ctrl+P { power-off-monitors; } - } - ''; - }; + binds { + Alt+Space repeat=false { spawn "vicinae" "toggle"; } + XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; } + XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; } + XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; } + XF86MonBrightnessUp allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "increase"; } + XF86MonBrightnessDown allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "decrease"; } + XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; } + XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } + XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } + XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } + Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; } + Mod+Shift+L repeat=false { spawn "noctalia-shell" "ipc" "call" "lockScreen" "lock"; } + Mod+Return { spawn "ghostty"; } + Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } + Mod+W repeat=false { toggle-overview; } + Mod+Q { close-window; } + Alt+Shift+Q { close-window;} + Mod+Shift+Q { close-window; } + Alt+F4 { close-window; } + Mod+Left { focus-column-left; } + Mod+Down { focus-window-or-workspace-down; } + Mod+Up { focus-window-or-workspace-up; } + Mod+Right { focus-column-right; } + Mod+H { focus-column-left; } + Mod+L { focus-column-right; } + Mod+J { focus-window-or-workspace-down; } + Mod+K { focus-window-or-workspace-up; } + Mod+Ctrl+Left { move-column-left; } + Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } + Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } + Mod+Ctrl+Right { move-column-right; } + Mod+Ctrl+H { move-column-left; } + Mod+Ctrl+J { move-window-down-or-to-workspace-down; } + Mod+Ctrl+K { move-window-up-or-to-workspace-up; } + Mod+Ctrl+L { move-column-right; } + Mod+Home { focus-column-first; } + Mod+End { focus-column-last; } + Mod+Ctrl+Home { move-column-to-first; } + Mod+Ctrl+End { move-column-to-last; } + Mod+Alt+Left { focus-monitor-left; } + Mod+Alt+Down { focus-monitor-down; } + Mod+Alt+Up { focus-monitor-up; } + Mod+Alt+Right { focus-monitor-right; } + Mod+Alt+H { focus-monitor-left; } + Mod+Alt+J { focus-monitor-down; } + Mod+Alt+K { focus-monitor-up; } + Mod+Alt+L { focus-monitor-right; } + Mod+Alt+Ctrl+Left { move-column-to-monitor-left; } + Mod+Alt+Ctrl+Down { move-column-to-monitor-down; } + Mod+Alt+Ctrl+Up { move-column-to-monitor-up; } + Mod+Alt+Ctrl+Right { move-column-to-monitor-right; } + Mod+Alt+Ctrl+H { move-column-to-monitor-left; } + Mod+Alt+Ctrl+J { move-column-to-monitor-down; } + Mod+Alt+Ctrl+K { move-column-to-monitor-up; } + Mod+Alt+Ctrl+L { move-column-to-monitor-right; } + Mod+Ctrl+U { move-workspace-down; } + Mod+Ctrl+I { move-workspace-up; } + Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; } + Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; } + Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; } + Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; } + Mod+Shift+WheelScrollDown { focus-column-right; } + Mod+Shift+WheelScrollUp { focus-column-left; } + Mod+Ctrl+Shift+WheelScrollDown { move-column-right; } + Mod+Ctrl+Shift+WheelScrollUp { move-column-left; } + Mod+BracketLeft { consume-or-expel-window-left; } + Mod+BracketRight { consume-or-expel-window-right; } + Mod+Comma { consume-window-into-column; } + Mod+Period { expel-window-from-column; } + Mod+R { switch-preset-column-width; } + Mod+F { maximize-column; } + Mod+Ctrl+F { fullscreen-window; } + Mod+C { center-visible-columns; } + Mod+Ctrl+C { center-column; } + Mod+Space { toggle-window-floating; } + Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; } + Mod+T { toggle-column-tabbed-display; } + Print { screenshot-screen; } + Mod+Print { screenshot; } + Ctrl+Print { screenshot-window; } + Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } + Mod+Alt+E { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } + Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } + Mod+Ctrl+P { power-off-monitors; } + } + ''; + }; + }; } diff --git a/aspects/desktop/nix.nix b/aspects/desktop/nix.nix deleted file mode 100644 index 3a9e71e..0000000 --- a/aspects/desktop/nix.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ inputs, ... }: -{ - flake.modules.nixos.desktop-nix = - { - config, - lib, - pkgs, - ... - }: - { - environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; - - nix = { - registry.nixpkgs.flake = inputs.nixpkgs; - nixPath = [ - "nixpkgs=${inputs.nixpkgs}" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - }; - }; -} diff --git a/aspects/desktop/services.nix b/aspects/desktop/services.nix deleted file mode 100644 index eb9482a..0000000 --- a/aspects/desktop/services.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ ... }: -{ - flake.modules.nixos.desktop-services = - { - config, - lib, - pkgs, - ... - }: - { - services = { - printing.enable = true; - udev.packages = with pkgs; [ yubikey-personalization ]; - keyd = { - enable = true; - keyboards.all = { - ids = [ "*" ]; - settings.main.capslock = "overload(meta, esc)"; - }; - }; - }; - }; -} diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix index 6163244..6944555 100644 --- a/aspects/hosts/io.nix +++ b/aspects/hosts/io.nix @@ -22,23 +22,19 @@ # system aspects base cli + desktop # user aspects user root - # Desktop aspects - desktop-boot - desktop-desktop - desktop-nix - desktop-services - # Other aspects ai bluetooth dev libvirtd networkmanager + niri podman ]); }; diff --git a/aspects/hosts/rotterdam.nix b/aspects/hosts/rotterdam.nix index 77ffe54..ad4192e 100644 --- a/aspects/hosts/rotterdam.nix +++ b/aspects/hosts/rotterdam.nix @@ -22,28 +22,24 @@ # system aspects base cli + desktop # user aspects user root - # Desktop aspects - desktop-boot - desktop-desktop - desktop-nix - desktop-services - # Other aspects based on tags ai bluetooth dev fwupd - gaming-steam - gaming-hardware gaming-flatpak + gaming-hardware gaming-launchers + gaming-steam libvirtd networkmanager + niri podman ]); }; diff --git a/aspects/programs/graphics.nix b/aspects/programs/graphics.nix index 4b7a16b..7d1ed6d 100644 --- a/aspects/programs/graphics.nix +++ b/aspects/programs/graphics.nix @@ -1,7 +1,7 @@ { ... }: { - flake.modules.nixos.programs-graphics = + flake.modules.nixos.graphics = { pkgs, ... }: { environment.systemPackages = with pkgs; [ diff --git a/aspects/programs/media.nix b/aspects/programs/media.nix index 7daaa87..ed6a767 100644 --- a/aspects/programs/media.nix +++ b/aspects/programs/media.nix @@ -2,7 +2,7 @@ { flake.modules = { - nixos.programs-media = + nixos.media = { pkgs, ... }: { environment.systemPackages = with pkgs; [ diff --git a/aspects/programs/office.nix b/aspects/programs/office.nix index c3349f3..fe41d1d 100644 --- a/aspects/programs/office.nix +++ b/aspects/programs/office.nix @@ -1,7 +1,7 @@ { ... }: { - flake.modules.nixos.programs-office = + flake.modules.nixos.office = { pkgs, ... }: { environment.systemPackages = with pkgs; [ diff --git a/aspects/programs/utilities.nix b/aspects/programs/utilities.nix deleted file mode 100644 index 4a207af..0000000 --- a/aspects/programs/utilities.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ ... }: - -{ - flake.modules = { - nixos.programs-utilities = - { pkgs, ... }: - { - environment.systemPackages = with pkgs; [ - ghostty - gnome-disk-utility - mission-center - nautilus - p7zip - rclone - unrar - # Desktop Integration - adwaita-icon-theme - junction - libfido2 - toggleaudiosink - # Xwayland Support - xwayland-satellite - ]; - - services.flatpak.packages = [ - "com.github.tchx84.Flatseal" - "com.rustdesk.RustDesk" - ]; - }; - - homeManager.programs-utilities = - { pkgs, ... }: - { - programs = { - ghostty = { - enable = true; - settings = { - cursor-style = "block"; - shell-integration-features = "no-cursor"; - cursor-style-blink = false; - custom-shader = "${builtins.fetchurl { - url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; - sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; - }}"; - bell-features = ""; - gtk-titlebar-style = "tabs"; - keybind = [ "shift+enter=text:\\x1b\\r" ]; - }; - }; - - password-store = { - enable = true; - package = pkgs.pass-wayland; - }; - }; - - home.sessionVariables = { - TERMINAL = "ghostty"; - }; - }; - }; -} diff --git a/aspects/programs/web.nix b/aspects/programs/web.nix index a11ca57..f661218 100644 --- a/aspects/programs/web.nix +++ b/aspects/programs/web.nix @@ -1,7 +1,7 @@ { ... }: { - flake.modules.nixos.programs-web = + flake.modules.nixos.web = { inputs, pkgs, diff --git a/aspects/users/_user/git.nix b/aspects/users/_user/git.nix index 9c1fb20..40a5714 100644 --- a/aspects/users/_user/git.nix +++ b/aspects/users/_user/git.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ ... }: { programs = { From 7815017528fca3e0addb848dbf64d8858f4ed0cb Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 16:36:06 -0300 Subject: [PATCH 110/138] rework system, programs, desktop, cli and base aspects --- aspects/{shell => base}/bash.nix | 2 +- aspects/base/fish.nix | 47 +++++++++++++++++++ aspects/{programs => desktop}/graphics.nix | 0 aspects/{programs => desktop}/media.nix | 0 aspects/{programs => desktop}/office.nix | 0 aspects/{programs => desktop}/web.nix | 0 aspects/server/boot.nix | 14 ------ aspects/server/tailscale.nix | 22 --------- aspects/shell/fish.nix | 40 ---------------- aspects/{base => systems}/base.nix | 8 +--- aspects/{cli => systems}/cli.nix | 0 aspects/{desktop => systems}/desktop.nix | 0 .../{server/nix.nix => systems/server.nix} | 18 ++++++- 13 files changed, 66 insertions(+), 85 deletions(-) rename aspects/{shell => base}/bash.nix (82%) create mode 100644 aspects/base/fish.nix rename aspects/{programs => desktop}/graphics.nix (100%) rename aspects/{programs => desktop}/media.nix (100%) rename aspects/{programs => desktop}/office.nix (100%) rename aspects/{programs => desktop}/web.nix (100%) delete mode 100644 aspects/server/boot.nix delete mode 100644 aspects/server/tailscale.nix delete mode 100644 aspects/shell/fish.nix rename aspects/{base => systems}/base.nix (87%) rename aspects/{cli => systems}/cli.nix (100%) rename aspects/{desktop => systems}/desktop.nix (100%) rename aspects/{server/nix.nix => systems/server.nix} (51%) diff --git a/aspects/shell/bash.nix b/aspects/base/bash.nix similarity index 82% rename from aspects/shell/bash.nix rename to aspects/base/bash.nix index e451148..6ba97ef 100644 --- a/aspects/shell/bash.nix +++ b/aspects/base/bash.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.homeManager.shell-bash = + flake.modules.homeManager.bash = { config, lib, diff --git a/aspects/base/fish.nix b/aspects/base/fish.nix new file mode 100644 index 0000000..8ed326a --- /dev/null +++ b/aspects/base/fish.nix @@ -0,0 +1,47 @@ +{ ... }: +{ + flake.modules = { + nixos.fish = + { ... }: + { + programs.fish.enable = true; + }; + homeManager.fish = + { + config, + lib, + pkgs, + ... + }: + { + programs.fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + ${lib.getExe pkgs.nix-your-shell} fish | source + ''; + loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; + plugins = [ + { + name = "bang-bang"; + src = pkgs.fetchFromGitHub { + owner = "oh-my-fish"; + repo = "plugin-bang-bang"; + rev = "f969c618301163273d0a03d002614d9a81952c1e"; + sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; + }; + } + { + name = "z"; + src = pkgs.fetchFromGitHub { + owner = "jethrokuan"; + repo = "z"; + rev = "067e867debee59aee231e789fc4631f80fa5788e"; + sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU="; + }; + } + ]; + }; + }; + }; +} diff --git a/aspects/programs/graphics.nix b/aspects/desktop/graphics.nix similarity index 100% rename from aspects/programs/graphics.nix rename to aspects/desktop/graphics.nix diff --git a/aspects/programs/media.nix b/aspects/desktop/media.nix similarity index 100% rename from aspects/programs/media.nix rename to aspects/desktop/media.nix diff --git a/aspects/programs/office.nix b/aspects/desktop/office.nix similarity index 100% rename from aspects/programs/office.nix rename to aspects/desktop/office.nix diff --git a/aspects/programs/web.nix b/aspects/desktop/web.nix similarity index 100% rename from aspects/programs/web.nix rename to aspects/desktop/web.nix diff --git a/aspects/server/boot.nix b/aspects/server/boot.nix deleted file mode 100644 index 38634d1..0000000 --- a/aspects/server/boot.nix +++ /dev/null @@ -1,14 +0,0 @@ -# aspects/server/boot.nix -{ ... }: -{ - flake.modules.nixos.server-boot = - { - config, - lib, - pkgs, - ... - }: - { - boot.kernelPackages = pkgs.linuxPackages_hardened; - }; -} diff --git a/aspects/server/tailscale.nix b/aspects/server/tailscale.nix deleted file mode 100644 index cf2fa4b..0000000 --- a/aspects/server/tailscale.nix +++ /dev/null @@ -1,22 +0,0 @@ -# aspects/server/tailscale.nix -{ ... }: -{ - flake.modules.nixos.server-tailscale = - { - config, - lib, - pkgs, - ... - }: - { - services.tailscale = { - extraSetFlags = [ "--advertise-exit-node" ]; - useRoutingFeatures = "server"; - }; - - boot.kernel.sysctl = { - "net.ipv4.ip_forward" = 1; - "net.ipv6.conf.all.forwarding" = 1; - }; - }; -} diff --git a/aspects/shell/fish.nix b/aspects/shell/fish.nix deleted file mode 100644 index 22c0f5c..0000000 --- a/aspects/shell/fish.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ ... }: -{ - flake.modules.homeManager.shell-fish = - { - config, - lib, - pkgs, - ... - }: - { - programs.fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - ${lib.getExe pkgs.nix-your-shell} fish | source - ''; - loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; - plugins = [ - { - name = "bang-bang"; - src = pkgs.fetchFromGitHub { - owner = "oh-my-fish"; - repo = "plugin-bang-bang"; - rev = "f969c618301163273d0a03d002614d9a81952c1e"; - sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; - }; - } - { - name = "z"; - src = pkgs.fetchFromGitHub { - owner = "jethrokuan"; - repo = "z"; - rev = "067e867debee59aee231e789fc4631f80fa5788e"; - sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU="; - }; - } - ]; - }; - }; -} diff --git a/aspects/base/base.nix b/aspects/systems/base.nix similarity index 87% rename from aspects/base/base.nix rename to aspects/systems/base.nix index 08841b2..5fef6b9 100644 --- a/aspects/base/base.nix +++ b/aspects/systems/base.nix @@ -7,6 +7,7 @@ boot console firewall + fish locale nix security @@ -28,12 +29,7 @@ }; }; - programs = { - command-not-found.enable = false; - fish = { - enable = true; - }; - }; + programs.command-not-found.enable = false; services = { dbus.implementation = "broker"; diff --git a/aspects/cli/cli.nix b/aspects/systems/cli.nix similarity index 100% rename from aspects/cli/cli.nix rename to aspects/systems/cli.nix diff --git a/aspects/desktop/desktop.nix b/aspects/systems/desktop.nix similarity index 100% rename from aspects/desktop/desktop.nix rename to aspects/systems/desktop.nix diff --git a/aspects/server/nix.nix b/aspects/systems/server.nix similarity index 51% rename from aspects/server/nix.nix rename to aspects/systems/server.nix index 1cb8e8b..c3c24f0 100644 --- a/aspects/server/nix.nix +++ b/aspects/systems/server.nix @@ -1,7 +1,7 @@ -# aspects/server/nix.nix { inputs, ... }: + { - flake.modules.nixos.server-nix = + flake.modules.nixos.server = { config, lib, @@ -9,6 +9,14 @@ ... }: { + boot = { + kernelPackages = pkgs.linuxPackages_hardened; + kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + }; + }; + environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; nix = { @@ -18,5 +26,11 @@ "/nix/var/nix/profiles/per-user/root/channels" ]; }; + + services.tailscale = { + extraSetFlags = [ "--advertise-exit-node" ]; + useRoutingFeatures = "server"; + }; + }; } From 755937cb56f26b90e4a551de9b20e26ec72f948d Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 16:45:33 -0300 Subject: [PATCH 111/138] rework user aspect --- aspects/users/user.nix | 82 ++++++++++++------------------------------ 1 file changed, 23 insertions(+), 59 deletions(-) diff --git a/aspects/users/user.nix b/aspects/users/user.nix index ad1b8ca..ca74e8d 100644 --- a/aspects/users/user.nix +++ b/aspects/users/user.nix @@ -1,4 +1,4 @@ -{ inputs, self, ... }: +{ inputs, lib, ... }: { flake = { @@ -30,37 +30,6 @@ }; modules = [ { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - - # CLI aspects (common module included) - inputs.self.modules.homeManager.cli-base - inputs.self.modules.homeManager.cli-btop - inputs.self.modules.homeManager.cli-comma - inputs.self.modules.homeManager.cli-direnv - inputs.self.modules.homeManager.cli-helix - inputs.self.modules.homeManager.cli-starship - inputs.self.modules.homeManager.cli-tmux - - # Shell - inputs.self.modules.homeManager.shell-fish - inputs.self.modules.homeManager.shell-bash - - # Desktop - inputs.self.modules.homeManager.desktop-desktop - inputs.self.modules.homeManager.desktop-niri - - # Gaming - inputs.self.modules.homeManager.gaming-mangohud - - # Programs - inputs.self.modules.homeManager.programs-media # for obs-studio - - # Stylix - inputs.self.modules.homeManager.stylix - - # User-specific (from _user/) - ./_user/git.nix - - # Home configuration { home = { username = "user"; @@ -68,7 +37,17 @@ stateVersion = "22.05"; }; } - ]; + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) + ] + ++ (with inputs.self.modules.homeManager; [ + base # base aspect + cli # cli aspect + desktop # desktop aspect + + # other aspect + stylix + niri + ]); }; "user@io" = inputs.home-manager.lib.homeManagerConfiguration { @@ -79,31 +58,6 @@ }; modules = [ { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - - # CLI aspects (common module included) - inputs.self.modules.homeManager.cli-base - inputs.self.modules.homeManager.cli-btop - inputs.self.modules.homeManager.cli-comma - inputs.self.modules.homeManager.cli-direnv - inputs.self.modules.homeManager.cli-helix - inputs.self.modules.homeManager.cli-starship - inputs.self.modules.homeManager.cli-tmux - - # Shell - inputs.self.modules.homeManager.shell-fish - inputs.self.modules.homeManager.shell-bash - - # Desktop - inputs.self.modules.homeManager.desktop-desktop - inputs.self.modules.homeManager.desktop-niri - - # Stylix - inputs.self.modules.homeManager.stylix - - # User-specific (from _user/) - ./_user/git.nix - - # Home configuration { home = { username = "user"; @@ -111,7 +65,17 @@ stateVersion = "22.05"; }; } - ]; + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) + ] + ++ (with inputs.self.modules.homeManager; [ + base # base aspect + cli # cli aspect + desktop # desktop aspect + + # other aspect + stylix + niri + ]); }; }; }; From 0ce2d3b9479f496ba014ad12d6b8c2e8043b1319 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 17:02:56 -0300 Subject: [PATCH 112/138] reworked other aspects --- aspects/ai.nix | 2 +- aspects/bluetooth.nix | 5 ++++- aspects/desktop/office.nix | 1 + aspects/dev.nix | 3 --- aspects/stylix.nix | 15 ++------------- 5 files changed, 8 insertions(+), 18 deletions(-) diff --git a/aspects/ai.nix b/aspects/ai.nix index f67bbbc..3431ddd 100644 --- a/aspects/ai.nix +++ b/aspects/ai.nix @@ -4,7 +4,7 @@ { inputs, pkgs, ... }: { environment.systemPackages = - (with pkgs; [ claude-desktop ]) + (with pkgs; [ ]) ++ (with inputs.nix-ai-tools.packages.${pkgs.system}; [ claude-code claudebox diff --git a/aspects/bluetooth.nix b/aspects/bluetooth.nix index 2027ac1..6c7b2d8 100644 --- a/aspects/bluetooth.nix +++ b/aspects/bluetooth.nix @@ -8,6 +8,9 @@ ... }: { - hardware.bluetooth.enable = true; + hardware.bluetooth = { + enable = true; + powerOnBoot = false; + }; }; } diff --git a/aspects/desktop/office.nix b/aspects/desktop/office.nix index fe41d1d..68d958a 100644 --- a/aspects/desktop/office.nix +++ b/aspects/desktop/office.nix @@ -10,6 +10,7 @@ aspellDicts.en aspellDicts.en-computers aspellDicts.pt_BR + glow papers presenterm rnote diff --git a/aspects/dev.nix b/aspects/dev.nix index 89a1026..afe9edc 100644 --- a/aspects/dev.nix +++ b/aspects/dev.nix @@ -10,14 +10,11 @@ { environment.systemPackages = with pkgs; [ android-tools - bat lazygit fd fzf - glow nixfmt nix-init - nix-output-monitor ripgrep ]; diff --git a/aspects/stylix.nix b/aspects/stylix.nix index ec3fd42..f7eb9fa 100644 --- a/aspects/stylix.nix +++ b/aspects/stylix.nix @@ -1,4 +1,5 @@ { ... }: + { flake.modules = { nixos.stylix = @@ -15,10 +16,7 @@ ... }: { - imports = [ - inputs.stylix.homeModules.stylix - inputs.zen-browser.homeModules.beta - ]; + imports = [ inputs.stylix.homeModules.stylix ]; stylix = { enable = true; @@ -65,15 +63,6 @@ terminal = 12; }; }; - targets.zen-browser = { - enable = true; - profileNames = [ "william" ]; - }; - }; - - programs.zen-browser = { - enable = true; - profiles.william = { }; }; }; }; From 1075c256f85a5ad19bf443aad8a9f3001ebe3c95 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 17:17:29 -0300 Subject: [PATCH 113/138] rework gaming aspect --- aspects/gaming/flatpak.nix | 25 ------------------- aspects/gaming/hardware.nix | 13 ---------- aspects/gaming/launchers.nix | 13 ---------- aspects/gaming/mangohud.nix | 4 +-- aspects/gaming/steam.nix | 7 +++++- aspects/hosts/alexandria.nix | 8 ++---- aspects/hosts/rotterdam.nix | 7 ++---- aspects/hosts/trantor.nix | 6 +---- aspects/systems/cli.nix | 2 +- aspects/systems/gaming.nix | 48 ++++++++++++++++++++++++++++++++++++ aspects/users/user.nix | 17 +++++++------ 11 files changed, 72 insertions(+), 78 deletions(-) delete mode 100644 aspects/gaming/flatpak.nix delete mode 100644 aspects/gaming/hardware.nix delete mode 100644 aspects/gaming/launchers.nix create mode 100644 aspects/systems/gaming.nix diff --git a/aspects/gaming/flatpak.nix b/aspects/gaming/flatpak.nix deleted file mode 100644 index cc4d0ee..0000000 --- a/aspects/gaming/flatpak.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ ... }: - -{ - flake.modules.nixos.gaming-flatpak = - { pkgs, ... }: - { - services.flatpak.packages = [ - "com.github.k4zmu2a.spacecadetpinball" - "com.steamgriddb.SGDBoop" - "io.github.Foldex.AdwSteamGtk" - "io.itch.itch" - "io.mrarm.mcpelauncher" - "net.retrodeck.retrodeck" - "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08" - rec { - appId = "com.hypixel.HytaleLauncher"; - sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv"; - bundle = "${pkgs.fetchurl { - url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak"; - inherit sha256; - }}"; - } - ]; - }; -} diff --git a/aspects/gaming/hardware.nix b/aspects/gaming/hardware.nix deleted file mode 100644 index e3b5c4b..0000000 --- a/aspects/gaming/hardware.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: - -{ - flake.modules.nixos.gaming-hardware = - { ... }: - { - hardware = { - xpadneo.enable = true; - steam-hardware.enable = true; # Allow steam client to manage controllers - graphics.enable32Bit = true; # For OpenGL games - }; - }; -} diff --git a/aspects/gaming/launchers.nix b/aspects/gaming/launchers.nix deleted file mode 100644 index 1fd3bb4..0000000 --- a/aspects/gaming/launchers.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: - -{ - flake.modules.nixos.gaming-launchers = - { pkgs, ... }: - { - environment.systemPackages = with pkgs; [ - clonehero - heroic - prismlauncher - ]; - }; -} diff --git a/aspects/gaming/mangohud.nix b/aspects/gaming/mangohud.nix index 2856b8f..14a3df6 100644 --- a/aspects/gaming/mangohud.nix +++ b/aspects/gaming/mangohud.nix @@ -2,7 +2,7 @@ { flake.modules = { - nixos.gaming-mangohud = + nixos.mangohud = { pkgs, ... }: { environment.systemPackages = with pkgs; [ @@ -10,7 +10,7 @@ ]; }; - homeManager.gaming-mangohud = + homeManager.mangohud = { config, ... }: { programs.mangohud = { diff --git a/aspects/gaming/steam.nix b/aspects/gaming/steam.nix index 530c99b..a10d0e4 100644 --- a/aspects/gaming/steam.nix +++ b/aspects/gaming/steam.nix @@ -1,7 +1,7 @@ { ... }: { - flake.modules.nixos.gaming-steam = + flake.modules.nixos.steam = { pkgs, ... }: { environment.systemPackages = with pkgs; [ @@ -15,5 +15,10 @@ }; gamemode.enable = true; }; + + services.flatpak.packages = [ + "com.steamgriddb.SGDBoop" + "io.github.Foldex.AdwSteamGtk" + ]; }; } diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index d05639d..57fdf5f 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -19,17 +19,13 @@ # system aspects base cli + server # user aspects user root - # Server aspects - server-boot - server-nix - server-tailscale - - # Other aspects + # other aspects fwupd ]); }; diff --git a/aspects/hosts/rotterdam.nix b/aspects/hosts/rotterdam.nix index ad4192e..1c177e4 100644 --- a/aspects/hosts/rotterdam.nix +++ b/aspects/hosts/rotterdam.nix @@ -23,20 +23,17 @@ base cli desktop + gaming # user aspects user root - # Other aspects based on tags + # other aspects ai bluetooth dev fwupd - gaming-flatpak - gaming-hardware - gaming-launchers - gaming-steam libvirtd networkmanager niri diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix index e7934ab..076672c 100644 --- a/aspects/hosts/trantor.nix +++ b/aspects/hosts/trantor.nix @@ -21,15 +21,11 @@ # system aspects base cli + server # user aspects user root - - # Server aspects - server-boot - server-nix - server-tailscale ]); }; } diff --git a/aspects/systems/cli.nix b/aspects/systems/cli.nix index 1d379e8..2b95f0e 100644 --- a/aspects/systems/cli.nix +++ b/aspects/systems/cli.nix @@ -19,7 +19,7 @@ homeManager.cli = { ... }: { - imports = with inputs.self.modules.nixos; [ + imports = with inputs.self.modules.homeManager; [ btop comma direnv diff --git a/aspects/systems/gaming.nix b/aspects/systems/gaming.nix new file mode 100644 index 0000000..e73a6fe --- /dev/null +++ b/aspects/systems/gaming.nix @@ -0,0 +1,48 @@ +{ inputs, ... }: + +{ + flake.modules = { + nixos.gaming = + { pkgs, ... }: + { + imports = with inputs.self.modules.nixos; [ + mangohud + steam + ]; + hardware = { + xpadneo.enable = true; + steam-hardware.enable = true; # Allow steam client to manage controllers + graphics.enable32Bit = true; # For OpenGL games + }; + + services.flatpak.packages = [ + "com.github.k4zmu2a.spacecadetpinball" + "io.itch.itch" + "io.mrarm.mcpelauncher" + "net.retrodeck.retrodeck" + "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08" + rec { + appId = "com.hypixel.HytaleLauncher"; + sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv"; + bundle = "${pkgs.fetchurl { + url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak"; + inherit sha256; + }}"; + } + ]; + + environment.systemPackages = with pkgs; [ + clonehero + heroic + prismlauncher + ]; + }; + homeManager.gaming = + { ... }: + { + imports = with inputs.self.modules.homeManager; [ + mangohud + ]; + }; + }; +} diff --git a/aspects/users/user.nix b/aspects/users/user.nix index ca74e8d..e37c038 100644 --- a/aspects/users/user.nix +++ b/aspects/users/user.nix @@ -40,11 +40,13 @@ ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) ] ++ (with inputs.self.modules.homeManager; [ - base # base aspect - cli # cli aspect - desktop # desktop aspect + # system aspects + base + cli + desktop + gaming - # other aspect + # other aspects stylix niri ]); @@ -68,9 +70,10 @@ ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) ] ++ (with inputs.self.modules.homeManager; [ - base # base aspect - cli # cli aspect - desktop # desktop aspect + # system aspects + base + cli + desktop # other aspect stylix From 472aabee2a655f3ab3e69a753fd19a8401398a0f Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 17:32:03 -0300 Subject: [PATCH 114/138] finalise dendritic migration --- aspects/desktop/media.nix | 2 +- aspects/systems/base.nix | 83 +++++++++++++++++++++---------------- aspects/systems/desktop.nix | 5 ++- 3 files changed, 52 insertions(+), 38 deletions(-) diff --git a/aspects/desktop/media.nix b/aspects/desktop/media.nix index ed6a767..7543c0a 100644 --- a/aspects/desktop/media.nix +++ b/aspects/desktop/media.nix @@ -13,7 +13,7 @@ ]; }; - homeManager.programs-media = + homeManager.media = { pkgs, ... }: { programs.obs-studio = { diff --git a/aspects/systems/base.nix b/aspects/systems/base.nix index 5fef6b9..fdfc525 100644 --- a/aspects/systems/base.nix +++ b/aspects/systems/base.nix @@ -1,44 +1,55 @@ { inputs, ... }: { - flake.modules.nixos.base = - { lib, pkgs, ... }: - { - imports = with inputs.self.modules.nixos; [ - boot - console - firewall - fish - locale - nix - security - ssh - ]; - environment = { - systemPackages = with pkgs; [ - git - fastfetch - nixos-firewall-tool - sysz - wget - yazi + flake.modules = { + nixos.base = + { lib, pkgs, ... }: + { + imports = with inputs.self.modules.nixos; [ + boot + console + firewall + fish + locale + nix + security + ssh ]; - shellAliases = { - cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; - ls = "${lib.getExe pkgs.eza} --git --icons --group-directories-first"; - tree = "ls --tree"; + environment = { + systemPackages = with pkgs; [ + git + fastfetch + nixos-firewall-tool + sysz + wget + yazi + ]; + shellAliases = { + cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; + ls = "${lib.getExe pkgs.eza} --git --icons --group-directories-first"; + tree = "ls --tree"; + }; + }; + + programs.command-not-found.enable = false; + + services = { + dbus.implementation = "broker"; + irqbalance.enable = true; + fstrim.enable = true; + tailscale = { + enable = true; + extraUpFlags = [ "--operator=user" ]; + }; }; }; - programs.command-not-found.enable = false; - - services = { - dbus.implementation = "broker"; - irqbalance.enable = true; - fstrim.enable = true; - tailscale = { - enable = true; - extraUpFlags = [ "--operator=user" ]; - }; + homeManager.base = + { ... }: + { + imports = with inputs.self.modules.homeManager; [ + bash + fish + ]; }; - }; + }; } diff --git a/aspects/systems/desktop.nix b/aspects/systems/desktop.nix index 39fd0e0..fb3aa1b 100644 --- a/aspects/systems/desktop.nix +++ b/aspects/systems/desktop.nix @@ -158,7 +158,10 @@ ... }: { - imports = [ inputs.vicinae.homeManagerModules.default ]; + imports = [ + inputs.vicinae.homeManagerModules.default + ] + ++ (with inputs.self.modules.homeManager; [ media ]); fonts.fontconfig.enable = true; From 8b3ab52435811d954744695fcfd1b7dd4dabfda1 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 17:36:28 -0300 Subject: [PATCH 115/138] moved home manager user configuration to dedicated files --- aspects/users/user.nix | 97 ++++++-------------------------- aspects/users/user_io.nix | 32 +++++++++++ aspects/users/user_rotterdam.nix | 35 ++++++++++++ 3 files changed, 84 insertions(+), 80 deletions(-) create mode 100644 aspects/users/user_io.nix create mode 100644 aspects/users/user_rotterdam.nix diff --git a/aspects/users/user.nix b/aspects/users/user.nix index e37c038..e3f8530 100644 --- a/aspects/users/user.nix +++ b/aspects/users/user.nix @@ -1,85 +1,22 @@ -{ inputs, lib, ... }: +{ ... }: { - flake = { - modules.nixos.user = - { pkgs, ... }: - { - users.users.user = { - isNormalUser = true; - shell = pkgs.fish; - extraGroups = [ - "networkmanager" - "wheel" - ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" - ]; - hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; - }; - }; - - homeConfigurations = { - "user@rotterdam" = inputs.home-manager.lib.homeManagerConfiguration { - pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = { - inherit inputs; - hostname = "rotterdam"; - }; - modules = [ - { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - { - home = { - username = "user"; - homeDirectory = "/home/user"; - stateVersion = "22.05"; - }; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) - ] - ++ (with inputs.self.modules.homeManager; [ - # system aspects - base - cli - desktop - gaming - - # other aspects - stylix - niri - ]); - }; - - "user@io" = inputs.home-manager.lib.homeManagerConfiguration { - pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = { - inherit inputs; - hostname = "io"; - }; - modules = [ - { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - { - home = { - username = "user"; - homeDirectory = "/home/user"; - stateVersion = "22.05"; - }; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) - ] - ++ (with inputs.self.modules.homeManager; [ - # system aspects - base - cli - desktop - - # other aspect - stylix - niri - ]); + flake.modules.nixos.user = + { pkgs, ... }: + { + users.users.user = { + isNormalUser = true; + shell = pkgs.fish; + extraGroups = [ + "networkmanager" + "wheel" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + ]; + hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; }; }; - }; } diff --git a/aspects/users/user_io.nix b/aspects/users/user_io.nix new file mode 100644 index 0000000..c956b1c --- /dev/null +++ b/aspects/users/user_io.nix @@ -0,0 +1,32 @@ +{ inputs, lib, ... }: + +{ + flake."user@io" = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { + inherit inputs; + hostname = "io"; + }; + modules = [ + { nixpkgs.overlays = [ inputs.self.overlays.default ]; } + { + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + }; + } + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) + ] + ++ (with inputs.self.modules.homeManager; [ + # system aspects + base + cli + desktop + + # other aspect + stylix + niri + ]); + }; +} diff --git a/aspects/users/user_rotterdam.nix b/aspects/users/user_rotterdam.nix new file mode 100644 index 0000000..56b2dc1 --- /dev/null +++ b/aspects/users/user_rotterdam.nix @@ -0,0 +1,35 @@ +{ inputs, lib, ... }: + +{ + flake.homeConfigurations = { + "user@rotterdam" = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { + inherit inputs; + hostname = "rotterdam"; + }; + modules = [ + { nixpkgs.overlays = [ inputs.self.overlays.default ]; } + { + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + }; + } + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) + ] + ++ (with inputs.self.modules.homeManager; [ + # system aspects + base + cli + desktop + gaming + + # other aspects + stylix + niri + ]); + }; + }; +} From 8ab3f6e2c82974f0842362c85dc2dc40f9fb3f70 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 18:11:28 -0300 Subject: [PATCH 116/138] no more niri-flake --- aspects/base/nix.nix | 5 +- aspects/desktop/niri.nix | 40 +++--- aspects/desktop/web.nix | 3 +- flake.lock | 268 +++++++-------------------------------- flake.nix | 4 - 5 files changed, 66 insertions(+), 254 deletions(-) diff --git a/aspects/base/nix.nix b/aspects/base/nix.nix index 16397a9..8d44d54 100644 --- a/aspects/base/nix.nix +++ b/aspects/base/nix.nix @@ -33,7 +33,10 @@ config = { use_nvd = true; ignore_dirty_tree = true; - apply.reexec_as_root = true; + apply = { + reexec_as_root = true; + use_nom = true; + }; confirmation.empty = "default-yes"; }; }; diff --git a/aspects/desktop/niri.nix b/aspects/desktop/niri.nix index adb3f80..9c87723 100644 --- a/aspects/desktop/niri.nix +++ b/aspects/desktop/niri.nix @@ -1,4 +1,4 @@ -{ inputs, ... }: +{ ... }: { flake.modules = { nixos.niri = @@ -9,18 +9,11 @@ ... }: { - imports = [ inputs.niri-flake.nixosModules.niri ]; - services.greetd.settings = { default_session.command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; }; programs.niri.enable = true; - - xdg.portal.config.niri.default = [ - "gtk" - "gnome" - ]; }; homeManager.niri = { @@ -88,26 +81,27 @@ focus-follows-mouse } + output "LG Electronics LG ULTRAWIDE 206AZFM5E459" { + layout { + preset-column-widths { + proportion 0.33333 + proportion 0.5 + proportion 0.66667 + } + default-column-width { proportion 0.33333; } + } + } + layout { gaps 8 center-focused-column "never" - auto-center-when-space-available + always-center-single-column + empty-workspace-above-first preset-column-widths { - ${ - if isRotterdam then - '' - proportion 0.33333 - proportion 0.5 - proportion 0.66667 - '' - else - '' - proportion 0.5 - proportion 1.0 - '' - } + proportion 0.5 + proportion 1.0 } - default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } + default-column-width { proportion 0.5; } focus-ring { off } diff --git a/aspects/desktop/web.nix b/aspects/desktop/web.nix index f661218..1e4ed1c 100644 --- a/aspects/desktop/web.nix +++ b/aspects/desktop/web.nix @@ -5,12 +5,11 @@ { inputs, pkgs, - system, ... }: { environment.systemPackages = with pkgs; [ - inputs.zen-browser.packages."${system}".default + inputs.zen-browser.packages."${pkgs.system}".default bitwarden-desktop fragments nextcloud-client diff --git a/flake.lock b/flake.lock index 8587eb2..20de064 100644 --- a/flake.lock +++ b/flake.lock @@ -432,86 +432,10 @@ "type": "github" } }, - "niri": { - "inputs": { - "nixpkgs": "nixpkgs_3", - "rust-overlay": "rust-overlay" - }, - "locked": { - "lastModified": 1760963745, - "narHash": "sha256-FVf9YFw2wQnMAxvMxEk+vFakXhPQUSapDpGmlLzAxjg=", - "owner": "baduhai", - "repo": "niri", - "rev": "dd3e3d1009991ecd87ab7253c9e7696acf2bc943", - "type": "github" - }, - "original": { - "owner": "baduhai", - "ref": "auto-center-when-space-available", - "repo": "niri", - "type": "github" - } - }, - "niri-flake": { - "inputs": { - "niri-stable": "niri-stable", - "niri-unstable": "niri-unstable", - "nixpkgs": "nixpkgs_4", - "nixpkgs-stable": "nixpkgs-stable", - "xwayland-satellite-stable": "xwayland-satellite-stable", - "xwayland-satellite-unstable": "xwayland-satellite-unstable" - }, - "locked": { - "lastModified": 1770844822, - "narHash": "sha256-QgJZ+W6YE6nAzO/m7ezamAzr9DTflIEXRozMivL0+hc=", - "owner": "sodiboo", - "repo": "niri-flake", - "rev": "7634add8bf2dd225d04f535de4bd0ee60982f367", - "type": "github" - }, - "original": { - "owner": "sodiboo", - "repo": "niri-flake", - "type": "github" - } - }, - "niri-stable": { - "flake": false, - "locked": { - "lastModified": 1756556321, - "narHash": "sha256-RLD89dfjN0RVO86C/Mot0T7aduCygPGaYbog566F0Qo=", - "owner": "YaLTeR", - "repo": "niri", - "rev": "01be0e65f4eb91a9cd624ac0b76aaeab765c7294", - "type": "github" - }, - "original": { - "owner": "YaLTeR", - "ref": "v25.08", - "repo": "niri", - "type": "github" - } - }, - "niri-unstable": { - "flake": false, - "locked": { - "lastModified": 1770735554, - "narHash": "sha256-8GzUa8bCyQ688jYW2waXrOqetTr7oV8UPTO2He+5Hsg=", - "owner": "YaLTeR", - "repo": "niri", - "rev": "41b5de87692b8262fbdbff7faab93f04ff0be453", - "type": "github" - }, - "original": { - "owner": "YaLTeR", - "repo": "niri", - "type": "github" - } - }, "nix-ai-tools": { "inputs": { "blueprint": "blueprint", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_3", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -568,7 +492,7 @@ "inputs": { "flake-compat": "flake-compat", "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_4", "optnix": "optnix" }, "locked": { @@ -632,22 +556,6 @@ } }, "nixpkgs-stable": { - "locked": { - "lastModified": 1770770419, - "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_2": { "locked": { "lastModified": 1770770419, "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=", @@ -663,38 +571,6 @@ "type": "github" } }, - "nixpkgs_10": { - "locked": { - "lastModified": 1762111121, - "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { - "locked": { - "lastModified": 1769461804, - "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1768564909, @@ -712,38 +588,6 @@ } }, "nixpkgs_3": { - "locked": { - "lastModified": 1757967192, - "narHash": "sha256-/aA9A/OBmnuOMgwfzdsXRusqzUpd8rQnQY8jtrHK+To=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "0d7c15863b251a7a50265e57c1dca1a7add2e291", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1770562336, - "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { "locked": { "lastModified": 1770843696, "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=", @@ -759,7 +603,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_4": { "locked": { "lastModified": 1767151656, "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", @@ -775,7 +619,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_5": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -791,7 +635,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_6": { "locked": { "lastModified": 1770562336, "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", @@ -807,7 +651,7 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_7": { "locked": { "lastModified": 1767767207, "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", @@ -823,6 +667,38 @@ "type": "github" } }, + "nixpkgs_8": { + "locked": { + "lastModified": 1762111121, + "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_9": { + "locked": { + "lastModified": 1769461804, + "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "noctalia": { "inputs": { "nixpkgs": [ @@ -871,7 +747,7 @@ "optnix": { "inputs": { "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1765418479, @@ -895,14 +771,12 @@ "home-manager": "home-manager_2", "impermanence": "impermanence", "import-tree": "import-tree", - "niri": "niri", - "niri-flake": "niri-flake", "nix-ai-tools": "nix-ai-tools", "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_8", - "nixpkgs-stable": "nixpkgs-stable_2", + "nixpkgs": "nixpkgs_6", + "nixpkgs-stable": "nixpkgs-stable", "noctalia": "noctalia", "stylix": "stylix", "terranix": "terranix", @@ -910,27 +784,6 @@ "zen-browser": "zen-browser" } }, - "rust-overlay": { - "inputs": { - "nixpkgs": [ - "niri", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1757989933, - "narHash": "sha256-9cpKYWWPCFhgwQTww8S94rTXgg8Q8ydFv9fXM6I8xQM=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "8249aa3442fb9b45e615a35f39eca2fe5510d7c3", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, "stylix": { "inputs": { "base16": "base16", @@ -940,7 +793,7 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_3", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_7", "nur": "nur", "systems": "systems_3", "tinted-foot": "tinted-foot", @@ -1164,7 +1017,7 @@ }, "vicinae": { "inputs": { - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_8", "systems": "systems_5" }, "locked": { @@ -1181,43 +1034,10 @@ "type": "github" } }, - "xwayland-satellite-stable": { - "flake": false, - "locked": { - "lastModified": 1755491097, - "narHash": "sha256-m+9tUfsmBeF2Gn4HWa6vSITZ4Gz1eA1F5Kh62B0N4oE=", - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "rev": "388d291e82ffbc73be18169d39470f340707edaa", - "type": "github" - }, - "original": { - "owner": "Supreeeme", - "ref": "v0.7", - "repo": "xwayland-satellite", - "type": "github" - } - }, - "xwayland-satellite-unstable": { - "flake": false, - "locked": { - "lastModified": 1770583271, - "narHash": "sha256-Q75S8cEqJoZ92s1y4zArvk2U1ayAy2E4SaF7gbNXkYQ=", - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "rev": "86f5bd5d867ad6e120935dfe825f6b903ebbeddd", - "type": "github" - }, - "original": { - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "type": "github" - } - }, "zen-browser": { "inputs": { "home-manager": "home-manager_4", - "nixpkgs": "nixpkgs_11" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1771000521, diff --git a/flake.nix b/flake.nix index 6026fa3..2036828 100644 --- a/flake.nix +++ b/flake.nix @@ -26,7 +26,6 @@ stylix.url = "github:danth/stylix"; # nixos/hm program modules - niri-flake.url = "github:sodiboo/niri-flake"; nix-ai-tools.url = "github:numtide/llm-agents.nix"; nix-index-database = { url = "github:nix-community/nix-index-database"; @@ -44,9 +43,6 @@ url = "github:terranix/terranix"; inputs.nixpkgs.follows = "nixpkgs"; }; - - # others - niri.url = "github:baduhai/niri/auto-center-when-space-available"; }; outputs = From 71ec638573f13f6cbadd3d6e1e4d49d31fda92eb Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 20:05:34 -0300 Subject: [PATCH 117/138] fix ssh motd; add nvd and nom --- aspects/base/nix.nix | 7 ++++++- aspects/base/ssh.nix | 4 ++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/aspects/base/nix.nix b/aspects/base/nix.nix index 8d44d54..2442024 100644 --- a/aspects/base/nix.nix +++ b/aspects/base/nix.nix @@ -1,7 +1,7 @@ { ... }: { flake.modules.nixos.nix = - { inputs, ... }: + { inputs, pkgs, ... }: { imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; @@ -41,6 +41,11 @@ }; }; + environment.systemPackages = with pkgs; [ + nix-output-monitor + nvd + ]; + system.stateVersion = "22.11"; }; } diff --git a/aspects/base/ssh.nix b/aspects/base/ssh.nix index 03fa556..6569bf0 100644 --- a/aspects/base/ssh.nix +++ b/aspects/base/ssh.nix @@ -13,7 +13,7 @@ }; programs = { bash.interactiveShellInit = '' - if { [ -n "$SSH_CONNECTION" ] && [ -z "$IN_NIX_SHELL" ]; } || [ -z "$TMUX" ]; then + if [ -n "$SSH_CONNECTION" ] && [ -z "$IN_NIX_SHELL" ] && [ -z "$TMUX" ]; then export TERM=xterm-256color clear fastfetch @@ -21,7 +21,7 @@ ''; fish.interactiveShellInit = '' set fish_greeting - if set -q SSH_CONNECTION; and not set -q IN_NIX_SHELL; or not set -q TMUX + if set -q SSH_CONNECTION; and not set -q IN_NIX_SHELL; and not set -q TMUX export TERM=xterm-256color clear fastfetch From 91f37f90230a9a958d31781652944ce2d7e9414d Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 21:05:59 -0300 Subject: [PATCH 118/138] remove claude-desktop pkg --- packages/claude-desktop.nix | 216 ------------------------------------ 1 file changed, 216 deletions(-) delete mode 100644 packages/claude-desktop.nix diff --git a/packages/claude-desktop.nix b/packages/claude-desktop.nix deleted file mode 100644 index c21ec8e..0000000 --- a/packages/claude-desktop.nix +++ /dev/null @@ -1,216 +0,0 @@ -{ inputs, ... }: - -{ - perSystem = - { system, ... }: - let - pkgs = import inputs.nixpkgs { - inherit system; - config.allowUnfree = true; - }; - - pname = "claude-desktop"; - version = "1.0.1768"; - - srcs.x86_64-linux = pkgs.fetchurl { - url = "https://downloads.claude.ai/releases/win32/x64/1.0.1768/Claude-67d01376d0e9d08b328455f6db9e63b0d603506a.exe"; - hash = "sha256-x76Qav38ya3ObpWIq3dDowo79LgvVquMfaZeH8M1LUk=;"; - }; - - src = - srcs.${pkgs.stdenv.hostPlatform.system} - or (throw "Unsupported system: ${pkgs.stdenv.hostPlatform.system}"); - - claudeNativeStub = '' - // Stub implementation of claude-native using KeyboardKey enum values - const KeyboardKey = { - Backspace: 43, Tab: 280, Enter: 261, Shift: 272, Control: 61, Alt: 40, - CapsLock: 56, Escape: 85, Space: 276, PageUp: 251, PageDown: 250, - End: 83, Home: 154, LeftArrow: 175, UpArrow: 282, RightArrow: 262, - DownArrow: 81, Delete: 79, Meta: 187 - }; - Object.freeze(KeyboardKey); - module.exports = { - getWindowsVersion: () => "10.0.0", - setWindowEffect: () => {}, - removeWindowEffect: () => {}, - getIsMaximized: () => false, - flashFrame: () => {}, - clearFlashFrame: () => {}, - showNotification: () => {}, - setProgressBar: () => {}, - clearProgressBar: () => {}, - setOverlayIcon: () => {}, - clearOverlayIcon: () => {}, - KeyboardKey - }; - ''; - in - { - packages.claude-desktop = pkgs.stdenv.mkDerivation rec { - inherit pname version src; - - nativeBuildInputs = with pkgs; [ - makeWrapper - copyDesktopItems - p7zip - unzip - nodejs - graphicsmagick - ]; - - buildInputs = [ pkgs.electron ]; - - desktopItems = [ - (pkgs.makeDesktopItem { - name = "claude-desktop"; - desktopName = "Claude"; - comment = "AI assistant from Anthropic"; - exec = "claude-desktop %u"; - icon = "claude-desktop"; - categories = [ - "Network" - "Chat" - "Office" - ]; - mimeTypes = [ "x-scheme-handler/claude" ]; - startupNotify = true; - startupWMClass = "Claude"; - }) - ]; - - unpackPhase = '' - runHook preUnpack - - # Extract the Windows installer - use -y to auto-overwrite - 7z x -y $src -o./extracted - - # The installer contains a NuGet package - if [ -f ./extracted/AnthropicClaude-*-full.nupkg ]; then - echo "Found NuGet package, extracting..." - # NuGet packages are just zip files - unzip -q ./extracted/AnthropicClaude-*-full.nupkg -d ./nupkg - - # Extract app.asar to modify it - if [ -f ./nupkg/lib/net45/resources/app.asar ]; then - echo "Extracting app.asar..." - ${pkgs.asar}/bin/asar extract ./nupkg/lib/net45/resources/app.asar ./app - - # Also copy the unpacked resources - if [ -d ./nupkg/lib/net45/resources/app.asar.unpacked ]; then - cp -r ./nupkg/lib/net45/resources/app.asar.unpacked/* ./app/ - fi - - # Copy additional resources - mkdir -p ./app/resources - mkdir -p ./app/resources/i18n - cp ./nupkg/lib/net45/resources/Tray* ./app/resources/ || true - cp ./nupkg/lib/net45/resources/*-*.json ./app/resources/i18n/ || true - fi - else - echo "NuGet package not found" - ls -la ./extracted/ - exit 1 - fi - - runHook postUnpack - ''; - - buildPhase = '' - runHook preBuild - - # Replace the Windows-specific claude-native module with a stub - if [ -d ./app/node_modules/claude-native ]; then - echo "Replacing claude-native module with Linux stub..." - rm -rf ./app/node_modules/claude-native/*.node - cat > ./app/node_modules/claude-native/index.js << 'EOF' - ${claudeNativeStub} - EOF - fi - - # Fix the title bar detection (from aaddrick script) - echo "Fixing title bar detection..." - SEARCH_BASE="./app/.vite/renderer/main_window/assets" - if [ -d "$SEARCH_BASE" ]; then - TARGET_FILE=$(find "$SEARCH_BASE" -type f -name "MainWindowPage-*.js" | head -1) - if [ -n "$TARGET_FILE" ]; then - echo "Found target file: $TARGET_FILE" - # Replace patterns like 'if(!VAR1 && VAR2)' with 'if(VAR1 && VAR2)' - sed -i -E 's/if\(!([a-zA-Z]+)[[:space:]]*&&[[:space:]]*([a-zA-Z]+)\)/if(\1 \&\& \2)/g' "$TARGET_FILE" - echo "Title bar fix applied" - fi - fi - - runHook postBuild - ''; - - installPhase = '' - runHook preInstall - - mkdir -p $out/lib/claude-desktop - - # Repack the modified app as app.asar - cd ./app - ${pkgs.asar}/bin/asar pack . ../app.asar - cd .. - - # Copy resources - mkdir -p $out/lib/claude-desktop/resources - cp ./app.asar $out/lib/claude-desktop/resources/ - - # Create app.asar.unpacked directory with the stub - mkdir -p $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native - cat > $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native/index.js << 'EOF' - ${claudeNativeStub} - EOF - - # Copy other resources - if [ -d ./nupkg/lib/net45/resources ]; then - cp ./nupkg/lib/net45/resources/*.png $out/lib/claude-desktop/resources/ 2>/dev/null || true - cp ./nupkg/lib/net45/resources/*.ico $out/lib/claude-desktop/resources/ 2>/dev/null || true - cp ./nupkg/lib/net45/resources/*.json $out/lib/claude-desktop/resources/ 2>/dev/null || true - fi - - # Create wrapper script - makeWrapper ${pkgs.electron}/bin/electron $out/bin/claude-desktop \ - --add-flags "$out/lib/claude-desktop/resources/app.asar" \ - --set DISABLE_AUTOUPDATER 1 \ - --set NODE_ENV production - - # Extract and install icons in multiple sizes - if [ -f ./extracted/setupIcon.ico ]; then - echo "Converting and installing icons..." - # Count frames in the ICO file and extract each one - frame_count=$(gm identify ./extracted/setupIcon.ico | wc -l) - for i in $(seq 0 $((frame_count - 1))); do - gm convert "./extracted/setupIcon.ico[$i]" "./extracted/setupIcon-$i.png" 2>/dev/null || true - done - - # Loop through converted icons and install them by size - for img in ./extracted/setupIcon-*.png; do - if [ -f "$img" ]; then - size=$(gm identify -format "%wx%h" "$img") - # Skip smallest icons (16x16 and 32x32) as they're too low quality - if [ "$size" != "16x16" ] && [ "$size" != "32x32" ]; then - mkdir -p "$out/share/icons/hicolor/$size/apps" - cp "$img" "$out/share/icons/hicolor/$size/apps/claude-desktop.png" - fi - fi - done - fi - - runHook postInstall - ''; - - meta = with pkgs.lib; { - description = "Claude Desktop - AI assistant from Anthropic"; - homepage = "https://claude.ai"; - license = licenses.unfree; - sourceProvenance = with sourceTypes; [ binaryNativeCode ]; - maintainers = [ ]; - platforms = [ "x86_64-linux" ]; - mainProgram = "claude-desktop"; - }; - }; - }; -} From 10f823a3a6821f8de4f37b030e4af05a4e5349ac Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 22:21:33 -0300 Subject: [PATCH 119/138] lxc support for alexandria --- aspects/hosts/alexandria.nix | 1 + aspects/lxc.nix | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 aspects/lxc.nix diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index 57fdf5f..c0c9f32 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -27,6 +27,7 @@ # other aspects fwupd + lxc ]); }; } diff --git a/aspects/lxc.nix b/aspects/lxc.nix new file mode 100644 index 0000000..15da310 --- /dev/null +++ b/aspects/lxc.nix @@ -0,0 +1,17 @@ +{ ... }: + +{ + flake.modules.nixos.lxc = + { + config, + lib, + pkgs, + ... + }: + { + virtualisation.lxc = { + enable = true; + unprivilegedContainers = true; + }; + }; +} From fe460c9151c87b46c9ebcca327c09fb883fef8d9 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 23:01:25 -0300 Subject: [PATCH 120/138] fix secrets locations --- aspects/hosts/_alexandria/nextcloud.nix | 7 +++---- aspects/hosts/_alexandria/nginx.nix | 2 +- aspects/hosts/_trantor/nginx.nix | 2 +- aspects/hosts/alexandria.nix | 2 +- 4 files changed, 6 insertions(+), 7 deletions(-) diff --git a/aspects/hosts/_alexandria/nextcloud.nix b/aspects/hosts/_alexandria/nextcloud.nix index c4a9669..cb9f2ac 100644 --- a/aspects/hosts/_alexandria/nextcloud.nix +++ b/aspects/hosts/_alexandria/nextcloud.nix @@ -1,8 +1,7 @@ { - lib, config, - pkgs, inputs, + pkgs, ... }: @@ -83,12 +82,12 @@ in age.secrets = { "nextcloud-secrets.json" = { - file = ../../../secrets/nextcloud-secrets.json.age; + file = "${inputs.self}/secrets/nextcloud-secrets.json.age"; owner = "nextcloud"; group = "nextcloud"; }; nextcloud-adminpass = { - file = ../../../secrets/nextcloud-adminpass.age; + file = "${inputs.self}/secrets/nextcloud-adminpass.age"; owner = "nextcloud"; group = "nextcloud"; }; diff --git a/aspects/hosts/_alexandria/nginx.nix b/aspects/hosts/_alexandria/nginx.nix index 26a7ba1..087faf4 100644 --- a/aspects/hosts/_alexandria/nginx.nix +++ b/aspects/hosts/_alexandria/nginx.nix @@ -51,7 +51,7 @@ in ]; age.secrets.cloudflare = { - file = ../../../secrets/cloudflare.age; + file = "${inputs.self}/secrets/cloudflare.age"; owner = "nginx"; group = "nginx"; }; diff --git a/aspects/hosts/_trantor/nginx.nix b/aspects/hosts/_trantor/nginx.nix index 899666e..eccfb12 100644 --- a/aspects/hosts/_trantor/nginx.nix +++ b/aspects/hosts/_trantor/nginx.nix @@ -51,7 +51,7 @@ in ]; age.secrets.cloudflare = { - file = ../../../secrets/cloudflare.age; + file = "${inputs.self}/secrets/cloudflare.age"; owner = "nginx"; group = "nginx"; }; diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index c0c9f32..f10dfe7 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -27,7 +27,7 @@ # other aspects fwupd - lxc + podman ]); }; } From 657e1e4697c22f4f82985844b3d8ad2535e6ec49 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 16 Feb 2026 00:07:36 -0300 Subject: [PATCH 121/138] fix forgejo on trantor --- aspects/hosts/_trantor/forgejo.nix | 7 ++++++- aspects/hosts/_trantor/nginx.nix | 2 -- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/aspects/hosts/_trantor/forgejo.nix b/aspects/hosts/_trantor/forgejo.nix index 1112622..6d702e2 100644 --- a/aspects/hosts/_trantor/forgejo.nix +++ b/aspects/hosts/_trantor/forgejo.nix @@ -21,6 +21,8 @@ in ROOT_URL = "https://git.baduhai.dev"; OFFLINE_MODE = true; # disable use of CDNs SSH_DOMAIN = "git.baduhai.dev"; + SSH_USER = "forgejo"; + SSH_PORT = lib.head config.services.openssh.ports; }; log.LEVEL = "Warn"; mailer.ENABLED = false; @@ -67,5 +69,8 @@ in }; # Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories - systemd.services.forgejo.serviceConfig.PrivateMounts = lib.mkForce false; + systemd.services.forgejo.serviceConfig = { + PrivateMounts = lib.mkForce false; + ProtectSystem = lib.mkForce false; + }; } diff --git a/aspects/hosts/_trantor/nginx.nix b/aspects/hosts/_trantor/nginx.nix index eccfb12..24f96c3 100644 --- a/aspects/hosts/_trantor/nginx.nix +++ b/aspects/hosts/_trantor/nginx.nix @@ -8,10 +8,8 @@ let services = inputs.self.services; - # Get all unique domains from shared services on trantor (host = "trantor") localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "trantor") services)); - # Generate ACME cert configs for all local domains acmeCerts = lib.genAttrs localDomains (domain: { group = "nginx"; }); From bea47712721aa49dd0fc27c5f3640f812db30dea Mon Sep 17 00:00:00 2001 From: William Date: Mon, 16 Feb 2026 01:05:30 -0300 Subject: [PATCH 122/138] lxc on alexandria again --- aspects/hosts/alexandria.nix | 2 +- aspects/lxc.nix | 11 ++++++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index f10dfe7..c0c9f32 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -27,7 +27,7 @@ # other aspects fwupd - podman + lxc ]); }; } diff --git a/aspects/lxc.nix b/aspects/lxc.nix index 15da310..4225e0c 100644 --- a/aspects/lxc.nix +++ b/aspects/lxc.nix @@ -9,9 +9,14 @@ ... }: { - virtualisation.lxc = { - enable = true; - unprivilegedContainers = true; + virtualisation = { + lxc = { + enable = true; + unprivilegedContainers = true; + }; + incus.enable = true; }; + + users.users.user.extraGroups = [ "incus-admin" ]; }; } From 19ecca4ea808e845e1db52d79ac3cbbbddfe647e Mon Sep 17 00:00:00 2001 From: William Date: Mon, 16 Feb 2026 11:59:32 -0300 Subject: [PATCH 123/138] add niri-auto-centre script --- aspects/desktop/niri.nix | 1 + packages/hm-cli.nix | 2 -- packages/niri-auto-centre.nix | 32 ++++++++++++++++++++++++++++++++ 3 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 packages/niri-auto-centre.nix diff --git a/aspects/desktop/niri.nix b/aspects/desktop/niri.nix index 9c87723..bc99482 100644 --- a/aspects/desktop/niri.nix +++ b/aspects/desktop/niri.nix @@ -123,6 +123,7 @@ } spawn-at-startup "noctalia-shell" "-d" + spawn-at-startup "${lib.getExe pkgs.niri-auto-centre}" layer-rule { match namespace="^noctalia-overview*" place-within-backdrop true diff --git a/packages/hm-cli.nix b/packages/hm-cli.nix index 94dae66..59f4b4f 100644 --- a/packages/hm-cli.nix +++ b/packages/hm-cli.nix @@ -5,8 +5,6 @@ { pkgs, ... }: { packages.hm-cli = pkgs.writeShellScriptBin "hm" '' - set -e - HM="${pkgs.lib.getExe pkgs.home-manager}" FLAKE_PATH="''${HM_PATH:-$HOME/.config/home-manager}" FLAKE_OUTPUT="''${HM_USER:-$(whoami)@$(hostname)}" diff --git a/packages/niri-auto-centre.nix b/packages/niri-auto-centre.nix new file mode 100644 index 0000000..dd7b04c --- /dev/null +++ b/packages/niri-auto-centre.nix @@ -0,0 +1,32 @@ +{ ... }: + +{ + perSystem = + { pkgs, ... }: + { + packages.niri-auto-centre = pkgs.writeShellApplication { + name = "niri-auto-centre"; + runtimeInputs = [ pkgs.jq ]; + text = '' + while true; do + ACTIVE_WORKSPACE=$(niri msg --json workspaces | jq -r '.[] | select(.is_active == true)') + WORKSPACE_ID=$(echo "$ACTIVE_WORKSPACE" | jq -r '.id') + OUTPUT_NAME=$(echo "$ACTIVE_WORKSPACE" | jq -r '.output') + + MONITOR_WIDTH=$(niri msg --json outputs | jq -r ".\"$OUTPUT_NAME\".logical.width") + + SUMMED_TILE_WIDTH=$(niri msg --json windows | jq --argjson wid "$WORKSPACE_ID" -r ' + [.[] | select(.workspace_id == $wid) | {col: .layout.pos_in_scrolling_layout[0], width: .layout.tile_size[0]}] + | group_by(.col) | map(first.width) | add + ') + + if awk "BEGIN {exit !($SUMMED_TILE_WIDTH < $MONITOR_WIDTH)}"; then + niri msg action center-visible-columns + fi + + sleep 0.1 + done + ''; + }; + }; +} From cd16985ddc763de89bc3eda4aeb9445b6cb059ee Mon Sep 17 00:00:00 2001 From: William Date: Tue, 17 Feb 2026 13:53:57 -0300 Subject: [PATCH 124/138] use determinate nix --- aspects/base/nix.nix | 31 +-- flake.lock | 444 +++++++++++++++++++++++++++++++------------ flake.nix | 1 + 3 files changed, 340 insertions(+), 136 deletions(-) diff --git a/aspects/base/nix.nix b/aspects/base/nix.nix index 2442024..29feff8 100644 --- a/aspects/base/nix.nix +++ b/aspects/base/nix.nix @@ -3,24 +3,25 @@ flake.modules.nixos.nix = { inputs, pkgs, ... }: { - imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; + imports = [ + inputs.nixos-cli.nixosModules.nixos-cli + inputs.determinate.nixosModules.default + ]; - nix = { - settings = { - auto-optimise-store = true; - connect-timeout = 10; - log-lines = 25; - min-free = 128000000; - max-free = 1000000000; - trusted-users = [ "@wheel" ]; - }; - extraOptions = "experimental-features = nix-command flakes"; - gc = { - automatic = true; - options = "--delete-older-than 8d"; - }; + nix.gc = { + automatic = true; + options = "--delete-older-than 8d"; }; + environment.etc."nix/nix.custom.conf".text = '' + auto-optimise-store = true + connect-timeout = 10 + log-lines = 25 + min-free = 128000000 + max-free = 1000000000 + trusted-users = @wheel + ''; + nixpkgs.config = { allowUnfree = true; enableParallelBuilding = true; diff --git a/flake.lock b/flake.lock index 20de064..8b17f1e 100644 --- a/flake.lock +++ b/flake.lock @@ -135,9 +135,66 @@ "type": "github" } }, + "determinate": { + "inputs": { + "determinate-nixd-aarch64-darwin": "determinate-nixd-aarch64-darwin", + "determinate-nixd-aarch64-linux": "determinate-nixd-aarch64-linux", + "determinate-nixd-x86_64-linux": "determinate-nixd-x86_64-linux", + "nix": "nix", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1771014593, + "narHash": "sha256-NrCFwn20ewJwy/SZoREs+XylerizPCYP54n9qkr31/E=", + "rev": "69b4ff80ae2bbdd1e3f02ccd76a5f2988b118ed2", + "revCount": 397, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.16.0/019c58b5-64dc-77f9-b913-8738b7d338cc/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/DeterminateSystems/determinate/%2A" + } + }, + "determinate-nixd-aarch64-darwin": { + "flake": false, + "locked": { + "narHash": "sha256-PUo0u1iNMB8eTlBNFMCW8/UAn1sGKGqsIYlXaDRhx00=", + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/macOS" + }, + "original": { + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/macOS" + } + }, + "determinate-nixd-aarch64-linux": { + "flake": false, + "locked": { + "narHash": "sha256-jiIWiM88xkEpBQeohSxhl83fn2xoZY0nFkrW6CUAIAI=", + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/aarch64-linux" + }, + "original": { + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/aarch64-linux" + } + }, + "determinate-nixd-x86_64-linux": { + "flake": false, + "locked": { + "narHash": "sha256-qF/NNdHwh3tAHrKIOz2FRq5Q8GcSMzJeEY/PFvGf5vo=", + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/x86_64-linux" + }, + "original": { + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/x86_64-linux" + } + }, "disko": { "inputs": { - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1769524058, @@ -170,6 +227,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1767039857, @@ -185,7 +258,7 @@ "type": "github" } }, - "flake-compat_2": { + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1747046372, @@ -202,6 +275,27 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "determinate", + "nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748821116, + "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=", + "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1", + "revCount": 377, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/hercules-ci/flake-parts/0.1.377%2Brev-49f0870db23e8c1ca0b5259734a02cd9e1e371a1/01972f28-554a-73f8-91f4-d488cc502f08/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/hercules-ci/flake-parts/0.1" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, @@ -219,7 +313,7 @@ "type": "github" } }, - "flake-parts_2": { + "flake-parts_3": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_2" }, @@ -237,7 +331,7 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -258,7 +352,7 @@ "type": "github" } }, - "flake-parts_4": { + "flake-parts_5": { "inputs": { "nixpkgs-lib": [ "terranix", @@ -295,6 +389,32 @@ "type": "github" } }, + "git-hooks-nix": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": [ + "determinate", + "nix" + ], + "nixpkgs": [ + "determinate", + "nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747372754, + "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", + "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", + "revCount": 1026, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/cachix/git-hooks.nix/0.1.1026%2Brev-80479b6ec16fefd9c1db3ea13aeb038c60530f46/0196d79a-1b35-7b8e-a021-c894fb62163d/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/cachix/git-hooks.nix/0.1.941" + } + }, "gnome-shell": { "flake": false, "locked": { @@ -401,7 +521,7 @@ "impermanence": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1769548169, @@ -432,10 +552,31 @@ "type": "github" } }, + "nix": { + "inputs": { + "flake-parts": "flake-parts", + "git-hooks-nix": "git-hooks-nix", + "nixpkgs": "nixpkgs", + "nixpkgs-23-11": "nixpkgs-23-11", + "nixpkgs-regression": "nixpkgs-regression" + }, + "locked": { + "lastModified": 1771010067, + "narHash": "sha256-Itk88UC3CxjGjjAb20KI6KrM9tRoGEpbv996fXwAWGo=", + "rev": "5c670e37e884c43e1da0405075c9b9c83d316a6c", + "revCount": 24629, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.16.0/019c589d-45e9-7337-9ff0-a8d78fecf63f/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/DeterminateSystems/nix-src/%2A" + } + }, "nix-ai-tools": { "inputs": { "blueprint": "blueprint", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_5", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -490,9 +631,9 @@ }, "nixos-cli": { "inputs": { - "flake-compat": "flake-compat", - "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_4", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts_3", + "nixpkgs": "nixpkgs_6", "optnix": "optnix" }, "locked": { @@ -511,17 +652,31 @@ }, "nixpkgs": { "locked": { - "lastModified": 1769330179, - "narHash": "sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv+6jcvA212M=", + "lastModified": 1761597516, + "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", + "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55", + "revCount": 811874, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.811874%2Brev-daf6dc47aa4b44791372d6139ab7b25269184d55/019a3494-3498-707e-9086-1fb81badc7fe/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/NixOS/nixpkgs/0.2505" + } + }, + "nixpkgs-23-11": { + "locked": { + "lastModified": 1717159533, + "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "48698d12cc10555a4f3e3222d9c669b884a49dfe", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", "repo": "nixpkgs", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", "type": "github" } }, @@ -555,6 +710,22 @@ "type": "github" } }, + "nixpkgs-regression": { + "locked": { + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1770770419, @@ -571,103 +742,7 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1768564909, - "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1770843696, - "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2343bbb58f99267223bc2aac4fc9ea301a155a16", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1767151656, - "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f665af0cdb70ed27e1bd8f9fdfecaf451260fc55", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { - "locked": { - "lastModified": 1759070547, - "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "647e5c14cbd5067f44ac86b74f014962df460840", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { - "locked": { - "lastModified": 1770562336, - "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_7": { - "locked": { - "lastModified": 1767767207, - "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_8": { + "nixpkgs_10": { "locked": { "lastModified": 1762111121, "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", @@ -683,7 +758,7 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_11": { "locked": { "lastModified": 1769461804, "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", @@ -699,6 +774,132 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1770537093, + "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", + "rev": "fef9403a3e4d31b0a23f0bacebbec52c248fbb51", + "revCount": 942631, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nixpkgs-weekly/0.1.942631%2Brev-fef9403a3e4d31b0a23f0bacebbec52c248fbb51/019c4621-ce4f-799f-82f6-b3b29f099b09/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/DeterminateSystems/nixpkgs-weekly/0.1" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1769330179, + "narHash": "sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv+6jcvA212M=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "48698d12cc10555a4f3e3222d9c669b884a49dfe", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1768564909, + "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1770843696, + "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2343bbb58f99267223bc2aac4fc9ea301a155a16", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1767151656, + "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f665af0cdb70ed27e1bd8f9fdfecaf451260fc55", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_7": { + "locked": { + "lastModified": 1759070547, + "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "647e5c14cbd5067f44ac86b74f014962df460840", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { + "locked": { + "lastModified": 1770562336, + "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_9": { + "locked": { + "lastModified": 1767767207, + "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "noctalia": { "inputs": { "nixpkgs": [ @@ -746,8 +947,8 @@ }, "optnix": { "inputs": { - "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs_5" + "flake-compat": "flake-compat_3", + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1765418479, @@ -766,8 +967,9 @@ "root": { "inputs": { "agenix": "agenix", + "determinate": "determinate", "disko": "disko", - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "home-manager": "home-manager_2", "impermanence": "impermanence", "import-tree": "import-tree", @@ -775,7 +977,7 @@ "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_8", "nixpkgs-stable": "nixpkgs-stable", "noctalia": "noctalia", "stylix": "stylix", @@ -791,9 +993,9 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_4", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_9", "nur": "nur", "systems": "systems_3", "tinted-foot": "tinted-foot", @@ -893,7 +1095,7 @@ }, "terranix": { "inputs": { - "flake-parts": "flake-parts_4", + "flake-parts": "flake-parts_5", "nixpkgs": [ "nixpkgs" ], @@ -1017,7 +1219,7 @@ }, "vicinae": { "inputs": { - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_10", "systems": "systems_5" }, "locked": { @@ -1037,7 +1239,7 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_4", - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_11" }, "locked": { "lastModified": 1771000521, diff --git a/flake.nix b/flake.nix index 2036828..c2f801c 100644 --- a/flake.nix +++ b/flake.nix @@ -5,6 +5,7 @@ # nix tools flake-parts.url = "github:hercules-ci/flake-parts"; import-tree.url = "github:vic/import-tree"; + determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*"; # nixos/hm nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; From 385586a376cdb9a78c0fb96a93d60f93b3957b69 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 17 Feb 2026 14:03:58 -0300 Subject: [PATCH 125/138] add vagrant to libvirtd aspect; add libvirtd aspect to alexandria --- aspects/hosts/alexandria.nix | 2 +- aspects/libvirtd.nix | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index c0c9f32..55867fa 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -27,7 +27,7 @@ # other aspects fwupd - lxc + libvirtd ]); }; } diff --git a/aspects/libvirtd.nix b/aspects/libvirtd.nix index 1135306..a21a23d 100644 --- a/aspects/libvirtd.nix +++ b/aspects/libvirtd.nix @@ -15,6 +15,8 @@ programs.virt-manager.enable = true; + environment.systemPackages = with pkgs; [ vagrant ]; + networking.firewall.trustedInterfaces = [ "virbr0" ]; users.users.user.extraGroups = [ From 79a6bd53bfa9e849bfbd0aa1e6b8340bed1171fc Mon Sep 17 00:00:00 2001 From: William Date: Tue, 17 Feb 2026 14:56:42 -0300 Subject: [PATCH 126/138] lima instead of vagrant --- aspects/libvirtd.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspects/libvirtd.nix b/aspects/libvirtd.nix index a21a23d..360743d 100644 --- a/aspects/libvirtd.nix +++ b/aspects/libvirtd.nix @@ -15,7 +15,7 @@ programs.virt-manager.enable = true; - environment.systemPackages = with pkgs; [ vagrant ]; + environment.systemPackages = with pkgs; [ lima ]; networking.firewall.trustedInterfaces = [ "virbr0" ]; From 561fdf5ef45d835c8948f6a9d644e165d92660b5 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 18 Feb 2026 16:08:53 -0300 Subject: [PATCH 127/138] 'system' has been renamed to/replaced by 'stdenv.hostPlatform.system' --- aspects/ai.nix | 2 +- aspects/desktop/niri.nix | 2 +- aspects/desktop/web.nix | 2 +- shells/default.nix | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/aspects/ai.nix b/aspects/ai.nix index 3431ddd..e3016e6 100644 --- a/aspects/ai.nix +++ b/aspects/ai.nix @@ -5,7 +5,7 @@ { environment.systemPackages = (with pkgs; [ ]) - ++ (with inputs.nix-ai-tools.packages.${pkgs.system}; [ + ++ (with inputs.nix-ai-tools.packages.${pkgs.stdenv.hostPlatform.system}; [ claude-code claudebox opencode diff --git a/aspects/desktop/niri.nix b/aspects/desktop/niri.nix index bc99482..9408097 100644 --- a/aspects/desktop/niri.nix +++ b/aspects/desktop/niri.nix @@ -48,7 +48,7 @@ home = { packages = with pkgs; [ xwayland-satellite - inputs.noctalia.packages.${pkgs.system}.default + inputs.noctalia.packages.${pkgs.stdenv.hostPlatform.system}.default ]; sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; }; diff --git a/aspects/desktop/web.nix b/aspects/desktop/web.nix index 1e4ed1c..8fb960a 100644 --- a/aspects/desktop/web.nix +++ b/aspects/desktop/web.nix @@ -9,7 +9,7 @@ }: { environment.systemPackages = with pkgs; [ - inputs.zen-browser.packages."${pkgs.system}".default + inputs.zen-browser.packages."${pkgs.stdenv.hostPlatform.system}".default bitwarden-desktop fragments nextcloud-client diff --git a/shells/default.nix b/shells/default.nix index a7cda20..d9eb50b 100644 --- a/shells/default.nix +++ b/shells/default.nix @@ -6,7 +6,7 @@ { devShells.default = pkgs.mkShell { packages = with pkgs; [ - inputs.agenix.packages.${system}.default + inputs.agenix.packages.${stdenv.hostPlatform.system}.default nil nixfmt ]; From 80b1246ad87b6a0f48f4629158bbb4c312faa0a7 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 18 Feb 2026 16:18:07 -0300 Subject: [PATCH 128/138] new readme --- readme.md | 130 ++++++++++++++++++++++++------------------------------ 1 file changed, 58 insertions(+), 72 deletions(-) diff --git a/readme.md b/readme.md index a2b815f..554c5bc 100644 --- a/readme.md +++ b/readme.md @@ -1,87 +1,73 @@ -# Nix Configuration +# NixOS Flake Configuration -My personal Nix configuration for multiple NixOS hosts, home-manager users, miscellaneous resources... too many things to list. If I could put my life in a flake I would. +Modular NixOS configuration using flake-parts with the [dendritic](https://github.com/gytis-ivaskevicius/dendritic) pattern. + +## Structure + +``` +. +├── aspects/ # Reusable NixOS/home-manager modules (dendritic) +│ ├── base/ # Base system configuration +│ ├── hosts/ # Host-specific configurations +│ │ ├── _alexandria/ +│ │ ├── _io/ +│ │ ├── _rotterdam/ +│ │ └── _trantor/ +│ ├── systems/ # System type modules (desktop, server, cli, gaming) +│ └── users/ # User account configurations +├── data/ # Shared host/service definitions +├── packages/ # Custom packages and overlays +├── shells/ # Shell configurations +└── terranix/ # Terraform configurations for cloud resources +``` ## Hosts -### Desktop Systems -- **rotterdam** - Main desktop workstation (x86_64) - - Features: Desktop, AI tools, Bluetooth, Dev environment, Gaming, Virtualization (libvirtd), Podman - - Storage: Ephemeral root with LUKS encryption - -- **io** - Laptop workstation (x86_64) - - Features: Desktop, AI tools, Bluetooth, Dev environment, Podman - - Storage: Ephemeral root with LUKS encryption - -### Servers -- **alexandria** - Home server (x86_64) - - Hosts: Nextcloud, Vaultwarden, Jellyfin, Kanidm - -- **trantor** - Cloud server (aarch64) - - Hosts: Forgejo - - Cloud provider: Oracle Cloud Infrastructure - - Storage: Ephemeral root with btrfs - -## Home Manager Configurations - -- **user@rotterdam** - Full desktop setup with gaming, OBS, and complete development environment -- **user@io** - Lightweight desktop setup - -Both configurations include: -- btop, direnv, helix, starship, tmux -- Stylix theme management -- Fish shell with custom configurations - -## Terranix Configurations - -Infrastructure as code using Terranix (NixOS + Terraform/OpenTofu): - -- **oci-trantor** - Oracle Cloud Infrastructure provisioning for Trantor server -- **cloudflare-baduhaidev** - DNS and CDN configuration for baduhai.dev domain -- **tailscale-tailnet** - Tailscale network ACL and device management +| Host | Architecture | Type | Description | +|------|--------------|------|-------------| +| trantor | aarch64-linux | server | ARM server running Forgejo | +| alexandria | x86_64-linux | server | x86 server (Kanidm, Vaultwarden, Nextcloud, Jellyfin) | +| rotterdam | x86_64-linux | desktop | Gaming desktop with GPU passthrough | +| io | x86_64-linux | desktop | Workstation | ## Services -All services are accessible via custom domains under baduhai.dev: +- **git.baduhai.dev** (Forgejo) - Publicly accessible on trantor -- **Kanidm** (auth.baduhai.dev) - Identity and access management -- **Vaultwarden** (pass.baduhai.dev) - Password manager -- **Forgejo** (git.baduhai.dev) - Git forge (publicly accessible) -- **Nextcloud** (cloud.baduhai.dev) - File sync and collaboration -- **Jellyfin** (jellyfin.baduhai.dev) - Media server +Other services (LAN/Tailscale only): Kanidm, Vaultwarden, Nextcloud, Jellyfin -Services are accessible via: -- LAN for alexandria-hosted services -- Tailscale VPN for all services -- Public internet for Forgejo only +## Features -## Notable Features +- **Ephemeral root**: Automatic btrfs subvolume rollover with impermanence +- **Secrets**: Managed via agenix with age encryption +- **Disk management**: disko for declarative disk partitioning +- **Modular architecture**: Each aspect is a separate module imported via import-tree +- **Dendritic pattern**: Aspects are imported as a unified flake module -### Ephemeral Root -Rotterdam, io, and trantor use an ephemeral root filesystem that resets on every boot: -- Root filesystem is automatically rolled back using btrfs snapshots -- Old snapshots retained for 30 days -- Persistent data stored in dedicated subvolumes -- Implements truly stateless systems +## Building -### Custom DNS Architecture -- Unbound DNS servers on both alexandria and trantor -- Service routing based on visibility flags (public/LAN/Tailscale) -- Split-horizon DNS for optimal access paths +```bash +# Build specific host +nix build .#nixosConfigurations.trantor.config.system.build.toplevel -### Security -- LUKS full-disk encryption on desktop systems -- Fail2ban on public-facing servers -- agenix for secrets management -- Tailscale for secure remote access +# Rebuild host (if using nixos-cli on the host) +sudo nixos apply +``` -### Desktop Environment -- Custom Niri window manager (Wayland compositor) -- Using forked version with auto-centering feature -- Stylix for consistent theming +## Terranix -### Development Setup -- Nix flakes for reproducible builds -- deploy-rs for automated deployments -- Podman for containerization -- Complete AI tooling integration +Terraform configurations for cloud infrastructure managed via terranix: + +- baduhai.dev DNS +- Cloudflare tunnel endpoints +- Tailscale subnet routers + +## Key Dependencies + +- nixpkgs (nixos-unstable for workstations, nixos for servers) +- home-manager +- agenix +- disko +- impermanence +- nix-flatpak +- nixos-cli From 1f9812fea0450f3bbf232bc20fb568094e71cc12 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 19 Feb 2026 07:05:48 -0300 Subject: [PATCH 129/138] improve homeConfigurations files --- aspects/users/user_io.nix | 4 +-- aspects/users/user_rotterdam.nix | 56 +++++++++++++++----------------- 2 files changed, 29 insertions(+), 31 deletions(-) diff --git a/aspects/users/user_io.nix b/aspects/users/user_io.nix index c956b1c..a8fa675 100644 --- a/aspects/users/user_io.nix +++ b/aspects/users/user_io.nix @@ -1,7 +1,7 @@ { inputs, lib, ... }: { - flake."user@io" = inputs.home-manager.lib.homeManagerConfiguration { + flake.homeConfigurations."user@io" = { pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; extraSpecialArgs = { inherit inputs; @@ -24,7 +24,7 @@ cli desktop - # other aspect + # other aspects stylix niri ]); diff --git a/aspects/users/user_rotterdam.nix b/aspects/users/user_rotterdam.nix index 56b2dc1..36f512d 100644 --- a/aspects/users/user_rotterdam.nix +++ b/aspects/users/user_rotterdam.nix @@ -1,35 +1,33 @@ { inputs, lib, ... }: { - flake.homeConfigurations = { - "user@rotterdam" = inputs.home-manager.lib.homeManagerConfiguration { - pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = { - inherit inputs; - hostname = "rotterdam"; - }; - modules = [ - { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - { - home = { - username = "user"; - homeDirectory = "/home/user"; - stateVersion = "22.05"; - }; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) - ] - ++ (with inputs.self.modules.homeManager; [ - # system aspects - base - cli - desktop - gaming - - # other aspects - stylix - niri - ]); + flake.homeConfigurations."user@rotterdam" = { + pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { + inherit inputs; + hostname = "rotterdam"; }; + modules = [ + { nixpkgs.overlays = [ inputs.self.overlays.default ]; } + { + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + }; + } + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) + ] + ++ (with inputs.self.modules.homeManager; [ + # system aspects + base + cli + desktop + gaming + + # other aspects + stylix + niri + ]); }; } From d51f6f14db38b6780f2b4b9f11ad406aae8e6644 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 19 Feb 2026 08:08:27 -0300 Subject: [PATCH 130/138] created mkHost and mkHomeConfiguration --- aspects/constants.nix | 82 +++++++++++++++++++++++++++++++- aspects/hosts/alexandria.nix | 36 +++++--------- aspects/hosts/io.nix | 41 +++++----------- aspects/hosts/rotterdam.nix | 39 +++++---------- aspects/hosts/trantor.nix | 43 ++++++----------- aspects/users/user.nix | 63 ++++++++++++++++++------ aspects/users/user_io.nix | 32 ------------- aspects/users/user_rotterdam.nix | 33 ------------- 8 files changed, 178 insertions(+), 191 deletions(-) delete mode 100644 aspects/users/user_io.nix delete mode 100644 aspects/users/user_rotterdam.nix diff --git a/aspects/constants.nix b/aspects/constants.nix index 7d77098..5a82660 100644 --- a/aspects/constants.nix +++ b/aspects/constants.nix @@ -1,4 +1,9 @@ -{ lib, config, ... }: +{ + inputs, + lib, + config, + ... +}: let # Host submodule type @@ -132,6 +137,81 @@ in local-data = lanData; } ]; + # Generates flake.homeConfigurations + mkHomeConfiguration = + { + user, + hostname, + system ? "x86_64-linux", + stateVersion ? "22.05", + nixpkgs ? inputs.nixpkgs, # override with e.g. inputs.nixpkgs-stable + userModules ? [ ], + overlays ? [ inputs.self.overlays.default ], + homeManagerModules ? with inputs.self.modules.homeManager; [ + base + cli + ], + userDirectory ? "/home/${user}", + }: + inputs.home-manager.lib.homeManagerConfiguration { + pkgs = nixpkgs.legacyPackages.${system}; + + extraSpecialArgs = { + inherit inputs hostname; + }; + + modules = [ + { nixpkgs.overlays = overlays; } + { + home = { + username = user; + homeDirectory = userDirectory; + inherit stateVersion; + }; + } + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) + "/${inputs.self}/aspects/users/_${user}" + ) + ] + ++ homeManagerModules + ++ userModules; + }; + # Generates flake.nixosConfigurations + mkHost = + { + hostname, + system ? "x86_64-linux", + nixpkgs ? inputs.nixpkgs, + overlays ? [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ], + ephemeralRootDev ? null, # pass rootDevice string to enable, e.g. ephemeralephemeralRootDev = "/dev/mapper/cryptroot" + nixosModules ? with inputs.self.modules.nixos; [ + base + cli + user + root + ], + extraModules ? [ ], + }: + nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = hostname; } + { nixpkgs.overlays = overlays; } + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) + "${inputs.self}/aspects/hosts/_${hostname}" + ) + ] + ++ (lib.optional (ephemeralRootDev != null) ( + inputs.self.factory.ephemeral { rootDevice = ephemeralRootDev; } + )) + ++ nixosModules + ++ extraModules; + }; }; }; } diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index 55867fa..be5027e 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -1,33 +1,19 @@ -{ inputs, lib, ... }: +{ inputs, ... }: + +let + mkHost = inputs.self.lib.mkHost; +in { - flake.nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "alexandria"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_alexandria) - ] - ++ (with inputs.self.modules.nixos; [ - # system aspects - base - cli + flake.nixosConfigurations.alexandria = mkHost { + hostname = "alexandria"; + nixpkgs = inputs.nixpkgs-stable; + extraModules = with inputs.self.modules.nixos; [ + # base aspects server - - # user aspects - user - root - # other aspects fwupd libvirtd - ]); + ]; }; } diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix index 6944555..cf5ecec 100644 --- a/aspects/hosts/io.nix +++ b/aspects/hosts/io.nix @@ -1,34 +1,17 @@ -{ inputs, lib, ... }: +{ inputs, ... }: + +let + mkHost = inputs.self.lib.mkHost; +in { - flake.nixosConfigurations.io = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "io"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_io) - (inputs.self.factory.ephemeral { - rootDevice = "/dev/mapper/cryptroot"; - }) - ] - ++ (with inputs.self.modules.nixos; [ - # system aspects - base - cli + flake.nixosConfigurations.io = mkHost { + hostname = "io"; + ephemeralRootDev = "/dev/mapper/cryptroot"; + extraModules = with inputs.self.modules.nixos; [ + # base aspects desktop - - # user aspects - user - root - - # Other aspects + # other aspects ai bluetooth dev @@ -36,6 +19,6 @@ networkmanager niri podman - ]); + ]; }; } diff --git a/aspects/hosts/rotterdam.nix b/aspects/hosts/rotterdam.nix index 1c177e4..f3b6fca 100644 --- a/aspects/hosts/rotterdam.nix +++ b/aspects/hosts/rotterdam.nix @@ -1,34 +1,17 @@ -{ inputs, lib, ... }: +{ inputs, ... }: + +let + mkHost = inputs.self.lib.mkHost; +in { - flake.nixosConfigurations.rotterdam = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "rotterdam"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_rotterdam) - (inputs.self.factory.ephemeral { - rootDevice = "/dev/mapper/cryptroot"; - }) - ] - ++ (with inputs.self.modules.nixos; [ - # system aspects - base - cli + flake.nixosConfigurations.rotterdam = mkHost { + hostname = "rotterdam"; + ephemeralRootDev = "/dev/mapper/cryptroot"; + extraModules = with inputs.self.modules.nixos; [ + # base aspects desktop gaming - - # user aspects - user - root - # other aspects ai bluetooth @@ -38,6 +21,6 @@ networkmanager niri podman - ]); + ]; }; } diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix index 076672c..14f9dd7 100644 --- a/aspects/hosts/trantor.nix +++ b/aspects/hosts/trantor.nix @@ -1,31 +1,18 @@ -{ inputs, lib, ... }: -{ - flake.nixosConfigurations.trantor = inputs.nixpkgs-stable.lib.nixosSystem { - system = "aarch64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "trantor"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_trantor) - (inputs.self.factory.ephemeral { - rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; - }) - ] - ++ (with inputs.self.modules.nixos; [ - # system aspects - base - cli - server +{ inputs, ... }: - # user aspects - user - root - ]); +let + mkHost = inputs.self.lib.mkHost; +in + +{ + flake.nixosConfigurations.trantor = mkHost { + hostname = "trantor"; + system = "aarch64-linux"; + nixpkgs = inputs.nixpkgs-stable; + ephemeralRootDev = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; + extraModules = with inputs.self.modules.nixos; [ + # base aspects + server + ]; }; } diff --git a/aspects/users/user.nix b/aspects/users/user.nix index e3f8530..86bcddb 100644 --- a/aspects/users/user.nix +++ b/aspects/users/user.nix @@ -1,22 +1,55 @@ -{ ... }: +{ inputs, ... }: + +let + mkHomeConfiguration = inputs.self.lib.mkHomeConfiguration; +in { - flake.modules.nixos.user = - { pkgs, ... }: - { - users.users.user = { - isNormalUser = true; - shell = pkgs.fish; - extraGroups = [ - "networkmanager" - "wheel" + flake = { + modules.nixos.user = + { pkgs, ... }: + { + users.users.user = { + isNormalUser = true; + shell = pkgs.fish; + extraGroups = [ + "networkmanager" + "wheel" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + ]; + hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; + }; + }; + homeConfigurations = { + "user@rotterdam" = mkHomeConfiguration { + user = "user"; + hostname = "rotterdam"; + userModules = with inputs.self.modules.homeManager; [ + # system aspects + desktop + gaming + + # other aspects + stylix + niri ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + }; + "user@io" = mkHomeConfiguration { + user = "user"; + hostname = "io"; + userModules = with inputs.self.modules.homeManager; [ + # system aspects + desktop + + # other aspects + stylix + niri ]; - hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; }; }; + }; } diff --git a/aspects/users/user_io.nix b/aspects/users/user_io.nix deleted file mode 100644 index a8fa675..0000000 --- a/aspects/users/user_io.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ inputs, lib, ... }: - -{ - flake.homeConfigurations."user@io" = { - pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = { - inherit inputs; - hostname = "io"; - }; - modules = [ - { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - { - home = { - username = "user"; - homeDirectory = "/home/user"; - stateVersion = "22.05"; - }; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) - ] - ++ (with inputs.self.modules.homeManager; [ - # system aspects - base - cli - desktop - - # other aspects - stylix - niri - ]); - }; -} diff --git a/aspects/users/user_rotterdam.nix b/aspects/users/user_rotterdam.nix deleted file mode 100644 index 36f512d..0000000 --- a/aspects/users/user_rotterdam.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ inputs, lib, ... }: - -{ - flake.homeConfigurations."user@rotterdam" = { - pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = { - inherit inputs; - hostname = "rotterdam"; - }; - modules = [ - { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - { - home = { - username = "user"; - homeDirectory = "/home/user"; - stateVersion = "22.05"; - }; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) - ] - ++ (with inputs.self.modules.homeManager; [ - # system aspects - base - cli - desktop - gaming - - # other aspects - stylix - niri - ]); - }; -} From be4553046c151c048cc4bac3bf45f310b32ee5c3 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 19 Feb 2026 09:02:16 -0300 Subject: [PATCH 131/138] nix-ai-tools not that up to date --- aspects/ai.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/aspects/ai.nix b/aspects/ai.nix index e3016e6..99efd60 100644 --- a/aspects/ai.nix +++ b/aspects/ai.nix @@ -4,11 +4,8 @@ { inputs, pkgs, ... }: { environment.systemPackages = - (with pkgs; [ ]) + (with pkgs; [ opencode ]) ++ (with inputs.nix-ai-tools.packages.${pkgs.stdenv.hostPlatform.system}; [ - claude-code - claudebox - opencode ]); }; } From 09b0e64708e2f936e5eed33992cf4ffbb9f48f29 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 19 Feb 2026 09:10:44 -0300 Subject: [PATCH 132/138] determinate nix breaks my systems --- aspects/base/nix.nix | 31 ++--- flake.lock | 322 ++++++++----------------------------------- flake.nix | 1 - 3 files changed, 75 insertions(+), 279 deletions(-) diff --git a/aspects/base/nix.nix b/aspects/base/nix.nix index 29feff8..2442024 100644 --- a/aspects/base/nix.nix +++ b/aspects/base/nix.nix @@ -3,25 +3,24 @@ flake.modules.nixos.nix = { inputs, pkgs, ... }: { - imports = [ - inputs.nixos-cli.nixosModules.nixos-cli - inputs.determinate.nixosModules.default - ]; + imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; - nix.gc = { - automatic = true; - options = "--delete-older-than 8d"; + nix = { + settings = { + auto-optimise-store = true; + connect-timeout = 10; + log-lines = 25; + min-free = 128000000; + max-free = 1000000000; + trusted-users = [ "@wheel" ]; + }; + extraOptions = "experimental-features = nix-command flakes"; + gc = { + automatic = true; + options = "--delete-older-than 8d"; + }; }; - environment.etc."nix/nix.custom.conf".text = '' - auto-optimise-store = true - connect-timeout = 10 - log-lines = 25 - min-free = 128000000 - max-free = 1000000000 - trusted-users = @wheel - ''; - nixpkgs.config = { allowUnfree = true; enableParallelBuilding = true; diff --git a/flake.lock b/flake.lock index 8b17f1e..20de064 100644 --- a/flake.lock +++ b/flake.lock @@ -135,66 +135,9 @@ "type": "github" } }, - "determinate": { - "inputs": { - "determinate-nixd-aarch64-darwin": "determinate-nixd-aarch64-darwin", - "determinate-nixd-aarch64-linux": "determinate-nixd-aarch64-linux", - "determinate-nixd-x86_64-linux": "determinate-nixd-x86_64-linux", - "nix": "nix", - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1771014593, - "narHash": "sha256-NrCFwn20ewJwy/SZoREs+XylerizPCYP54n9qkr31/E=", - "rev": "69b4ff80ae2bbdd1e3f02ccd76a5f2988b118ed2", - "revCount": 397, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.16.0/019c58b5-64dc-77f9-b913-8738b7d338cc/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/DeterminateSystems/determinate/%2A" - } - }, - "determinate-nixd-aarch64-darwin": { - "flake": false, - "locked": { - "narHash": "sha256-PUo0u1iNMB8eTlBNFMCW8/UAn1sGKGqsIYlXaDRhx00=", - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/macOS" - }, - "original": { - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/macOS" - } - }, - "determinate-nixd-aarch64-linux": { - "flake": false, - "locked": { - "narHash": "sha256-jiIWiM88xkEpBQeohSxhl83fn2xoZY0nFkrW6CUAIAI=", - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/aarch64-linux" - }, - "original": { - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/aarch64-linux" - } - }, - "determinate-nixd-x86_64-linux": { - "flake": false, - "locked": { - "narHash": "sha256-qF/NNdHwh3tAHrKIOz2FRq5Q8GcSMzJeEY/PFvGf5vo=", - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/x86_64-linux" - }, - "original": { - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/x86_64-linux" - } - }, "disko": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs" }, "locked": { "lastModified": 1769524058, @@ -227,22 +170,6 @@ } }, "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { "flake": false, "locked": { "lastModified": 1767039857, @@ -258,7 +185,7 @@ "type": "github" } }, - "flake-compat_3": { + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1747046372, @@ -275,27 +202,6 @@ } }, "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "determinate", - "nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1748821116, - "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=", - "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1", - "revCount": 377, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/hercules-ci/flake-parts/0.1.377%2Brev-49f0870db23e8c1ca0b5259734a02cd9e1e371a1/01972f28-554a-73f8-91f4-d488cc502f08/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/hercules-ci/flake-parts/0.1" - } - }, - "flake-parts_2": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, @@ -313,7 +219,7 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_2": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_2" }, @@ -331,7 +237,7 @@ "type": "github" } }, - "flake-parts_4": { + "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -352,7 +258,7 @@ "type": "github" } }, - "flake-parts_5": { + "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "terranix", @@ -389,32 +295,6 @@ "type": "github" } }, - "git-hooks-nix": { - "inputs": { - "flake-compat": "flake-compat", - "gitignore": [ - "determinate", - "nix" - ], - "nixpkgs": [ - "determinate", - "nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1747372754, - "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", - "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", - "revCount": 1026, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/cachix/git-hooks.nix/0.1.1026%2Brev-80479b6ec16fefd9c1db3ea13aeb038c60530f46/0196d79a-1b35-7b8e-a021-c894fb62163d/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/cachix/git-hooks.nix/0.1.941" - } - }, "gnome-shell": { "flake": false, "locked": { @@ -521,7 +401,7 @@ "impermanence": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1769548169, @@ -552,31 +432,10 @@ "type": "github" } }, - "nix": { - "inputs": { - "flake-parts": "flake-parts", - "git-hooks-nix": "git-hooks-nix", - "nixpkgs": "nixpkgs", - "nixpkgs-23-11": "nixpkgs-23-11", - "nixpkgs-regression": "nixpkgs-regression" - }, - "locked": { - "lastModified": 1771010067, - "narHash": "sha256-Itk88UC3CxjGjjAb20KI6KrM9tRoGEpbv996fXwAWGo=", - "rev": "5c670e37e884c43e1da0405075c9b9c83d316a6c", - "revCount": 24629, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.16.0/019c589d-45e9-7337-9ff0-a8d78fecf63f/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/DeterminateSystems/nix-src/%2A" - } - }, "nix-ai-tools": { "inputs": { "blueprint": "blueprint", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_3", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -631,9 +490,9 @@ }, "nixos-cli": { "inputs": { - "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_6", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts_2", + "nixpkgs": "nixpkgs_4", "optnix": "optnix" }, "locked": { @@ -652,31 +511,17 @@ }, "nixpkgs": { "locked": { - "lastModified": 1761597516, - "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", - "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55", - "revCount": 811874, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.811874%2Brev-daf6dc47aa4b44791372d6139ab7b25269184d55/019a3494-3498-707e-9086-1fb81badc7fe/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/NixOS/nixpkgs/0.2505" - } - }, - "nixpkgs-23-11": { - "locked": { - "lastModified": 1717159533, - "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=", + "lastModified": 1769330179, + "narHash": "sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv+6jcvA212M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", + "rev": "48698d12cc10555a4f3e3222d9c669b884a49dfe", "type": "github" }, "original": { "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", - "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", "type": "github" } }, @@ -710,22 +555,6 @@ "type": "github" } }, - "nixpkgs-regression": { - "locked": { - "lastModified": 1643052045, - "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - } - }, "nixpkgs-stable": { "locked": { "lastModified": 1770770419, @@ -742,69 +571,7 @@ "type": "github" } }, - "nixpkgs_10": { - "locked": { - "lastModified": 1762111121, - "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { - "locked": { - "lastModified": 1769461804, - "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { - "locked": { - "lastModified": 1770537093, - "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", - "rev": "fef9403a3e4d31b0a23f0bacebbec52c248fbb51", - "revCount": 942631, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nixpkgs-weekly/0.1.942631%2Brev-fef9403a3e4d31b0a23f0bacebbec52c248fbb51/019c4621-ce4f-799f-82f6-b3b29f099b09/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/DeterminateSystems/nixpkgs-weekly/0.1" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1769330179, - "narHash": "sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv+6jcvA212M=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "48698d12cc10555a4f3e3222d9c669b884a49dfe", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { "locked": { "lastModified": 1768564909, "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", @@ -820,7 +587,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_3": { "locked": { "lastModified": 1770843696, "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=", @@ -836,7 +603,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_4": { "locked": { "lastModified": 1767151656, "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", @@ -852,7 +619,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_5": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -868,7 +635,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_6": { "locked": { "lastModified": 1770562336, "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", @@ -884,7 +651,7 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_7": { "locked": { "lastModified": 1767767207, "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", @@ -900,6 +667,38 @@ "type": "github" } }, + "nixpkgs_8": { + "locked": { + "lastModified": 1762111121, + "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_9": { + "locked": { + "lastModified": 1769461804, + "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "noctalia": { "inputs": { "nixpkgs": [ @@ -947,8 +746,8 @@ }, "optnix": { "inputs": { - "flake-compat": "flake-compat_3", - "nixpkgs": "nixpkgs_7" + "flake-compat": "flake-compat_2", + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1765418479, @@ -967,9 +766,8 @@ "root": { "inputs": { "agenix": "agenix", - "determinate": "determinate", "disko": "disko", - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts", "home-manager": "home-manager_2", "impermanence": "impermanence", "import-tree": "import-tree", @@ -977,7 +775,7 @@ "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_6", "nixpkgs-stable": "nixpkgs-stable", "noctalia": "noctalia", "stylix": "stylix", @@ -993,9 +791,9 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_4", + "flake-parts": "flake-parts_3", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_7", "nur": "nur", "systems": "systems_3", "tinted-foot": "tinted-foot", @@ -1095,7 +893,7 @@ }, "terranix": { "inputs": { - "flake-parts": "flake-parts_5", + "flake-parts": "flake-parts_4", "nixpkgs": [ "nixpkgs" ], @@ -1219,7 +1017,7 @@ }, "vicinae": { "inputs": { - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_8", "systems": "systems_5" }, "locked": { @@ -1239,7 +1037,7 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_4", - "nixpkgs": "nixpkgs_11" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1771000521, diff --git a/flake.nix b/flake.nix index c2f801c..2036828 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,6 @@ # nix tools flake-parts.url = "github:hercules-ci/flake-parts"; import-tree.url = "github:vic/import-tree"; - determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*"; # nixos/hm nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; From e9c17f10a5f3c999b46b7941b21db46a5cec68ef Mon Sep 17 00:00:00 2001 From: baduhai Date: Thu, 19 Feb 2026 18:29:03 -0300 Subject: [PATCH 133/138] Update readme.md --- readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/readme.md b/readme.md index 554c5bc..52f8af1 100644 --- a/readme.md +++ b/readme.md @@ -27,14 +27,14 @@ Modular NixOS configuration using flake-parts with the [dendritic](https://githu |------|--------------|------|-------------| | trantor | aarch64-linux | server | ARM server running Forgejo | | alexandria | x86_64-linux | server | x86 server (Kanidm, Vaultwarden, Nextcloud, Jellyfin) | -| rotterdam | x86_64-linux | desktop | Gaming desktop with GPU passthrough | +| rotterdam | x86_64-linux | desktop | Main workstation setup for gaming | | io | x86_64-linux | desktop | Workstation | ## Services - **git.baduhai.dev** (Forgejo) - Publicly accessible on trantor -Other services (LAN/Tailscale only): Kanidm, Vaultwarden, Nextcloud, Jellyfin +Other services (LAN/Tailscale only): Vaultwarden, Nextcloud, Jellyfin ## Features From b16821ef741129fb9053f75325c8831a9e27fab7 Mon Sep 17 00:00:00 2001 From: baduhai Date: Thu, 19 Feb 2026 18:32:43 -0300 Subject: [PATCH 134/138] Update readme.md --- readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/readme.md b/readme.md index 52f8af1..e36ccec 100644 --- a/readme.md +++ b/readme.md @@ -58,8 +58,8 @@ sudo nixos apply Terraform configurations for cloud infrastructure managed via terranix: -- baduhai.dev DNS -- Cloudflare tunnel endpoints +- baduhai.dev DNS on CloudFlare +- VPS provisioning on OCI - Tailscale subnet routers ## Key Dependencies From 87d75380bb7a1661394f86cc58f00f89a45f47ad Mon Sep 17 00:00:00 2001 From: William Date: Fri, 20 Feb 2026 11:14:31 -0300 Subject: [PATCH 135/138] add beeper to web packages --- aspects/desktop/web.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/aspects/desktop/web.nix b/aspects/desktop/web.nix index 8fb960a..4e4fe5b 100644 --- a/aspects/desktop/web.nix +++ b/aspects/desktop/web.nix @@ -10,6 +10,7 @@ { environment.systemPackages = with pkgs; [ inputs.zen-browser.packages."${pkgs.stdenv.hostPlatform.system}".default + beeper bitwarden-desktop fragments nextcloud-client From 834d4d516090f96e44c58dfa8eb409849acc95ea Mon Sep 17 00:00:00 2001 From: William Date: Sun, 22 Feb 2026 16:08:52 -0300 Subject: [PATCH 136/138] add ungoogled-chromium to web aspect --- aspects/desktop/web.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/aspects/desktop/web.nix b/aspects/desktop/web.nix index 4e4fe5b..9d6494f 100644 --- a/aspects/desktop/web.nix +++ b/aspects/desktop/web.nix @@ -15,6 +15,7 @@ fragments nextcloud-client tor-browser + ungoogled-chromium vesktop ]; }; From 84e7f6c51041f3a0dda2f254881f8b0b630e3b44 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 23 Feb 2026 08:31:38 -0300 Subject: [PATCH 137/138] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nix-ai-tools': 'github:numtide/llm-agents.nix/266d4d8a55eef6dd23cd0adced301053d8fc23c9?narHash=sha256-HQXK2CXAhBuTBw99Ip018Vp9MMAPfJVywgRrkwMUgMc%3D' (2026-02-12) → 'github:numtide/llm-agents.nix/db94a329058a1a37b49d3209af85708b3338559a?narHash=sha256-q5Wsb1573qDfIPJctG9CBZP0NMniejoB7SmBLZIVAHg%3D' (2026-02-23) • Updated input 'nix-ai-tools/blueprint': 'github:numtide/blueprint/c7da5c70ad1c9b60b6f5d4f674fbe205d48d8f6c?narHash=sha256-zI%2B7cbMI4wMIR57jMjDSEsVb3grapTnURDxxJPYFIW0%3D' (2026-01-25) → 'github:numtide/blueprint/06ee7190dc2620ea98af9eb225aa9627b68b0e33?narHash=sha256-bLqwib%2BrtyBRRVBWhMuBXPCL/OThfokA%2Bj6%2BuH7jDGU%3D' (2026-02-18) • Updated input 'nix-ai-tools/nixpkgs': 'github:NixOS/nixpkgs/2343bbb58f99267223bc2aac4fc9ea301a155a16?narHash=sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8%3D' (2026-02-11) → 'github:NixOS/nixpkgs/d1c15b7d5806069da59e819999d70e1cec0760bf?narHash=sha256-b9uG8yN50DRQ6A7JdZBfzq718ryYrlmGgqkRm9OOwCE%3D' (2026-02-16) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 20de064..a99cac7 100644 --- a/flake.lock +++ b/flake.lock @@ -100,11 +100,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1769353768, - "narHash": "sha256-zI+7cbMI4wMIR57jMjDSEsVb3grapTnURDxxJPYFIW0=", + "lastModified": 1771437256, + "narHash": "sha256-bLqwib+rtyBRRVBWhMuBXPCL/OThfokA+j6+uH7jDGU=", "owner": "numtide", "repo": "blueprint", - "rev": "c7da5c70ad1c9b60b6f5d4f674fbe205d48d8f6c", + "rev": "06ee7190dc2620ea98af9eb225aa9627b68b0e33", "type": "github" }, "original": { @@ -439,11 +439,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1770907059, - "narHash": "sha256-HQXK2CXAhBuTBw99Ip018Vp9MMAPfJVywgRrkwMUgMc=", + "lastModified": 1771816560, + "narHash": "sha256-q5Wsb1573qDfIPJctG9CBZP0NMniejoB7SmBLZIVAHg=", "owner": "numtide", "repo": "llm-agents.nix", - "rev": "266d4d8a55eef6dd23cd0adced301053d8fc23c9", + "rev": "db94a329058a1a37b49d3209af85708b3338559a", "type": "github" }, "original": { @@ -589,11 +589,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1770843696, - "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=", + "lastModified": 1771207753, + "narHash": "sha256-b9uG8yN50DRQ6A7JdZBfzq718ryYrlmGgqkRm9OOwCE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2343bbb58f99267223bc2aac4fc9ea301a155a16", + "rev": "d1c15b7d5806069da59e819999d70e1cec0760bf", "type": "github" }, "original": { From c3650b73a1310c61c2e67afe0d1347bc4dac852a Mon Sep 17 00:00:00 2001 From: William Date: Mon, 23 Feb 2026 08:32:16 -0300 Subject: [PATCH 138/138] opencode from nix-ai-tools --- aspects/ai.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/aspects/ai.nix b/aspects/ai.nix index 99efd60..f3eb6dd 100644 --- a/aspects/ai.nix +++ b/aspects/ai.nix @@ -4,8 +4,16 @@ { inputs, pkgs, ... }: { environment.systemPackages = - (with pkgs; [ opencode ]) + (with pkgs; [ ]) ++ (with inputs.nix-ai-tools.packages.${pkgs.stdenv.hostPlatform.system}; [ + opencode ]); + + nix.settings = { + extra-substituters = [ "https://cache.numtide.com" ]; + extra-trusted-public-keys = [ + "niks3.numtide.com-1:DTx8wZduET09hRmMtKdQDxNNthLQETkc/yaX7M4qK0g=" + ]; + }; }; }