From 1a586c2d90414cf6eb741cfd177ccce7eac0ca85 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 5 Feb 2026 22:07:51 -0300 Subject: [PATCH 01/75] I tried going all in on dendritic, but I think I'm gonna go for a lighter approach --- deploy.nix | 48 ---- devShells.nix | 16 -- flake.nix | 4 - homeConfigurations.nix | 43 ---- hosts/alexandria/hardware-configuration.nix | 49 ---- hosts/alexandria/jellyfin.nix | 15 -- hosts/alexandria/kanidm.nix | 83 ------- hosts/alexandria/nextcloud.nix | 97 -------- hosts/alexandria/nginx.nix | 59 ----- hosts/alexandria/unbound.nix | 58 ----- hosts/alexandria/vaultwarden.nix | 26 -- hosts/io/boot.nix | 14 -- hosts/io/disko.nix | 79 ------ hosts/io/hardware-configuration.nix | 37 --- hosts/io/programs.nix | 27 -- hosts/io/services.nix | 61 ----- hosts/modules/ai.nix | 11 - hosts/modules/bluetooth.nix | 5 - hosts/modules/common/boot.nix | 20 -- hosts/modules/common/console.nix | 8 - hosts/modules/common/firewall.nix | 8 - hosts/modules/common/locale.nix | 21 -- hosts/modules/common/nix.nix | 38 --- hosts/modules/common/openssh.nix | 11 - hosts/modules/common/programs.nix | 40 --- hosts/modules/common/security.nix | 13 - hosts/modules/common/services.nix | 9 - hosts/modules/common/tailscale.nix | 8 - hosts/modules/common/users.nix | 24 -- hosts/modules/desktop/boot.nix | 26 -- hosts/modules/desktop/desktop.nix | 163 ------------- hosts/modules/desktop/nix.nix | 13 - hosts/modules/desktop/services.nix | 15 -- hosts/modules/dev.nix | 18 -- hosts/modules/ephemeral.nix | 43 ---- hosts/modules/fwupd.nix | 5 - hosts/modules/gaming.nix | 43 ---- hosts/modules/libvirtd.nix | 17 -- hosts/modules/networkmanager.nix | 10 - hosts/modules/podman.nix | 14 -- hosts/modules/server/boot.nix | 5 - hosts/modules/server/nix.nix | 13 - hosts/modules/server/tailscale.nix | 13 - hosts/rotterdam/boot.nix | 31 --- hosts/rotterdam/hardware-configuration.nix | 82 ------- hosts/rotterdam/hardware.nix | 8 - hosts/rotterdam/programs.nix | 31 --- hosts/rotterdam/services.nix | 11 - hosts/trantor/boot.nix | 6 - hosts/trantor/disko.nix | 64 ----- hosts/trantor/fail2ban.nix | 23 -- hosts/trantor/forgejo.nix | 72 ------ hosts/trantor/hardware-configuration.nix | 20 -- hosts/trantor/networking.nix | 8 - hosts/trantor/nginx.nix | 61 ----- hosts/trantor/openssh.nix | 23 -- hosts/trantor/unbound.nix | 58 ----- modules/ephemeral.nix | 84 ------- modules/nix/agenix.nix | 37 +++ modules/nix/dendritic-tools.nix | 25 ++ modules/nix/factory.nix | 12 + modules/nix/home-manager.nix | 36 +++ modules/nix/impermanence.nix | 54 ++++ modules/nix/lib.nix | 34 +++ modules/nix/pkgs-by-name.nix | 42 ++++ nixosConfigurations.nix | 56 ----- nixosModules.nix | 7 - overlays.nix | 14 -- packages.nix | 22 -- packages/base16-schemes.nix | 32 --- packages/claude-desktop.nix | 221 ----------------- packages/fastfetch.nix | 81 ------ packages/hm-cli.nix | 105 -------- readme.md | 87 ------- shared/services.nix | 43 ---- terranix/cloudflare/baduhai.dev.nix | 86 ------- terranix/cloudflare/kernelpanic.space.nix | 0 terranix/oci/terminus.nix | 0 terranix/oci/trantor.nix | 258 -------------------- terranix/tailscale/tailnet.nix | 43 ---- terranixConfigurations.nix | 27 -- users/modules/btop.nix | 12 - users/modules/comma.nix | 7 - users/modules/common/bash.nix | 8 - users/modules/common/fish.nix | 32 --- users/modules/common/hm-cli.nix | 10 - users/modules/desktop/desktop.nix | 134 ---------- users/modules/desktop/niri.nix | 229 ----------------- users/modules/direnv.nix | 8 - users/modules/gaming.nix | 33 --- users/modules/helix.nix | 49 ---- users/modules/obs-studio.nix | 13 - users/modules/starship.nix | 40 --- users/modules/stylix.nix | 69 ------ users/modules/tmux.nix | 11 - users/user/git.nix | 17 -- utils.nix | 233 ------------------ 97 files changed, 240 insertions(+), 3899 deletions(-) delete mode 100644 deploy.nix delete mode 100644 devShells.nix delete mode 100644 homeConfigurations.nix delete mode 100644 hosts/alexandria/hardware-configuration.nix delete mode 100644 hosts/alexandria/jellyfin.nix delete mode 100644 hosts/alexandria/kanidm.nix delete mode 100644 hosts/alexandria/nextcloud.nix delete mode 100644 hosts/alexandria/nginx.nix delete mode 100644 hosts/alexandria/unbound.nix delete mode 100644 hosts/alexandria/vaultwarden.nix delete mode 100644 hosts/io/boot.nix delete mode 100644 hosts/io/disko.nix delete mode 100644 hosts/io/hardware-configuration.nix delete mode 100644 hosts/io/programs.nix delete mode 100644 hosts/io/services.nix delete mode 100644 hosts/modules/ai.nix delete mode 100644 hosts/modules/bluetooth.nix delete mode 100644 hosts/modules/common/boot.nix delete mode 100644 hosts/modules/common/console.nix delete mode 100644 hosts/modules/common/firewall.nix delete mode 100644 hosts/modules/common/locale.nix delete mode 100644 hosts/modules/common/nix.nix delete mode 100644 hosts/modules/common/openssh.nix delete mode 100644 hosts/modules/common/programs.nix delete mode 100644 hosts/modules/common/security.nix delete mode 100644 hosts/modules/common/services.nix delete mode 100644 hosts/modules/common/tailscale.nix delete mode 100644 hosts/modules/common/users.nix delete mode 100644 hosts/modules/desktop/boot.nix delete mode 100644 hosts/modules/desktop/desktop.nix delete mode 100644 hosts/modules/desktop/nix.nix delete mode 100644 hosts/modules/desktop/services.nix delete mode 100644 hosts/modules/dev.nix delete mode 100644 hosts/modules/ephemeral.nix delete mode 100644 hosts/modules/fwupd.nix delete mode 100644 hosts/modules/gaming.nix delete mode 100644 hosts/modules/libvirtd.nix delete mode 100644 hosts/modules/networkmanager.nix delete mode 100644 hosts/modules/podman.nix delete mode 100644 hosts/modules/server/boot.nix delete mode 100644 hosts/modules/server/nix.nix delete mode 100644 hosts/modules/server/tailscale.nix delete mode 100644 hosts/rotterdam/boot.nix delete mode 100644 hosts/rotterdam/hardware-configuration.nix delete mode 100644 hosts/rotterdam/hardware.nix delete mode 100644 hosts/rotterdam/programs.nix delete mode 100644 hosts/rotterdam/services.nix delete mode 100644 hosts/trantor/boot.nix delete mode 100644 hosts/trantor/disko.nix delete mode 100644 hosts/trantor/fail2ban.nix delete mode 100644 hosts/trantor/forgejo.nix delete mode 100644 hosts/trantor/hardware-configuration.nix delete mode 100644 hosts/trantor/networking.nix delete mode 100644 hosts/trantor/nginx.nix delete mode 100644 hosts/trantor/openssh.nix delete mode 100644 hosts/trantor/unbound.nix delete mode 100644 modules/ephemeral.nix create mode 100644 modules/nix/agenix.nix create mode 100644 modules/nix/dendritic-tools.nix create mode 100644 modules/nix/factory.nix create mode 100644 modules/nix/home-manager.nix create mode 100644 modules/nix/impermanence.nix create mode 100644 modules/nix/lib.nix create mode 100644 modules/nix/pkgs-by-name.nix delete mode 100644 nixosConfigurations.nix delete mode 100644 nixosModules.nix delete mode 100644 overlays.nix delete mode 100644 packages.nix delete mode 100644 packages/base16-schemes.nix delete mode 100644 packages/claude-desktop.nix delete mode 100644 packages/fastfetch.nix delete mode 100644 packages/hm-cli.nix delete mode 100644 readme.md delete mode 100644 shared/services.nix delete mode 100644 terranix/cloudflare/baduhai.dev.nix delete mode 100644 terranix/cloudflare/kernelpanic.space.nix delete mode 100644 terranix/oci/terminus.nix delete mode 100644 terranix/oci/trantor.nix delete mode 100644 terranix/tailscale/tailnet.nix delete mode 100644 terranixConfigurations.nix delete mode 100644 users/modules/btop.nix delete mode 100644 users/modules/comma.nix delete mode 100644 users/modules/common/bash.nix delete mode 100644 users/modules/common/fish.nix delete mode 100644 users/modules/common/hm-cli.nix delete mode 100644 users/modules/desktop/desktop.nix delete mode 100644 users/modules/desktop/niri.nix delete mode 100644 users/modules/direnv.nix delete mode 100644 users/modules/gaming.nix delete mode 100644 users/modules/helix.nix delete mode 100644 users/modules/obs-studio.nix delete mode 100644 users/modules/starship.nix delete mode 100644 users/modules/stylix.nix delete mode 100644 users/modules/tmux.nix delete mode 100644 users/user/git.nix delete mode 100644 utils.nix diff --git a/deploy.nix b/deploy.nix deleted file mode 100644 index 187c92f..0000000 --- a/deploy.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ inputs, self, ... }: -{ - flake.deploy = { - remoteBuild = true; - nodes = { - alexandria = { - hostname = "alexandria"; - profiles.system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; - user = "root"; - }; - }; - - trantor = { - hostname = "trantor"; - profiles.system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.trantor; - user = "root"; - }; - }; - - io = { - hostname = "io"; - profiles = { - system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.io; - user = "root"; - remoteBuild = false; - }; - user = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations."user@io"; - user = "user"; - remoteBuild = false; - }; - }; - }; - }; - }; - perSystem = - { system, ... }: - { - checks = inputs.deploy-rs.lib.${system}.deployChecks self.deploy; - }; -} diff --git a/devShells.nix b/devShells.nix deleted file mode 100644 index 1c93cf3..0000000 --- a/devShells.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ inputs, ... }: - -{ - perSystem = - { pkgs, system, ... }: - { - devShells.default = pkgs.mkShell { - packages = with pkgs; [ - inputs.agenix.packages.${system}.default - deploy-rs - nil - nixfmt - ]; - }; - }; -} diff --git a/flake.nix b/flake.nix index 20210f2..549724f 100644 --- a/flake.nix +++ b/flake.nix @@ -24,8 +24,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - stylix.url = "github:danth/stylix"; - nixos-cli.url = "github:nix-community/nixos-cli"; nix-flatpak.url = "github:gmodena/nix-flatpak/main"; @@ -38,8 +36,6 @@ niri-flake.url = "github:sodiboo/niri-flake"; - niri.url = "github:baduhai/niri/auto-center-when-space-available"; - nix-index-database = { url = "github:nix-community/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/homeConfigurations.nix b/homeConfigurations.nix deleted file mode 100644 index 296abfa..0000000 --- a/homeConfigurations.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ inputs, ... }: - -let - lib = inputs.nixpkgs.lib; - utils = import ./utils.nix { inherit inputs lib; }; - inherit (utils) mkHome; -in - -{ - flake.homeConfigurations = { - "user@rotterdam" = mkHome { - username = "user"; - hostname = "rotterdam"; - tags = [ - "desktop" - "btop" - "comma" - "direnv" - "gaming" - "helix" - "obs-studio" - "starship" - "stylix" - "tmux" - ]; - }; - - "user@io" = mkHome { - username = "user"; - hostname = "io"; - tags = [ - "desktop" - "btop" - "comma" - "direnv" - "helix" - "starship" - "stylix" - "tmux" - ]; - }; - }; -} diff --git a/hosts/alexandria/hardware-configuration.nix b/hosts/alexandria/hardware-configuration.nix deleted file mode 100644 index 63ecba5..0000000 --- a/hosts/alexandria/hardware-configuration.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ - config, - lib, - modulesPath, - ... -}: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - initrd = { - availableKernelModules = [ - "xhci_pci" - "ahci" - "usbhid" - "usb_storage" - "sd_mod" - ]; - kernelModules = [ ]; - }; - kernelModules = [ "kvm-intel" ]; - extraModulePackages = [ ]; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/31289617-1d84-4432-a833-680b52e88525"; - fsType = "ext4"; - }; - "/boot" = { - device = "/dev/disk/by-uuid/4130-BE54"; - fsType = "vfat"; - }; - }; - - swapDevices = [ - { - device = "/swapfile"; - size = 8192; - } - ]; - - networking.useDHCP = lib.mkDefault true; - - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/alexandria/jellyfin.nix b/hosts/alexandria/jellyfin.nix deleted file mode 100644 index 6ceac09..0000000 --- a/hosts/alexandria/jellyfin.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ lib, inputs, ... }: -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in -{ - services.jellyfin = { - enable = true; - openFirewall = true; - }; - - services.nginx.virtualHosts = mkNginxVHosts { - domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; - }; -} diff --git a/hosts/alexandria/kanidm.nix b/hosts/alexandria/kanidm.nix deleted file mode 100644 index eaaa9b9..0000000 --- a/hosts/alexandria/kanidm.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ - config, - lib, - inputs, - pkgs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; - kanidmCertDir = "/var/lib/kanidm/certs"; -in - -{ - services.kanidm = { - enableServer = true; - enableClient = true; - package = pkgs.kanidm; - - serverSettings = { - domain = "auth.baduhai.dev"; - origin = "https://auth.baduhai.dev"; - bindaddress = "127.0.0.1:8443"; - ldapbindaddress = "127.0.0.1:636"; - trust_x_forward_for = true; - # Use self-signed certificates for internal TLS - tls_chain = "${kanidmCertDir}/cert.pem"; - tls_key = "${kanidmCertDir}/key.pem"; - }; - - clientSettings = { - uri = "https://auth.baduhai.dev"; - }; - }; - - services.nginx.virtualHosts = mkNginxVHosts { - domains."auth.baduhai.dev" = { - locations."/" = { - proxyPass = "https://127.0.0.1:8443"; - extraConfig = '' - proxy_ssl_verify off; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $host; - ''; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ 636 ]; - - # Generate self-signed certificates for kanidm's internal TLS - systemd.services.kanidm-generate-certs = { - description = "Generate self-signed TLS certificates for Kanidm"; - wantedBy = [ "multi-user.target" ]; - before = [ "kanidm.service" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - mkdir -p ${kanidmCertDir} - if [ ! -f ${kanidmCertDir}/key.pem ]; then - ${pkgs.openssl}/bin/openssl req -x509 -newkey rsa:4096 \ - -keyout ${kanidmCertDir}/key.pem \ - -out ${kanidmCertDir}/cert.pem \ - -days 3650 -nodes \ - -subj "/CN=localhost" \ - -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" - chown -R kanidm:kanidm ${kanidmCertDir} - chmod 600 ${kanidmCertDir}/key.pem - chmod 644 ${kanidmCertDir}/cert.pem - fi - ''; - }; - - # Ensure certificate generation runs before kanidm starts - systemd.services.kanidm = { - after = [ "kanidm-generate-certs.service" ]; - wants = [ "kanidm-generate-certs.service" ]; - }; -} diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix deleted file mode 100644 index c449cce..0000000 --- a/hosts/alexandria/nextcloud.nix +++ /dev/null @@ -1,97 +0,0 @@ -{ - lib, - config, - pkgs, - inputs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in - -{ - services = { - nextcloud = { - enable = true; - package = pkgs.nextcloud32; - datadir = "/data/nextcloud"; - hostName = "cloud.baduhai.dev"; - configureRedis = true; - https = true; - secretFile = config.age.secrets."nextcloud-secrets.json".path; - database.createLocally = true; - maxUploadSize = "16G"; - extraApps = { - inherit (config.services.nextcloud.package.packages.apps) - calendar - contacts - notes - tasks - user_oidc - ; - }; - extraAppsEnable = true; - caching = { - apcu = true; - redis = true; - }; - settings = { - trusted_proxies = [ "127.0.0.1" ]; - default_phone_region = "BR"; - maintenance_window_start = "4"; - allow_local_remote_servers = true; - enabledPreviewProviders = [ - "OC\\Preview\\BMP" - "OC\\Preview\\EMF" - "OC\\Preview\\Font" - "OC\\Preview\\GIF" - "OC\\Preview\\HEIC" - "OC\\Preview\\Illustrator" - "OC\\Preview\\JPEG" - "OC\\Preview\\Krita" - "OC\\Preview\\MarkDown" - "OC\\Preview\\Movie" - "OC\\Preview\\MP3" - "OC\\Preview\\MSOffice2003" - "OC\\Preview\\MSOffice2007" - "OC\\Preview\\MSOfficeDoc" - "OC\\Preview\\OpenDocument" - "OC\\Preview\\PDF" - "OC\\Preview\\Photoshop" - "OC\\Preview\\PNG" - "OC\\Preview\\Postscript" - "OC\\Preview\\SVG" - "OC\\Preview\\TIFF" - "OC\\Preview\\TXT" - "OC\\Preview\\XBitmap" - ]; - }; - config = { - dbtype = "pgsql"; - adminpassFile = config.age.secrets.nextcloud-adminpass.path; - }; - phpOptions = { - "opcache.interned_strings_buffer" = "16"; - }; - }; - - nginx.virtualHosts = mkNginxVHosts { - domains."cloud.baduhai.dev" = { }; - }; - }; - - age.secrets = { - "nextcloud-secrets.json" = { - file = ../../secrets/nextcloud-secrets.json.age; - owner = "nextcloud"; - group = "nextcloud"; - }; - nextcloud-adminpass = { - file = ../../secrets/nextcloud-adminpass.age; - owner = "nextcloud"; - group = "nextcloud"; - }; - }; -} diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix deleted file mode 100644 index 274f645..0000000 --- a/hosts/alexandria/nginx.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts services; - - # Get all unique domains from shared services that have LAN IPs (served by this host) - localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "alexandria") services)); - - # Generate ACME cert configs for all local domains - acmeCerts = lib.genAttrs localDomains (domain: { - group = "nginx"; - }); -in - -{ - security.acme = { - acceptTerms = true; - defaults = { - email = "baduhai@proton.me"; - dnsResolver = "1.1.1.1:53"; - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets.cloudflare.path; - }; - certs = acmeCerts; - }; - - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts = { - "_" = { - default = true; - locations."/".return = "444"; - }; - }; - }; - - users.users.nginx.extraGroups = [ "acme" ]; - - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; - - age.secrets.cloudflare = { - file = ../../secrets/cloudflare.age; - owner = "nginx"; - group = "nginx"; - }; -} diff --git a/hosts/alexandria/unbound.nix b/hosts/alexandria/unbound.nix deleted file mode 100644 index 31363aa..0000000 --- a/hosts/alexandria/unbound.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ inputs, lib, ... }: - -let - utils = import ../../utils.nix { inherit inputs lib; }; -in - -{ - services.unbound = { - enable = true; - enableRootTrustAnchor = true; - settings = { - server = { - interface = [ - "0.0.0.0" - "::" - ]; - access-control = [ - "127.0.0.0/8 allow" - "192.168.0.0/16 allow" - "::1/128 allow" - ]; - - num-threads = 2; - msg-cache-size = "50m"; - rrset-cache-size = "100m"; - cache-min-ttl = 300; - cache-max-ttl = 86400; - prefetch = true; - prefetch-key = true; - hide-identity = true; - hide-version = true; - so-rcvbuf = "1m"; - so-sndbuf = "1m"; - - # LAN-only DNS records - local-zone = ''"baduhai.dev." transparent''; - local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') - (lib.filter (e: e ? lanIP) utils.services); - }; - - forward-zone = [ - { - name = "."; - forward-addr = [ - "1.1.1.1@853#cloudflare-dns.com" - "1.0.0.1@853#cloudflare-dns.com" - ]; - forward-tls-upstream = true; - } - ]; - }; - }; - - networking.firewall = { - allowedTCPPorts = [ 53 ]; - allowedUDPPorts = [ 53 ]; - }; -} diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix deleted file mode 100644 index 2335ee0..0000000 --- a/hosts/alexandria/vaultwarden.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in -{ - services.vaultwarden = { - enable = true; - config = { - DOMAIN = "https://pass.baduhai.dev"; - SIGNUPS_ALLOWED = false; - ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = 58222; - }; - }; - - services.nginx.virtualHosts = mkNginxVHosts { - domains."pass.baduhai.dev".locations."/".proxyPass = - "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; - }; -} diff --git a/hosts/io/boot.nix b/hosts/io/boot.nix deleted file mode 100644 index 326f7dc..0000000 --- a/hosts/io/boot.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - boot = { - # TODO check if future kernel versions fix boot issue with systemd initrd with tpm - initrd.systemd.tpm2.enable = false; - kernelParams = [ - "nosgx" - "i915.fastboot=1" - "mem_sleep_default=deep" - ]; - extraModprobeConfig = '' - options snd-intel-dspcfg dsp_driver=3 - ''; - }; -} diff --git a/hosts/io/disko.nix b/hosts/io/disko.nix deleted file mode 100644 index 4e6c9d5..0000000 --- a/hosts/io/disko.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.disko.nixosModules.default ]; - - disko.devices.disk.main = { - type = "disk"; - device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689"; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - start = "1MiB"; - end = "1GiB"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot/efi"; - mountOptions = [ - "noatime" - "fmask=0077" - "dmask=0077" - ]; - }; - }; - cryptroot = { - priority = 2; - name = "root"; - size = "100%"; - content = { - type = "luks"; - name = "cryptroot"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "@root" = { - mountpoint = "/"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@root" - ]; - }; - "@home" = { - mountpoint = "/home"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@home" - ]; - }; - "@nix" = { - mountpoint = "/nix"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@nix" - ]; - }; - "@persistent" = { - mountpoint = "/persistent"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@persistent" - ]; - }; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/io/hardware-configuration.nix b/hosts/io/hardware-configuration.nix deleted file mode 100644 index 8e4dae4..0000000 --- a/hosts/io/hardware-configuration.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - config, - lib, - modulesPath, - inputs, - ... -}: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - initrd = { - availableKernelModules = [ - "xhci_pci" - "ahci" - "usb_storage" - "sd_mod" - "sdhci_pci" - ]; - }; - kernelModules = [ "kvm-intel" ]; - }; - - zramSwap = { - enable = true; - memoryPercent = 100; - }; - - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - - networking.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/io/programs.nix b/hosts/io/programs.nix deleted file mode 100644 index e272d22..0000000 --- a/hosts/io/programs.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ pkgs, ... }: - -let - cml-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs { - wttsrc = pkgs.fetchFromGitHub { - owner = "WeirdTreeThing"; - repo = "chromebook-ucm-conf"; - rev = "b6ce2a7"; - hash = "sha256-QRUKHd3RQmg1tnZU8KCW0AmDtfw/daOJ/H3XU5qWTCc="; - }; - postInstall = '' - echo "v0.4.1" > $out/chromebook.patched - cp -R $wttsrc/{common,codecs,platforms} $out/share/alsa/ucm2 - cp -R $wttsrc/{cml,sof-rt5682} $out/share/alsa/ucm2/conf.d - ''; - }; -in - -{ - environment = { - systemPackages = with pkgs; [ - maliit-keyboard - sof-firmware - ]; - sessionVariables.ALSA_CONFIG_UCM2 = "${cml-ucm-conf}/share/alsa/ucm2"; - }; -} diff --git a/hosts/io/services.nix b/hosts/io/services.nix deleted file mode 100644 index df41a6f..0000000 --- a/hosts/io/services.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ pkgs, ... }: - -{ - services = { - keyd = { - enable = true; - keyboards.main = { - ids = [ "0001:0001" ]; - settings = { - main = { - meta = "overload(meta, esc)"; - f1 = "back"; - f2 = "forward"; - f3 = "refresh"; - f4 = "M-f11"; - f5 = "M-w"; - f6 = "brightnessdown"; - f7 = "brightnessup"; - f8 = "timeout(mute, 200, micmute)"; - f9 = "play"; - f10 = "timeout(nextsong, 200, previoussong)"; - f13 = "delete"; - "102nd" = "layer(function)"; - }; - shift = { - leftshift = "capslock"; - rightshift = "capslock"; - }; - function = { - escape = "f1"; - f1 = "f2"; - f2 = "f3"; - f3 = "f4"; - f4 = "f5"; - f5 = "f6"; - f6 = "f7"; - f7 = "f8"; - f8 = "f9"; - f9 = "f10"; - f10 = "f11"; - f13 = "f12"; - y = "sysrq"; - k = "home"; - l = "pageup"; - "," = "end"; - "." = "pagedown"; - }; - }; - }; - }; - upower.enable = true; - power-profiles-daemon.enable = true; - }; - - # TODO: remove once gmodena/nix-flatpak/issues/45 fixed - systemd.services."flatpak-managed-install" = { - serviceConfig = { - ExecStartPre = "${pkgs.coreutils}/bin/sleep 5"; - }; - }; -} diff --git a/hosts/modules/ai.nix b/hosts/modules/ai.nix deleted file mode 100644 index b80ac38..0000000 --- a/hosts/modules/ai.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ inputs, pkgs, ... }: - -{ - environment.systemPackages = - (with pkgs; [claude-desktop]) ++ - (with inputs.nix-ai-tools.packages.${pkgs.system}; [ - claude-code - claudebox - opencode - ]); -} diff --git a/hosts/modules/bluetooth.nix b/hosts/modules/bluetooth.nix deleted file mode 100644 index fb6a06a..0000000 --- a/hosts/modules/bluetooth.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: - -{ - hardware.bluetooth.enable = true; -} diff --git a/hosts/modules/common/boot.nix b/hosts/modules/common/boot.nix deleted file mode 100644 index fbba278..0000000 --- a/hosts/modules/common/boot.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, ... }: - -{ - boot = { - loader = { - timeout = 1; - efi.canTouchEfiVariables = true; - systemd-boot = { - enable = true; - editor = false; - consoleMode = "max"; - sortKey = "aa"; - netbootxyz = { - enable = true; - sortKey = "zz"; - }; - }; - }; - }; -} diff --git a/hosts/modules/common/console.nix b/hosts/modules/common/console.nix deleted file mode 100644 index 9cb99d4..0000000 --- a/hosts/modules/common/console.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - console = { - useXkbConfig = true; - earlySetup = true; - }; -} diff --git a/hosts/modules/common/firewall.nix b/hosts/modules/common/firewall.nix deleted file mode 100644 index 910e803..0000000 --- a/hosts/modules/common/firewall.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - networking = { - firewall.enable = true; - nftables.enable = true; - }; -} diff --git a/hosts/modules/common/locale.nix b/hosts/modules/common/locale.nix deleted file mode 100644 index 1171a32..0000000 --- a/hosts/modules/common/locale.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ ... }: - -{ - time.timeZone = "America/Bahia"; - - i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocaleSettings = { - LC_ADDRESS = "pt_BR.utf8"; - LC_COLLATE = "pt_BR.utf8"; - LC_IDENTIFICATION = "pt_BR.utf8"; - LC_MEASUREMENT = "pt_BR.utf8"; - LC_MONETARY = "pt_BR.utf8"; - LC_NAME = "pt_BR.utf8"; - LC_NUMERIC = "pt_BR.utf8"; - LC_PAPER = "pt_BR.utf8"; - LC_TELEPHONE = "pt_BR.utf8"; - LC_TIME = "en_IE.utf8"; - }; - }; -} diff --git a/hosts/modules/common/nix.nix b/hosts/modules/common/nix.nix deleted file mode 100644 index 5ef9c4c..0000000 --- a/hosts/modules/common/nix.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; - - nix = { - settings = { - auto-optimise-store = true; - connect-timeout = 10; - log-lines = 25; - min-free = 128000000; - max-free = 1000000000; - trusted-users = [ "@wheel" ]; - }; - extraOptions = "experimental-features = nix-command flakes"; - gc = { - automatic = true; - options = "--delete-older-than 8d"; - }; - }; - - nixpkgs.config = { - allowUnfree = true; - enableParallelBuilding = true; - buildManPages = false; - buildDocs = false; - }; - - services.nixos-cli = { - enable = true; - config = { - use_nvd = true; - ignore_dirty_tree = true; - }; - }; - - system.stateVersion = "22.11"; -} diff --git a/hosts/modules/common/openssh.nix b/hosts/modules/common/openssh.nix deleted file mode 100644 index df70bdd..0000000 --- a/hosts/modules/common/openssh.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: - -{ - services.openssh = { - enable = true; - settings.PermitRootLogin = "no"; - extraConfig = '' - PrintLastLog no - ''; - }; -} diff --git a/hosts/modules/common/programs.nix b/hosts/modules/common/programs.nix deleted file mode 100644 index fd10953..0000000 --- a/hosts/modules/common/programs.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ lib, pkgs, ... }: - -{ - environment = { - systemPackages = with pkgs; [ - ### Dev Tools ### - git - ### System Utilities ### - btop - fastfetch - helix - nixos-firewall-tool - nvd - sysz - tmux - wget - yazi - ]; - shellAliases = { - cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; - ls = "${lib.getExe pkgs.eza} --icons --group-directories-first"; - tree = "ls --tree"; - }; - }; - - programs = { - command-not-found.enable = false; - fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - if set -q SSH_CONNECTION - export TERM=xterm-256color - clear - fastfetch - end - ''; - }; - }; -} diff --git a/hosts/modules/common/security.nix b/hosts/modules/common/security.nix deleted file mode 100644 index 33d4953..0000000 --- a/hosts/modules/common/security.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: - -{ - security = { - unprivilegedUsernsClone = true; # Needed for rootless podman - sudo = { - wheelNeedsPassword = false; - extraConfig = '' - Defaults lecture = never - ''; - }; - }; -} diff --git a/hosts/modules/common/services.nix b/hosts/modules/common/services.nix deleted file mode 100644 index 89ac527..0000000 --- a/hosts/modules/common/services.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: - -{ - services = { - dbus.implementation = "broker"; - irqbalance.enable = true; - fstrim.enable = true; - }; -} diff --git a/hosts/modules/common/tailscale.nix b/hosts/modules/common/tailscale.nix deleted file mode 100644 index 98bea97..0000000 --- a/hosts/modules/common/tailscale.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - services.tailscale = { - enable = true; - extraUpFlags = [ "--operator=user" ]; - }; -} diff --git a/hosts/modules/common/users.nix b/hosts/modules/common/users.nix deleted file mode 100644 index 7dd6490..0000000 --- a/hosts/modules/common/users.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ pkgs, ... }: - -{ - users.users = { - user = { - isNormalUser = true; - shell = pkgs.fish; - extraGroups = [ - "networkmanager" - "wheel" - ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" - ]; - hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; - }; - root = { - shell = pkgs.fish; - hashedPassword = "!"; - }; - }; -} diff --git a/hosts/modules/desktop/boot.nix b/hosts/modules/desktop/boot.nix deleted file mode 100644 index 0ac4847..0000000 --- a/hosts/modules/desktop/boot.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ pkgs, ... }: - -{ - boot = { - plymouth.enable = true; - initrd.systemd.enable = true; - loader.efi.efiSysMountPoint = "/boot/efi"; - kernelPackages = pkgs.linuxPackages_xanmod_latest; - extraModprobeConfig = '' - options bluetooth disable_ertm=1 - ''; - kernel.sysctl = { - "net.ipv4.tcp_mtu_probing" = 1; - }; - kernelParams = [ - "quiet" - "splash" - "i2c-dev" - "i2c-piix4" - "loglevel=3" - "udev.log_priority=3" - "rd.udev.log_level=3" - "rd.systemd.show_status=false" - ]; - }; -} diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix deleted file mode 100644 index 7510c02..0000000 --- a/hosts/modules/desktop/desktop.nix +++ /dev/null @@ -1,163 +0,0 @@ -{ - config, - inputs, - lib, - pkgs, - ... -}: - -{ - imports = [ - inputs.niri-flake.nixosModules.niri - inputs.nix-flatpak.nixosModules.nix-flatpak - ]; - - environment = { - sessionVariables = { - KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir - NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland - }; - systemPackages = with pkgs; [ - ### Web ### - bitwarden-desktop - fragments - nextcloud-client - tor-browser - vesktop - inputs.zen-browser.packages."${system}".default - ### Office & Productivity ### - aspell - aspellDicts.de - aspellDicts.en - aspellDicts.en-computers - aspellDicts.pt_BR - papers - presenterm - rnote - ### Graphics & Design ### - gimp - inkscape - plasticity - ### System Utilities ### - adwaita-icon-theme - ghostty - gnome-disk-utility - junction - libfido2 - mission-center - nautilus - p7zip - rclone - toggleaudiosink - unrar - ### Media ### - decibels - loupe - obs-studio - showtime - ]; - }; - - services = { - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - wireplumber.enable = true; - }; - greetd = { - enable = true; - settings = { - default_session = { - command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; - user = "greeter"; - }; - } - // lib.optionalAttrs (config.networking.hostName == "io") { - initial_session = { - command = "${config.programs.niri.package}/bin/niri-session"; - user = "user"; - }; - }; - }; - flatpak = { - enable = true; - packages = [ - ### Office & Productivity ### - "com.collabora.Office" - ### Graphics & Design ### - "com.boxy_svg.BoxySVG" - rec { - appId = "io.github.softfever.OrcaSlicer"; - sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; - bundle = "${pkgs.fetchurl { - url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; - inherit sha256; - }}"; - } - ### System Utilities ### - "com.github.tchx84.Flatseal" - "com.rustdesk.RustDesk" - ]; - uninstallUnmanaged = true; - update.auto.enable = true; - }; - gvfs.enable = true; - }; - - security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority - - users = { - users.greeter = { - isSystemUser = true; - group = "greeter"; - }; - groups.greeter = { }; - }; - - programs = { - niri = { - enable = true; - package = inputs.niri.packages.${pkgs.system}.niri; - }; - kdeconnect = { - enable = true; - package = pkgs.valent; - }; - dconf.enable = true; - appimage = { - enable = true; - binfmt = true; - }; - }; - - niri-flake.cache.enable = false; - - fonts = { - fontDir.enable = true; - packages = with pkgs; [ - corefonts - inter - nerd-fonts.fira-code - noto-fonts-cjk-sans - noto-fonts-color-emoji - roboto - ]; - }; - - xdg.portal = { - extraPortals = with pkgs; [ - xdg-desktop-portal-gnome - xdg-desktop-portal-gtk - ]; - config = { - common.default = "*"; - niri.default = [ - "gtk" - "gnome" - ]; - }; - }; -} diff --git a/hosts/modules/desktop/nix.nix b/hosts/modules/desktop/nix.nix deleted file mode 100644 index 54a3549..0000000 --- a/hosts/modules/desktop/nix.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ inputs, ... }: - -{ - environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; - - nix = { - registry.nixpkgs.flake = inputs.nixpkgs; - nixPath = [ - "nixpkgs=${inputs.nixpkgs}" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - }; -} diff --git a/hosts/modules/desktop/services.nix b/hosts/modules/desktop/services.nix deleted file mode 100644 index 66b78f1..0000000 --- a/hosts/modules/desktop/services.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ pkgs, ... }: - -{ - services = { - printing.enable = true; - udev.packages = with pkgs; [ yubikey-personalization ]; - keyd = { - enable = true; - keyboards.all = { - ids = [ "*" ]; - settings.main.capslock = "overload(meta, esc)"; - }; - }; - }; -} diff --git a/hosts/modules/dev.nix b/hosts/modules/dev.nix deleted file mode 100644 index d9c31f7..0000000 --- a/hosts/modules/dev.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ pkgs, ... }: - -{ - environment.systemPackages = with pkgs; [ - android-tools - bat - lazygit - fd - fzf - glow - nixfmt - nix-init - nix-output-monitor - ripgrep - ]; - - users.users.user.extraGroups = [ "adbusers" ]; -} diff --git a/hosts/modules/ephemeral.nix b/hosts/modules/ephemeral.nix deleted file mode 100644 index e962a89..0000000 --- a/hosts/modules/ephemeral.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ config, inputs, ... }: - -{ - imports = [ - inputs.impermanence.nixosModules.impermanence - inputs.self.nixosModules.ephemeral - ]; - - ephemeral = { - enable = true; - rootDevice = - if config.networking.hostName == "trantor" then - "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2" - else - "/dev/mapper/cryptroot"; - rootSubvolume = "@root"; - }; - - fileSystems."/persistent".neededForBoot = true; - - environment.persistence.main = { - persistentStoragePath = "/persistent"; - files = [ - "/etc/machine-id" - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_rsa_key.pub" - ]; - directories = [ - "/etc/NetworkManager/system-connections" - "/etc/nixos" - "/var/lib/bluetooth" - "/var/lib/flatpak" - "/var/lib/lxd" - "/var/lib/nixos" - "/var/lib/systemd/coredump" - "/var/lib/systemd/timers" - "/var/lib/tailscale" - "/var/log" - ]; - }; -} diff --git a/hosts/modules/fwupd.nix b/hosts/modules/fwupd.nix deleted file mode 100644 index 52dc13e..0000000 --- a/hosts/modules/fwupd.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: - -{ - services.fwupd.enable = true; -} diff --git a/hosts/modules/gaming.nix b/hosts/modules/gaming.nix deleted file mode 100644 index 0f00fe3..0000000 --- a/hosts/modules/gaming.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ pkgs, ... }: - -{ - environment.systemPackages = with pkgs; [ - clonehero - heroic - mangohud - prismlauncher - steam-run - ]; - - programs = { - steam = { - enable = true; - extraCompatPackages = [ pkgs.proton-ge-bin ]; - }; - gamemode.enable = true; - }; - - hardware = { - xpadneo.enable = true; - steam-hardware.enable = true; # Allow steam client to manage controllers - graphics.enable32Bit = true; # For OpenGL games - }; - - services.flatpak.packages = [ - "com.github.k4zmu2a.spacecadetpinball" - "com.steamgriddb.SGDBoop" - "io.github.Foldex.AdwSteamGtk" - "io.itch.itch" - "io.mrarm.mcpelauncher" - "net.retrodeck.retrodeck" - "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08" - rec { - appId = "com.hypixel.HytaleLauncher"; - sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv"; - bundle = "${pkgs.fetchurl { - url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak"; - inherit sha256; - }}"; - } - ]; -} diff --git a/hosts/modules/libvirtd.nix b/hosts/modules/libvirtd.nix deleted file mode 100644 index 6bd154f..0000000 --- a/hosts/modules/libvirtd.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ ... }: - -{ - virtualisation = { - libvirtd.enable = true; - spiceUSBRedirection.enable = true; - }; - - programs.virt-manager.enable = true; - - networking.firewall.trustedInterfaces = [ "virbr0" ]; - - users.users.user.extraGroups = [ - "libvirt" - "libvirtd" - ]; -} diff --git a/hosts/modules/networkmanager.nix b/hosts/modules/networkmanager.nix deleted file mode 100644 index 7634116..0000000 --- a/hosts/modules/networkmanager.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ ... }: - -{ - networking.networkmanager = { - enable = true; - wifi.backend = "iwd"; - }; - - users.users.user.extraGroups = [ "networkmanager" ]; -} diff --git a/hosts/modules/podman.nix b/hosts/modules/podman.nix deleted file mode 100644 index 99018cc..0000000 --- a/hosts/modules/podman.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ pkgs, ... }: - -{ - virtualisation.podman = { - enable = true; - autoPrune.enable = true; - extraPackages = [ pkgs.podman-compose ]; - }; - - systemd = { - services.podman-auto-update.enable = true; - timers.podman-auto-update.enable = true; - }; -} diff --git a/hosts/modules/server/boot.nix b/hosts/modules/server/boot.nix deleted file mode 100644 index 5d6e482..0000000 --- a/hosts/modules/server/boot.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ pkgs, ... }: - -{ - boot.kernelPackages = pkgs.linuxPackages_hardened; -} diff --git a/hosts/modules/server/nix.nix b/hosts/modules/server/nix.nix deleted file mode 100644 index af57cae..0000000 --- a/hosts/modules/server/nix.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ inputs, ... }: - -{ - environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; - - nix = { - registry.nixpkgs.flake = inputs.nixpkgs-stable; - nixPath = [ - "nixpkgs=/etc/channels/nixpkgs" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - }; -} diff --git a/hosts/modules/server/tailscale.nix b/hosts/modules/server/tailscale.nix deleted file mode 100644 index 1f105ba..0000000 --- a/hosts/modules/server/tailscale.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: - -{ - services.tailscale = { - extraSetFlags = [ "--advertise-exit-node" ]; - useRoutingFeatures = "server"; - }; - - boot.kernel.sysctl = { - "net.ipv4.ip_forward" = 1; - "net.ipv6.conf.all.forwarding" = 1; - }; -} diff --git a/hosts/rotterdam/boot.nix b/hosts/rotterdam/boot.nix deleted file mode 100644 index d038ede..0000000 --- a/hosts/rotterdam/boot.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ pkgs, ... }: - -let - qubesnsh = pkgs.writeTextFile { - name = "qubes.nsh"; - text = "HD1f65535a1:EFI\\qubes\\grubx64.efi"; - }; -in - -{ - boot = { - kernelParams = [ - "processor.max_cstate=1" # Fixes bug where ryzen cpus freeze when in highest C state - "clearcpuid=514" - "amdgpu.ppfeaturemask=0xfffd3fff" # Fixes amdgpu freezing - ]; - # QubesOS boot entry - loader.systemd-boot = { - extraFiles = { - "efi/edk2-shell/shell.efi" = "${pkgs.edk2-uefi-shell}/shell.efi"; - "qubes.nsh" = qubesnsh; - }; - extraEntries."qubes.conf" = '' - title Qubes OS - efi /efi/edk2-shell/shell.efi - options -nointerrupt qubes.nsh - sort-key ab - ''; - }; - }; -} diff --git a/hosts/rotterdam/hardware-configuration.nix b/hosts/rotterdam/hardware-configuration.nix deleted file mode 100644 index 169c53f..0000000 --- a/hosts/rotterdam/hardware-configuration.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ - config, - lib, - modulesPath, - ... -}: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - initrd = { - availableKernelModules = [ - "amdgpu" - "nvme" - "xhci_pci" - "ahci" - "usbhid" - "sd_mod" - ]; - luks.devices."cryptroot" = { - device = "/dev/disk/by-uuid/f7dd4142-7109-4493-834d-4a831777f08d"; - keyFile = "/dev/disk/by-partuuid/add5fc14-e20f-48be-8b2a-0799ef04d3cb"; - }; - }; - kernelModules = [ "kvm-amd" ]; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; - fsType = "btrfs"; - options = [ - "subvol=@root" - "noatime" - "compress=zstd" - ]; - }; - "/home" = { - device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; - fsType = "btrfs"; - options = [ - "subvol=@home" - "noatime" - "compress=zstd" - ]; - }; - "/boot/efi" = { - device = "/dev/disk/by-uuid/F2A2-CF5A"; - fsType = "vfat"; - options = [ - "noatime" - "fmask=0077" - "dmask=0077" - ]; - }; - "/nix" = { - device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; - fsType = "btrfs"; - options = [ - "subvol=@nix" - "noatime" - "compress=zstd" - ]; - }; - "/persistent" = { - device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; - fsType = "btrfs"; - options = [ - "subvol=@persistent" - "noatime" - "compress=zstd" - ]; - }; - }; - - networking.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/rotterdam/hardware.nix b/hosts/rotterdam/hardware.nix deleted file mode 100644 index 6f76e99..0000000 --- a/hosts/rotterdam/hardware.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: - -{ - hardware = { - amdgpu.opencl.enable = true; - graphics.extraPackages = with pkgs; [ rocmPackages.clr.icd ]; - }; -} diff --git a/hosts/rotterdam/programs.nix b/hosts/rotterdam/programs.nix deleted file mode 100644 index b4dcfd9..0000000 --- a/hosts/rotterdam/programs.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ pkgs, ... }: - -let - reboot-into-qubes = pkgs.makeDesktopItem { - name = "reboot-into-qubes"; - icon = pkgs.fetchurl { - url = "https://raw.githubusercontent.com/vinceliuice/Qogir-icon-theme/31f267e1f5fd4e9596bfd78dfb41a03d3a9f33ee/src/scalable/apps/distributor-logo-qubes.svg"; - sha256 = "sha256-QbHr7s5Wcs7uFtfqZctMyS0iDbMfiiZOKy2nHhDOfn0="; - }; - desktopName = "Qubes OS"; - genericName = "Reboot into Qubes OS"; - categories = [ "System" ]; - startupNotify = true; - exec = pkgs.writeShellScript "reboot-into-qubes" '' - ${pkgs.yad}/bin/yad --form \ - --title="Qubes OS" \ - --image distributor-logo-qubes \ - --text "Are you sure you want to reboot into Qubes OS?" \ - --button="Yes:0" --button="Cancel:1" - if [ $? -eq 0 ]; then - systemctl reboot --boot-loader-entry=qubes.conf - fi - ''; - }; -in - -{ - environment.systemPackages = [ reboot-into-qubes ]; - - programs.steam.dedicatedServer.openFirewall = true; -} diff --git a/hosts/rotterdam/services.nix b/hosts/rotterdam/services.nix deleted file mode 100644 index 0bf276f..0000000 --- a/hosts/rotterdam/services.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - services.keyd = { - enable = true; - keyboards.main = { - ids = [ "5653:0001" ]; - settings.main = { - esc = "overload(meta, esc)"; - }; - }; - }; -} diff --git a/hosts/trantor/boot.nix b/hosts/trantor/boot.nix deleted file mode 100644 index 0498818..0000000 --- a/hosts/trantor/boot.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - boot = { - initrd.systemd.enable = true; - loader.efi.efiSysMountPoint = "/boot/efi"; - }; -} diff --git a/hosts/trantor/disko.nix b/hosts/trantor/disko.nix deleted file mode 100644 index 0e47058..0000000 --- a/hosts/trantor/disko.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.disko.nixosModules.default ]; - - disko.devices.disk.main = { - type = "disk"; - device = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20"; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - start = "1MiB"; - end = "512MiB"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot/efi"; - mountOptions = [ - "noatime" - "fmask=0077" - "dmask=0077" - ]; - }; - }; - root = { - priority = 2; - name = "root"; - size = "100%"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "@root" = { - mountpoint = "/"; - mountOptions = [ - "noatime" - "compress=zstd" - ]; - }; - "@nix" = { - mountpoint = "/nix"; - mountOptions = [ - "noatime" - "compress=zstd" - ]; - }; - "@persistent" = { - mountpoint = "/persistent"; - mountOptions = [ - "noatime" - "compress=zstd" - ]; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/trantor/fail2ban.nix b/hosts/trantor/fail2ban.nix deleted file mode 100644 index bc05139..0000000 --- a/hosts/trantor/fail2ban.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, pkgs, ... }: - -{ - services.fail2ban = { - enable = true; - maxretry = 5; - ignoreIP = [ - "127.0.0.0/8" - "::1" - "10.0.0.0/8" - "172.16.0.0/12" - "192.168.0.0/16" - "100.64.0.0/10" - ]; - bantime = "1h"; - bantime-increment = { - enable = true; - multipliers = "1 2 4 8 16 32 64"; - maxtime = "10000h"; - overalljails = true; - }; - }; -} diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix deleted file mode 100644 index fdfa64a..0000000 --- a/hosts/trantor/forgejo.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in - -{ - services = { - forgejo = { - enable = true; - settings = { - session.COOKIE_SECURE = true; - server = { - PROTOCOL = "http+unix"; - DOMAIN = "git.baduhai.dev"; - ROOT_URL = "https://git.baduhai.dev"; - OFFLINE_MODE = true; # disable use of CDNs - SSH_DOMAIN = "git.baduhai.dev"; - }; - log.LEVEL = "Warn"; - mailer.ENABLED = false; - actions.ENABLED = false; - service.DISABLE_REGISTRATION = true; - oauth2_client = { - ENABLE_AUTO_REGISTRATION = true; - UPDATE_AVATAR = true; - ACCOUNT_LINKING = "login"; - USERNAME = "preferred_username"; - }; - }; - }; - nginx.virtualHosts = mkNginxVHosts { - domains."git.baduhai.dev".locations."/".proxyPass = - "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; - }; - fail2ban.jails.forgejo = { - settings = { - enabled = true; - filter = "forgejo"; - maxretry = 3; - findtime = "10m"; - bantime = "1h"; - }; - }; - }; - - environment = { - etc."fail2ban/filter.d/forgejo.conf".text = '' - [Definition] - failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from - ignoreregex = - journalmatch = _SYSTEMD_UNIT=forgejo.service - ''; - - persistence.main.directories = [ - { - directory = config.services.forgejo.stateDir; - inherit (config.services.forgejo) user group; - mode = "0700"; - } - ]; - }; - - # Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories - systemd.services.forgejo.serviceConfig.PrivateMounts = lib.mkForce false; -} diff --git a/hosts/trantor/hardware-configuration.nix b/hosts/trantor/hardware-configuration.nix deleted file mode 100644 index 039129e..0000000 --- a/hosts/trantor/hardware-configuration.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - lib, - modulesPath, - ... -}: - -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - boot.initrd.availableKernelModules = [ - "xhci_pci" - "virtio_pci" - "virtio_scsi" - "usbhid" - ]; - - networking.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; -} diff --git a/hosts/trantor/networking.nix b/hosts/trantor/networking.nix deleted file mode 100644 index 4dcbe1e..0000000 --- a/hosts/trantor/networking.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - networking = { - firewall = { - allowedTCPPorts = [ 25566 ]; - allowedUDPPorts = [ 25566 ]; - }; - }; -} diff --git a/hosts/trantor/nginx.nix b/hosts/trantor/nginx.nix deleted file mode 100644 index 56eed7c..0000000 --- a/hosts/trantor/nginx.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts services; - - # Get all unique domains from shared services on trantor (host = "trantor") - localDomains = lib.unique ( - map (s: s.domain) (lib.filter (s: s.host == "trantor") services) - ); - - # Generate ACME cert configs for all local domains - acmeCerts = lib.genAttrs localDomains (domain: { - group = "nginx"; - }); -in - -{ - security.acme = { - acceptTerms = true; - defaults = { - email = "baduhai@proton.me"; - dnsResolver = "1.1.1.1:53"; - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets.cloudflare.path; - }; - certs = acmeCerts; - }; - - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts = { - "_" = { - default = true; - locations."/".return = "444"; - }; - }; - }; - - users.users.nginx.extraGroups = [ "acme" ]; - - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; - - age.secrets.cloudflare = { - file = ../../secrets/cloudflare.age; - owner = "nginx"; - group = "nginx"; - }; -} diff --git a/hosts/trantor/openssh.nix b/hosts/trantor/openssh.nix deleted file mode 100644 index 704b3df..0000000 --- a/hosts/trantor/openssh.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ ... }: - -{ - services = { - openssh = { - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; - fail2ban.jails.sshd = { - settings = { - enabled = true; - port = "ssh"; - filter = "sshd"; - logpath = "/var/log/auth.log"; - maxretry = 3; - findtime = "10m"; - bantime = "1h"; - }; - }; - }; -} diff --git a/hosts/trantor/unbound.nix b/hosts/trantor/unbound.nix deleted file mode 100644 index 46808c6..0000000 --- a/hosts/trantor/unbound.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ inputs, lib, ... }: - -let - utils = import ../../utils.nix { inherit inputs lib; }; -in - -{ - services.unbound = { - enable = true; - enableRootTrustAnchor = true; - settings = { - server = { - interface = [ - "0.0.0.0" - "::" - ]; - access-control = [ - "127.0.0.0/8 allow" - "100.64.0.0/10 allow" # Tailscale CGNAT range - "::1/128 allow" - "fd7a:115c:a1e0::/48 allow" # Tailscale IPv6 - ]; - - num-threads = 2; - msg-cache-size = "50m"; - rrset-cache-size = "100m"; - cache-min-ttl = 300; - cache-max-ttl = 86400; - prefetch = true; - prefetch-key = true; - hide-identity = true; - hide-version = true; - so-rcvbuf = "1m"; - so-sndbuf = "1m"; - - # Tailnet DNS records from shared services - local-zone = ''"baduhai.dev." transparent''; - local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') utils.services; - }; - - forward-zone = [ - { - name = "."; - forward-addr = [ - "1.1.1.1@853#cloudflare-dns.com" - "1.0.0.1@853#cloudflare-dns.com" - ]; - forward-tls-upstream = true; - } - ]; - }; - }; - - networking.firewall = { - allowedTCPPorts = [ 53 ]; - allowedUDPPorts = [ 53 ]; - }; -} diff --git a/modules/ephemeral.nix b/modules/ephemeral.nix deleted file mode 100644 index 7403aac..0000000 --- a/modules/ephemeral.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ lib, config, ... }: - -let - cfg = config.ephemeral; -in -{ - options.ephemeral = { - enable = lib.mkEnableOption "ephemeral root with automatic rollback"; - - rootDevice = lib.mkOption { - type = lib.types.str; - example = "/dev/mapper/cryptroot"; - description = "Device path for the root btrfs filesystem"; - }; - - rootSubvolume = lib.mkOption { - type = lib.types.str; - example = "@root"; - description = "Name of the root btrfs subvolume"; - }; - - oldRootRetentionDays = lib.mkOption { - type = lib.types.int; - default = 30; - description = "Number of days to keep old root snapshots before deletion"; - }; - }; - - config = lib.mkIf cfg.enable { - boot.initrd.systemd.services.recreate-root = { - description = "Rolling over and creating new filesystem root"; - requires = [ "initrd-root-device.target" ]; - after = [ - "local-fs-pre.target" - "initrd-root-device.target" - ]; - requiredBy = [ "initrd-root-fs.target" ]; - before = [ "sysroot.mount" ]; - unitConfig = { - AssertPathExists = "/etc/initrd-release"; - DefaultDependencies = false; - }; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - set -euo pipefail - - mkdir /btrfs_tmp - if ! mount ${cfg.rootDevice} /btrfs_tmp; then - echo "ERROR: Failed to mount ${cfg.rootDevice}" - exit 1 - fi - - if [[ -e /btrfs_tmp/${cfg.rootSubvolume} ]]; then - mkdir -p /btrfs_tmp/old_roots - timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/${cfg.rootSubvolume})" "+%Y-%m-%-d_%H:%M:%S") - mv /btrfs_tmp/${cfg.rootSubvolume} "/btrfs_tmp/old_roots/$timestamp" - fi - - delete_subvolume_recursively() { - IFS=$'\n' - for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do - delete_subvolume_recursively "/btrfs_tmp/$i" - done - btrfs subvolume delete "$1" - } - - for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +${toString cfg.oldRootRetentionDays}); do - delete_subvolume_recursively "$i" - done - - if ! btrfs subvolume create /btrfs_tmp/${cfg.rootSubvolume}; then - echo "ERROR: Failed to create subvolume ${cfg.rootSubvolume}" - umount /btrfs_tmp - exit 1 - fi - - umount /btrfs_tmp - ''; - }; - }; -} diff --git a/modules/nix/agenix.nix b/modules/nix/agenix.nix new file mode 100644 index 0000000..bf7c3c2 --- /dev/null +++ b/modules/nix/agenix.nix @@ -0,0 +1,37 @@ +{ + self, + inputs, + ... +}: +{ + flake-file.inputs = { + agenix = { + url = "github:ryantm/agenix"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.home-manager.follows = "home-manager"; + }; + secrets = { + url = "path:./secrets"; + flake = false; + }; + }; + + flake.modules = { + nixos.secrets = + { pkgs, ... }: + { + imports = [ + inputs.agenix.nixosModules.default + ]; + environment.systemPackages = [ inputs.agenix.packages.${pkgs.stdenv.hostPlatform.system}.default ]; + }; + + # homeManager.secrets = + # { pkgs, ... }: + # { + # imports = [ + # inputs.agenix.homeManagerModules.default + # ]; + # }; + }; +} diff --git a/modules/nix/dendritic-tools.nix b/modules/nix/dendritic-tools.nix new file mode 100644 index 0000000..134cd20 --- /dev/null +++ b/modules/nix/dendritic-tools.nix @@ -0,0 +1,25 @@ +{ + inputs, + ... +}: +{ + flake-file.inputs = { + flake-parts.url = "github:hercules-ci/flake-parts"; + flake-file.url = "github:vic/flake-file"; + import-tree.url = "github:vic/import-tree"; + }; + + imports = [ + inputs.flake-parts.flakeModules.modules + inputs.flake-file.flakeModules.default + ]; + + flake-file.outputs = '' + inputs: inputs.flake-parts.lib.mkFlake { inherit inputs; } (inputs.import-tree ./modules) + ''; + + systems = [ + "aarch64-linux" + "x86_64-linux" + ]; +} diff --git a/modules/nix/factory.nix b/modules/nix/factory.nix new file mode 100644 index 0000000..427e055 --- /dev/null +++ b/modules/nix/factory.nix @@ -0,0 +1,12 @@ +{ + lib, + ... +}: +{ + # factory: storage for factory aspect functions + + options.flake.factory = lib.mkOption { + type = lib.types.attrsOf lib.types.unspecified; + default = { }; + }; +} diff --git a/modules/nix/home-manager.nix b/modules/nix/home-manager.nix new file mode 100644 index 0000000..819bc34 --- /dev/null +++ b/modules/nix/home-manager.nix @@ -0,0 +1,36 @@ +{ + inputs, + config, + ... +}: + +let + home-manager-config = + { lib, ... }: + { + home-manager = { + verbose = false; + useUserPackages = true; + useGlobalPkgs = true; + backupFileExtension = "backup"; + backupCommand = "rm"; + overwriteBackup = true; + }; + }; +in + +{ + flake-file.inputs = { + home-manager = { + url = "github:nix-community/home-manager/master"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + flake.modules.nixos.home-manager = { + imports = [ + inputs.home-manager.nixosModules.home-manager + home-manager-config + ]; + }; +} diff --git a/modules/nix/impermanence.nix b/modules/nix/impermanence.nix new file mode 100644 index 0000000..31d4a21 --- /dev/null +++ b/modules/nix/impermanence.nix @@ -0,0 +1,54 @@ +{ inputs, ... }: + +{ + flake-file.inputs = { + impermanence.url = "github:nix-community/impermanence"; + }; + + # convenience function to set persistence settings only, if impermanence module was imported + flake.lib = { + mkIfPersistence = + config: settings: + if config ? home then + (if config.home ? persistence then settings else { }) + else + (if config.environment ? persistence then settings else { }); + }; + + flake.modules.nixos.impermanence = + { config, ... }: + { + imports = [ + inputs.impermanence.nixosModules.impermanence + ]; + + environment.persistence."/persistent" = { + hideMounts = true; + directories = [ + "/var/log" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + "/etc/NetworkManager/system-connections" + ]; + files = [ + "/etc/machine-id" + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + ]; + }; + + # home-manager.sharedModules = [ + # { + # home.persistence."/persistent" = { + # }; + # } + # ]; + + fileSystems."/persistent".neededForBoot = true; + + programs.fuse.userAllowOther = true; + }; + +} diff --git a/modules/nix/lib.nix b/modules/nix/lib.nix new file mode 100644 index 0000000..b1a3fa3 --- /dev/null +++ b/modules/nix/lib.nix @@ -0,0 +1,34 @@ +{ + inputs, + lib, + ... +}: +{ + # Helper functions for creating system & home-manager configurations + + options.flake.lib = lib.mkOption { + type = lib.types.attrsOf lib.types.unspecified; + default = { }; + }; + + config.flake.lib = { + mkNixos = system: name: { + ${name} = inputs.nixpkgs.lib.nixosSystem { + modules = [ + inputs.self.modules.nixos.${name} + { nixpkgs.hostPlatform = lib.mkDefault system; } + ]; + }; + }; + + mkHomeManager = system: name: { + ${name} = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = inputs.nixpkgs.legacyPackages.${system}; + modules = [ + inputs.self.modules.homeManager.${name} + { nixpkgs.config.allowUnfree = true; } + ]; + }; + }; + }; +} diff --git a/modules/nix/pkgs-by-name.nix b/modules/nix/pkgs-by-name.nix new file mode 100644 index 0000000..533c549 --- /dev/null +++ b/modules/nix/pkgs-by-name.nix @@ -0,0 +1,42 @@ +{ + inputs, + withSystem, + ... +}: +{ + flake-file.inputs = { + pkgs-by-name-for-flake-parts.url = "github:drupol/pkgs-by-name-for-flake-parts"; + packages = { + url = "path:./packages"; + flake = false; + }; + }; + + imports = [ + inputs.pkgs-by-name-for-flake-parts.flakeModule + ]; + + perSystem = + { system, ... }: + { + pkgsDirectory = inputs.packages; + }; + + flake = { + overlays.default = _final: prev: { + local = withSystem prev.stdenv.hostPlatform.system ({ config, ... }: config.packages); + }; + + modules.generic.pkgs-by-name = + { pkgs, ... }: + { + nixpkgs.overlays = [ + inputs.self.overlays.default + ]; + nixpkgs-stable.overlays = [ + inputs.self.overlays.default + ]; + }; + }; + +} diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix deleted file mode 100644 index 8367438..0000000 --- a/nixosConfigurations.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ inputs, ... }: -let - lib = inputs.nixpkgs.lib; - utils = import ./utils.nix { inherit inputs lib; }; - inherit (utils) mkHost; -in -{ - flake.nixosConfigurations = { - rotterdam = mkHost { - hostname = "rotterdam"; - tags = [ - "desktop" - "ai" - "bluetooth" - "dev" - "ephemeral" - "fwupd" - "gaming" - "libvirtd" - "networkmanager" - "podman" - ]; - }; - - io = mkHost { - hostname = "io"; - tags = [ - "desktop" - "ai" - "bluetooth" - "dev" - "ephemeral" - "libvirtd" - "networkmanager" - "podman" - ]; - }; - - alexandria = mkHost { - hostname = "alexandria"; - tags = [ - "server" - "fwupd" - ]; - }; - - trantor = mkHost { - hostname = "trantor"; - system = "aarch64-linux"; - tags = [ - "server" - "ephemeral" - ]; - }; - }; -} diff --git a/nixosModules.nix b/nixosModules.nix deleted file mode 100644 index 5fd416b..0000000 --- a/nixosModules.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: - -{ - flake.nixosModules = { - ephemeral = import ./modules/ephemeral.nix; - }; -} diff --git a/overlays.nix b/overlays.nix deleted file mode 100644 index b8f807f..0000000 --- a/overlays.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ inputs, ... }: - -{ - flake.overlays = { - default = final: prev: { - base16-schemes = inputs.self.packages.${final.system}.base16-schemes; - claude-desktop = inputs.self.packages.${final.system}.claude-desktop; - fastfetch = inputs.self.packages.${final.system}.fastfetch; - hm-cli = inputs.self.packages.${final.system}.hm-cli; - kwrite = inputs.self.packages.${final.system}.kwrite; - toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; - }; - }; -} diff --git a/packages.nix b/packages.nix deleted file mode 100644 index bf0319e..0000000 --- a/packages.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ inputs, ... }: - -{ - perSystem = - { system, ... }: - let - pkgs = import inputs.nixpkgs { - inherit system; - config.allowUnfree = true; - }; - in - { - packages = { - base16-schemes = pkgs.callPackage ./packages/base16-schemes.nix { }; - claude-desktop = pkgs.callPackage ./packages/claude-desktop.nix { }; - fastfetch = pkgs.callPackage ./packages/fastfetch.nix { }; - hm-cli = pkgs.callPackage ./packages/hm-cli.nix { }; - kwrite = pkgs.callPackage ./packages/kwrite.nix { }; - toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; - }; - }; -} diff --git a/packages/base16-schemes.nix b/packages/base16-schemes.nix deleted file mode 100644 index ffd6c04..0000000 --- a/packages/base16-schemes.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - lib, - stdenv, - fetchFromGitHub, -}: -stdenv.mkDerivation (finalAttrs: { - pname = "base16-schemes"; - version = "0-unstable-2025-06-04"; - - src = fetchFromGitHub { - owner = "tinted-theming"; - repo = "schemes"; - rev = "317a5e10c35825a6c905d912e480dfe8e71c7559"; - hash = "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM="; - }; - - installPhase = '' - runHook preInstall - - mkdir -p $out/share/themes/ - install base16/*.yaml $out/share/themes/ - - runHook postInstall - ''; - - meta = { - description = "All the color schemes for use in base16 packages"; - homepage = "https://github.com/tinted-theming/schemes"; - maintainers = [ lib.maintainers.DamienCassou ]; - license = lib.licenses.mit; - }; -}) diff --git a/packages/claude-desktop.nix b/packages/claude-desktop.nix deleted file mode 100644 index e72fc37..0000000 --- a/packages/claude-desktop.nix +++ /dev/null @@ -1,221 +0,0 @@ -{ - lib, - stdenv, - fetchurl, - makeWrapper, - makeDesktopItem, - copyDesktopItems, - p7zip, - unzip, - electron, - nodejs, - asar, - graphicsmagick, -}: - -let - pname = "claude-desktop"; - version = "1.0.1768"; # Updated based on extracted nupkg - - srcs.x86_64-linux = fetchurl { - url = "https://downloads.claude.ai/releases/win32/x64/1.0.1768/Claude-67d01376d0e9d08b328455f6db9e63b0d603506a.exe"; - hash = "sha256-x76Qav38ya3ObpWIq3dDowo79LgvVquMfaZeH8M1LUk=;"; - }; - - src = - srcs.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); - - # Stub implementation for claude-native module - claudeNativeStub = '' - // Stub implementation of claude-native using KeyboardKey enum values - const KeyboardKey = { - Backspace: 43, Tab: 280, Enter: 261, Shift: 272, Control: 61, Alt: 40, - CapsLock: 56, Escape: 85, Space: 276, PageUp: 251, PageDown: 250, - End: 83, Home: 154, LeftArrow: 175, UpArrow: 282, RightArrow: 262, - DownArrow: 81, Delete: 79, Meta: 187 - }; - Object.freeze(KeyboardKey); - module.exports = { - getWindowsVersion: () => "10.0.0", - setWindowEffect: () => {}, - removeWindowEffect: () => {}, - getIsMaximized: () => false, - flashFrame: () => {}, - clearFlashFrame: () => {}, - showNotification: () => {}, - setProgressBar: () => {}, - clearProgressBar: () => {}, - setOverlayIcon: () => {}, - clearOverlayIcon: () => {}, - KeyboardKey - }; - ''; - -in -stdenv.mkDerivation rec { - inherit pname version src; - - nativeBuildInputs = [ - makeWrapper - copyDesktopItems - p7zip - unzip - nodejs - graphicsmagick - ]; - - buildInputs = [ - electron - ]; - - desktopItems = [ - (makeDesktopItem { - name = "claude-desktop"; - desktopName = "Claude"; - comment = "AI assistant from Anthropic"; - exec = "claude-desktop %u"; - icon = "claude-desktop"; - categories = [ - "Network" - "Chat" - "Office" - ]; - mimeTypes = [ "x-scheme-handler/claude" ]; - startupNotify = true; - startupWMClass = "Claude"; - }) - ]; - - unpackPhase = '' - runHook preUnpack - - # Extract the Windows installer - use -y to auto-overwrite - 7z x -y $src -o./extracted - - # The installer contains a NuGet package - if [ -f ./extracted/AnthropicClaude-*-full.nupkg ]; then - echo "Found NuGet package, extracting..." - # NuGet packages are just zip files - unzip -q ./extracted/AnthropicClaude-*-full.nupkg -d ./nupkg - - # Extract app.asar to modify it - if [ -f ./nupkg/lib/net45/resources/app.asar ]; then - echo "Extracting app.asar..." - ${asar}/bin/asar extract ./nupkg/lib/net45/resources/app.asar ./app - - # Also copy the unpacked resources - if [ -d ./nupkg/lib/net45/resources/app.asar.unpacked ]; then - cp -r ./nupkg/lib/net45/resources/app.asar.unpacked/* ./app/ - fi - - # Copy additional resources - mkdir -p ./app/resources - mkdir -p ./app/resources/i18n - cp ./nupkg/lib/net45/resources/Tray* ./app/resources/ || true - cp ./nupkg/lib/net45/resources/*-*.json ./app/resources/i18n/ || true - fi - else - echo "NuGet package not found" - ls -la ./extracted/ - exit 1 - fi - - runHook postUnpack - ''; - - buildPhase = '' - runHook preBuild - - # Replace the Windows-specific claude-native module with a stub - if [ -d ./app/node_modules/claude-native ]; then - echo "Replacing claude-native module with Linux stub..." - rm -rf ./app/node_modules/claude-native/*.node - cat > ./app/node_modules/claude-native/index.js << 'EOF' - ${claudeNativeStub} - EOF - fi - - # Fix the title bar detection (from aaddrick script) - echo "Fixing title bar detection..." - SEARCH_BASE="./app/.vite/renderer/main_window/assets" - if [ -d "$SEARCH_BASE" ]; then - TARGET_FILE=$(find "$SEARCH_BASE" -type f -name "MainWindowPage-*.js" | head -1) - if [ -n "$TARGET_FILE" ]; then - echo "Found target file: $TARGET_FILE" - # Replace patterns like 'if(!VAR1 && VAR2)' with 'if(VAR1 && VAR2)' - sed -i -E 's/if\(!([a-zA-Z]+)[[:space:]]*&&[[:space:]]*([a-zA-Z]+)\)/if(\1 \&\& \2)/g' "$TARGET_FILE" - echo "Title bar fix applied" - fi - fi - - runHook postBuild - ''; - - installPhase = '' - runHook preInstall - - mkdir -p $out/lib/claude-desktop - - # Repack the modified app as app.asar - cd ./app - ${asar}/bin/asar pack . ../app.asar - cd .. - - # Copy resources - mkdir -p $out/lib/claude-desktop/resources - cp ./app.asar $out/lib/claude-desktop/resources/ - - # Create app.asar.unpacked directory with the stub - mkdir -p $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native - cat > $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native/index.js << 'EOF' - ${claudeNativeStub} - EOF - - # Copy other resources - if [ -d ./nupkg/lib/net45/resources ]; then - cp ./nupkg/lib/net45/resources/*.png $out/lib/claude-desktop/resources/ 2>/dev/null || true - cp ./nupkg/lib/net45/resources/*.ico $out/lib/claude-desktop/resources/ 2>/dev/null || true - cp ./nupkg/lib/net45/resources/*.json $out/lib/claude-desktop/resources/ 2>/dev/null || true - fi - - # Create wrapper script - makeWrapper ${electron}/bin/electron $out/bin/claude-desktop \ - --add-flags "$out/lib/claude-desktop/resources/app.asar" \ - --set DISABLE_AUTOUPDATER 1 \ - --set NODE_ENV production - - # Extract and install icons in multiple sizes - if [ -f ./extracted/setupIcon.ico ]; then - echo "Converting and installing icons..." - # Count frames in the ICO file and extract each one - frame_count=$(gm identify ./extracted/setupIcon.ico | wc -l) - for i in $(seq 0 $((frame_count - 1))); do - gm convert "./extracted/setupIcon.ico[$i]" "./extracted/setupIcon-$i.png" 2>/dev/null || true - done - - # Loop through converted icons and install them by size - for img in ./extracted/setupIcon-*.png; do - if [ -f "$img" ]; then - size=$(gm identify -format "%wx%h" "$img") - # Skip smallest icons (16x16 and 32x32) as they're too low quality - if [ "$size" != "16x16" ] && [ "$size" != "32x32" ]; then - mkdir -p "$out/share/icons/hicolor/$size/apps" - cp "$img" "$out/share/icons/hicolor/$size/apps/claude-desktop.png" - fi - fi - done - fi - - runHook postInstall - ''; - - meta = with lib; { - description = "Claude Desktop - AI assistant from Anthropic"; - homepage = "https://claude.ai"; - license = licenses.unfree; - sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; - maintainers = with maintainers; [ ]; - platforms = [ "x86_64-linux" ]; - mainProgram = "claude-desktop"; - }; -} diff --git a/packages/fastfetch.nix b/packages/fastfetch.nix deleted file mode 100644 index fa8e0ea..0000000 --- a/packages/fastfetch.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ - lib, - pkgs ? import { }, -}: - -let - fastfetch-logo = pkgs.fetchurl { - url = "https://discourse.nixos.org/uploads/default/original/3X/3/6/36954e6d6aa32c8b00f50ca43f142d898c1ff535.png"; - hash = "sha256-aLHz8jSAFocrn+Pb4vRq0wtkYFJpBpZRevd+VoZC/PQ="; - }; - - fastfetch-config = pkgs.writeText "fastfetch-config.json" ( - builtins.toJSON { - "$schema" = "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json"; - modules = [ - "title" - "separator" - { - type = "os"; - keyWidth = 9; - } - { - type = "kernel"; - keyWidth = 9; - } - { - type = "uptime"; - keyWidth = 9; - } - { - type = "shell"; - keyWidth = 9; - } - "break" - { - type = "cpu"; - keyWidth = 11; - } - { - type = "memory"; - keyWidth = 11; - } - { - type = "swap"; - keyWidth = 11; - } - { - type = "disk"; - folders = "/"; - keyWidth = 11; - } - { - type = "command"; - key = "Systemd"; - keyWidth = 11; - text = "echo \"$(systemctl list-units --state=failed --no-legend | wc -l) failed units, $(systemctl list-jobs --no-legend | wc -l) queued jobs\""; - } - "break" - { - type = "command"; - key = "Public IP"; - keyWidth = 15; - text = "curl -s -4 ifconfig.me 2>/dev/null || echo 'N/A'"; - } - { - type = "command"; - key = "Tailscale IP"; - keyWidth = 15; - text = "tailscale ip -4 2>/dev/null || echo 'N/A'"; - } - { - type = "command"; - key = "Local IP"; - keyWidth = 15; - text = "ip -4 addr show scope global | grep inet | head -n1 | awk '{print $2}' | cut -d/ -f1"; - } - ]; - } - ); -in -pkgs.writeShellScriptBin "fastfetch" ''exec ${lib.getExe pkgs.fastfetch} --config ${fastfetch-config} --logo-type kitty --logo ${fastfetch-logo} --logo-padding-right 1 --logo-width 36 "$@" '' diff --git a/packages/hm-cli.nix b/packages/hm-cli.nix deleted file mode 100644 index f6034ea..0000000 --- a/packages/hm-cli.nix +++ /dev/null @@ -1,105 +0,0 @@ -{ - pkgs ? import { }, -}: - -pkgs.writeShellScriptBin "hm" '' - set -e - - HM="${pkgs.lib.getExe pkgs.home-manager}" - FLAKE_PATH="''${HM_PATH:-$HOME/.config/home-manager}" - FLAKE_OUTPUT="''${HM_USER:-$(whoami)@$(hostname)}" - - show_usage() { - cat < [args] - - Commands: - apply Switch to a new generation - generation list List all generations - generation delete ID... Delete specified generation(s) - generation rollback Rollback to the previous generation - generation switch ID Switch to the specified generation - generation cleanup Delete all but the current generation - - Environment Variables: - HM_PATH Override default flake path (~/.config/home-manager) - Currently set to "''${HM_PATH:-}" - HM_USER Override default user output ("$(whoami)@$(hostname)") - Currently set to "''${HM_USER:-}" - EOF - } - - if [[ $# -eq 0 ]]; then - show_usage - exit 1 - fi - - case "$1" in - apply) - "$HM" switch --flake "$FLAKE_PATH#$FLAKE_OUTPUT" -b bkp - ;; - generation) - if [[ $# -lt 2 ]]; then - echo "Error: generation command requires a subcommand" - show_usage - exit 1 - fi - - case "$2" in - list) - "$HM" generations - ;; - delete) - if [[ $# -lt 3 ]]; then - echo "Error: delete requires at least one generation ID" - exit 1 - fi - shift 2 - "$HM" remove-generations "$@" - ;; - rollback) - PREV_GEN=$("$HM" generations | \ - sed -n 's/^[[:space:]]*id \([0-9]\+\).*/\1/p' | \ - head -n 2 | tail -n 1) - if [[ -z "$PREV_GEN" ]]; then - echo "Error: could not determine previous generation (possibly only one generation exists)" - exit 1 - fi - "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$PREV_GEN" -b bkp - ;; - switch) - if [[ $# -ne 3 ]]; then - echo "Error: switch requires exactly one generation ID" - exit 1 - fi - "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$3" -b bkp - ;; - cleanup) - CURRENT_GEN=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .* (current)$/\1/p') - if [[ -z "$CURRENT_GEN" ]]; then - echo "Error: could not determine current generation" - exit 1 - fi - OLD_GENS=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .*/\1/p' | grep -v "^$CURRENT_GEN$") - if [[ -z "$OLD_GENS" ]]; then - echo "No old generations to delete" - else - echo "Deleting generations: $(echo $OLD_GENS | tr '\n' ' ')" - echo "$OLD_GENS" | xargs "$HM" remove-generations - echo "Cleanup complete. Current generation $CURRENT_GEN preserved." - fi - ;; - *) - echo "Error: unknown generation subcommand '$2'" - show_usage - exit 1 - ;; - esac - ;; - *) - echo "Error: unknown command '$1'" - show_usage - exit 1 - ;; - esac -'' diff --git a/readme.md b/readme.md deleted file mode 100644 index a2b815f..0000000 --- a/readme.md +++ /dev/null @@ -1,87 +0,0 @@ -# Nix Configuration - -My personal Nix configuration for multiple NixOS hosts, home-manager users, miscellaneous resources... too many things to list. If I could put my life in a flake I would. - -## Hosts - -### Desktop Systems -- **rotterdam** - Main desktop workstation (x86_64) - - Features: Desktop, AI tools, Bluetooth, Dev environment, Gaming, Virtualization (libvirtd), Podman - - Storage: Ephemeral root with LUKS encryption - -- **io** - Laptop workstation (x86_64) - - Features: Desktop, AI tools, Bluetooth, Dev environment, Podman - - Storage: Ephemeral root with LUKS encryption - -### Servers -- **alexandria** - Home server (x86_64) - - Hosts: Nextcloud, Vaultwarden, Jellyfin, Kanidm - -- **trantor** - Cloud server (aarch64) - - Hosts: Forgejo - - Cloud provider: Oracle Cloud Infrastructure - - Storage: Ephemeral root with btrfs - -## Home Manager Configurations - -- **user@rotterdam** - Full desktop setup with gaming, OBS, and complete development environment -- **user@io** - Lightweight desktop setup - -Both configurations include: -- btop, direnv, helix, starship, tmux -- Stylix theme management -- Fish shell with custom configurations - -## Terranix Configurations - -Infrastructure as code using Terranix (NixOS + Terraform/OpenTofu): - -- **oci-trantor** - Oracle Cloud Infrastructure provisioning for Trantor server -- **cloudflare-baduhaidev** - DNS and CDN configuration for baduhai.dev domain -- **tailscale-tailnet** - Tailscale network ACL and device management - -## Services - -All services are accessible via custom domains under baduhai.dev: - -- **Kanidm** (auth.baduhai.dev) - Identity and access management -- **Vaultwarden** (pass.baduhai.dev) - Password manager -- **Forgejo** (git.baduhai.dev) - Git forge (publicly accessible) -- **Nextcloud** (cloud.baduhai.dev) - File sync and collaboration -- **Jellyfin** (jellyfin.baduhai.dev) - Media server - -Services are accessible via: -- LAN for alexandria-hosted services -- Tailscale VPN for all services -- Public internet for Forgejo only - -## Notable Features - -### Ephemeral Root -Rotterdam, io, and trantor use an ephemeral root filesystem that resets on every boot: -- Root filesystem is automatically rolled back using btrfs snapshots -- Old snapshots retained for 30 days -- Persistent data stored in dedicated subvolumes -- Implements truly stateless systems - -### Custom DNS Architecture -- Unbound DNS servers on both alexandria and trantor -- Service routing based on visibility flags (public/LAN/Tailscale) -- Split-horizon DNS for optimal access paths - -### Security -- LUKS full-disk encryption on desktop systems -- Fail2ban on public-facing servers -- agenix for secrets management -- Tailscale for secure remote access - -### Desktop Environment -- Custom Niri window manager (Wayland compositor) -- Using forked version with auto-centering feature -- Stylix for consistent theming - -### Development Setup -- Nix flakes for reproducible builds -- deploy-rs for automated deployments -- Podman for containerization -- Complete AI tooling integration diff --git a/shared/services.nix b/shared/services.nix deleted file mode 100644 index 1173b3b..0000000 --- a/shared/services.nix +++ /dev/null @@ -1,43 +0,0 @@ -# Shared service definitions for cross-host configuration -{ - # Host IP definitions - hosts = { - alexandria = { - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - }; - trantor = { - tailscaleIP = "100.108.5.90"; - }; - }; - - # Service definitions - IPs are inherited from host - services = [ - { - name = "kanidm"; - domain = "auth.baduhai.dev"; - host = "alexandria"; - } - { - name = "vaultwarden"; - domain = "pass.baduhai.dev"; - host = "alexandria"; - } - { - name = "forgejo"; - domain = "git.baduhai.dev"; - host = "trantor"; - public = true; - } - { - name = "nextcloud"; - domain = "cloud.baduhai.dev"; - host = "alexandria"; - } - { - name = "jellyfin"; - domain = "jellyfin.baduhai.dev"; - host = "alexandria"; - } - ]; -} diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix deleted file mode 100644 index 1b456f3..0000000 --- a/terranix/cloudflare/baduhai.dev.nix +++ /dev/null @@ -1,86 +0,0 @@ -# Required environment variables: -# CLOUDFLARE_API_TOKEN - API token with "Edit zone DNS" permissions -# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage -# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage - -{ config, lib, ... }: - -let - inherit (import ../../shared/services.nix) services; - - # Helper to extract subdomain from full domain (e.g., "git.baduhai.dev" -> "git") - getSubdomain = domain: lib.head (lib.splitString "." domain); - - # Generate DNS records for services - # Public services point to trantor's public IP - # Private services point to their tailscale IP - mkServiceRecords = lib.listToAttrs ( - lib.imap0 ( - i: svc: - let - subdomain = getSubdomain svc.domain; - targetIP = - if svc.public or false then - config.data.terraform_remote_state.trantor "outputs.instance_public_ip" - else - svc.tailscaleIP; - in - { - name = "service_${toString i}"; - value = { - zone_id = config.variable.zone_id.default; - name = subdomain; - type = "A"; - content = targetIP; - proxied = false; - ttl = 3600; - }; - } - ) services - ); -in - -{ - terraform.required_providers.cloudflare = { - source = "cloudflare/cloudflare"; - version = "~> 5.0"; - }; - - terraform.backend.s3 = { - bucket = "terraform-state"; - key = "cloudflare/baduhai.dev.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - - variable = { - zone_id = { - default = "c63a8332fdddc4a8e5612ddc54557044"; - type = "string"; - }; - }; - - data = { - terraform_remote_state.trantor = { - backend = "s3"; - config = { - bucket = "terraform-state"; - key = "oci/trantor.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - }; - }; - - resource.cloudflare_dns_record = mkServiceRecords; -} diff --git a/terranix/cloudflare/kernelpanic.space.nix b/terranix/cloudflare/kernelpanic.space.nix deleted file mode 100644 index e69de29..0000000 diff --git a/terranix/oci/terminus.nix b/terranix/oci/terminus.nix deleted file mode 100644 index e69de29..0000000 diff --git a/terranix/oci/trantor.nix b/terranix/oci/trantor.nix deleted file mode 100644 index 170ad04..0000000 --- a/terranix/oci/trantor.nix +++ /dev/null @@ -1,258 +0,0 @@ -# Required environment variables: -# instead of OCI variables, ~/.oci/config may also be used -# OCI_TENANCY_OCID - Oracle tenancy OCID (or use TF_VAR_* to override variables) -# OCI_USER_OCID - Oracle user OCID -# OCI_FINGERPRINT - API key fingerprint -# OCI_PRIVATE_KEY_PATH - Path to OCI API private key -# AWS variables are required -# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage -# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage - -{ config, ... }: - -{ - terraform.required_providers.oci = { - source = "oracle/oci"; - version = "~> 7.0"; - }; - - provider.oci.region = "sa-saopaulo-1"; - - terraform.backend.s3 = { - bucket = "terraform-state"; - key = "oci/trantor.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - - variable = { - tenancy_ocid = { - default = "ocid1.tenancy.oc1..aaaaaaaap3vfdz4piygqza6e6zqunbcuso43ddqfo3ydmpmnomidyghh7rvq"; - type = "string"; - }; - - compartment_name = { - default = "trantor"; - type = "string"; - }; - - vcn_cidr = { - default = "10.0.0.0/24"; - type = "string"; - }; - - instance_name = { - default = "trantor"; - type = "string"; - }; - - ssh_public_keys = { - default = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" - ]; - type = "list(string)"; - }; - }; - - data = { - oci_identity_availability_domains.ads = { - compartment_id = config.variable.tenancy_ocid.default; - }; - - oci_core_images.ubuntu_arm = { - compartment_id = config.variable.tenancy_ocid.default; - operating_system = "Canonical Ubuntu"; - operating_system_version = "24.04"; - shape = "VM.Standard.A1.Flex"; - sort_by = "TIMECREATED"; - sort_order = "DESC"; - }; - }; - - resource = { - oci_identity_compartment.trantor = { - compartment_id = config.variable.tenancy_ocid.default; - description = "trantor infrastructure compartment"; - name = config.variable.compartment_name.default; - }; - - oci_core_vcn.vcn = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - cidr_blocks = [ config.variable.vcn_cidr.default ]; - display_name = "trantor-vcn"; - dns_label = "trantor"; - }; - - oci_core_internet_gateway.ig = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - vcn_id = config.resource.oci_core_vcn.vcn "id"; - display_name = "trantor-ig"; - enabled = true; - }; - - oci_core_route_table.rt = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - vcn_id = config.resource.oci_core_vcn.vcn "id"; - display_name = "trantor-rt"; - - route_rules = [ - { - network_entity_id = config.resource.oci_core_internet_gateway.ig "id"; - destination = "0.0.0.0/0"; - destination_type = "CIDR_BLOCK"; - } - ]; - }; - - oci_core_security_list.sl = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - vcn_id = config.resource.oci_core_vcn.vcn "id"; - display_name = "trantor-sl"; - - egress_security_rules = [ - { - destination = "0.0.0.0/0"; - protocol = "all"; - stateless = false; - } - ]; - - ingress_security_rules = [ - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 22; - max = 22; - }; - } - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 80; - max = 80; - }; - } - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 443; - max = 443; - }; - } - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 25565; - max = 25565; - }; - } - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 19132; - max = 19133; - }; - } - { - protocol = "17"; # UDP - source = "0.0.0.0/0"; - stateless = false; - udp_options = { - min = 19132; - max = 19133; - }; - } - ]; - }; - - oci_core_subnet.subnet = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - vcn_id = config.resource.oci_core_vcn.vcn "id"; - cidr_block = config.variable.vcn_cidr.default; - display_name = "trantor-subnet"; - dns_label = "subnet"; - route_table_id = config.resource.oci_core_route_table.rt "id"; - security_list_ids = [ (config.resource.oci_core_security_list.sl "id") ]; - prohibit_public_ip_on_vnic = false; - }; - - oci_core_instance.trantor = { - availability_domain = config.data.oci_identity_availability_domains.ads "availability_domains[0].name"; - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - display_name = config.variable.instance_name.default; - shape = "VM.Standard.A1.Flex"; - - shape_config = { - ocpus = 2; - memory_in_gbs = 12; - }; - - source_details = { - source_type = "image"; - source_id = config.data.oci_core_images.ubuntu_arm "images[0].id"; - boot_volume_size_in_gbs = 100; - }; - - create_vnic_details = { - subnet_id = config.resource.oci_core_subnet.subnet "id"; - display_name = "trantor-vnic"; - assign_public_ip = true; - hostname_label = config.variable.instance_name.default; - }; - - metadata = { - ssh_authorized_keys = builtins.concatStringsSep "\n" config.variable.ssh_public_keys.default; - }; - - preserve_boot_volume = false; - }; - - oci_budget_budget.trantor_budget = { - compartment_id = config.variable.tenancy_ocid.default; - targets = [ (config.resource.oci_identity_compartment.trantor "id") ]; - amount = 1; - reset_period = "MONTHLY"; - display_name = "trantor-budget"; - description = "Monthly budget for trantor compartment"; - target_type = "COMPARTMENT"; - }; - - oci_budget_alert_rule.daily_spend_alert = { - budget_id = config.resource.oci_budget_budget.trantor_budget "id"; - type = "ACTUAL"; - threshold = 5; - threshold_type = "PERCENTAGE"; - display_name = "daily-spend-alert"; - recipients = "baduhai@proton.me"; - description = "Alert when daily spending exceeds $0.05"; - message = "Daily spending has exceeded $0.05 in the trantor compartment"; - }; - }; - - output = { - compartment_id = { - value = config.resource.oci_identity_compartment.trantor "id"; - }; - - instance_public_ip = { - value = config.resource.oci_core_instance.trantor "public_ip"; - }; - }; -} diff --git a/terranix/tailscale/tailnet.nix b/terranix/tailscale/tailnet.nix deleted file mode 100644 index 929e79b..0000000 --- a/terranix/tailscale/tailnet.nix +++ /dev/null @@ -1,43 +0,0 @@ -# Required environment variables: -# TAILSCALE_API_KEY - Tailscale API key with appropriate permissions -# TAILSCALE_TAILNET - Your tailnet name (e.g., "user@example.com" or "example.org.github") -# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage -# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage - -{ config, ... }: - -{ - terraform.required_providers.tailscale = { - source = "tailscale/tailscale"; - version = "~> 0.17"; - }; - - terraform.backend.s3 = { - bucket = "terraform-state"; - key = "tailscale/tailnet.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - - variable = { - trantor_tailscale_ip = { - default = "100.108.5.90"; - type = "string"; - }; - }; - - resource = { - tailscale_dns_nameservers.global = { - nameservers = [ - config.variable.trantor_tailscale_ip.default - "1.1.1.1" - "1.0.0.1" - ]; - }; - }; -} diff --git a/terranixConfigurations.nix b/terranixConfigurations.nix deleted file mode 100644 index 12c90d1..0000000 --- a/terranixConfigurations.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ - inputs.terranix.flakeModule - ]; - - perSystem = - { pkgs, ... }: - - { - terranix.terranixConfigurations = { - oci-trantor = { - modules = [ ./terranix/oci/trantor.nix ]; - terraformWrapper.package = pkgs.opentofu; - }; - cloudflare-baduhaidev = { - modules = [ ./terranix/cloudflare/baduhai.dev.nix ]; - terraformWrapper.package = pkgs.opentofu; - }; - tailscale-tailnet = { - modules = [ ./terranix/tailscale/tailnet.nix ]; - terraformWrapper.package = pkgs.opentofu; - }; - }; - }; -} diff --git a/users/modules/btop.nix b/users/modules/btop.nix deleted file mode 100644 index c19c4bb..0000000 --- a/users/modules/btop.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ pkgs, ... }: - -{ - programs.btop = { - enable = true; - settings = { - theme_background = false; - proc_sorting = "cpu direct"; - update_ms = 500; - }; - }; -} \ No newline at end of file diff --git a/users/modules/comma.nix b/users/modules/comma.nix deleted file mode 100644 index 0aad530..0000000 --- a/users/modules/comma.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.nix-index-database.homeModules.nix-index ]; - - programs.nix-index-database.comma.enable = true; -} diff --git a/users/modules/common/bash.nix b/users/modules/common/bash.nix deleted file mode 100644 index a5a0823..0000000 --- a/users/modules/common/bash.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: - -{ - programs.bash = { - enable = true; - historyFile = "~/.cache/bash_history"; - }; -} \ No newline at end of file diff --git a/users/modules/common/fish.nix b/users/modules/common/fish.nix deleted file mode 100644 index c753297..0000000 --- a/users/modules/common/fish.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ pkgs, lib, ... }: - -{ - programs.fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - ${lib.getExe pkgs.nix-your-shell} fish | source - ''; - loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; - plugins = [ - { - name = "bang-bang"; - src = pkgs.fetchFromGitHub { - owner = "oh-my-fish"; - repo = "plugin-bang-bang"; - rev = "f969c618301163273d0a03d002614d9a81952c1e"; - sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; - }; - } - { - name = "z"; - src = pkgs.fetchFromGitHub { - owner = "jethrokuan"; - repo = "z"; - rev = "067e867debee59aee231e789fc4631f80fa5788e"; - sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU="; - }; - } - ]; - }; -} diff --git a/users/modules/common/hm-cli.nix b/users/modules/common/hm-cli.nix deleted file mode 100644 index d2ed715..0000000 --- a/users/modules/common/hm-cli.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, ... }: - -{ - home = { - packages = with pkgs; [ hm-cli ]; - sessionVariables = { - HM_PATH = "/etc/nixos"; - }; - }; -} diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix deleted file mode 100644 index fd3d306..0000000 --- a/users/modules/desktop/desktop.nix +++ /dev/null @@ -1,134 +0,0 @@ -{ - inputs, - pkgs, - ... -}: - -{ - imports = [ inputs.vicinae.homeManagerModules.default ]; - - fonts.fontconfig.enable = true; - - home.packages = with pkgs; [ xwayland-satellite ]; - - services.vicinae = { - enable = true; - systemd = { - enable = true; - autoStart = true; - }; - }; - - programs = { - ghostty = { - enable = true; - settings = { - cursor-style = "block"; - shell-integration-features = "no-cursor"; - cursor-style-blink = false; - custom-shader = "${builtins.fetchurl { - url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; - sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; - }}"; - bell-features = ""; - gtk-titlebar-style = "tabs"; - keybind = [ "shift+enter=text:\\x1b\\r" ]; - }; - }; - - password-store = { - enable = true; - package = pkgs.pass-wayland; - }; - }; - - xdg = { - enable = true; - userDirs.enable = true; - mimeApps = { - enable = true; - defaultApplications = { - "text/html" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/http" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/https" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/about" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/unknown" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "image/jpeg" = "org.gnome.Loupe.desktop"; - "image/png" = "org.gnome.Loupe.desktop"; - "image/gif" = "org.gnome.Loupe.desktop"; - "image/webp" = "org.gnome.Loupe.desktop"; - "image/bmp" = "org.gnome.Loupe.desktop"; - "image/svg+xml" = "org.gnome.Loupe.desktop"; - "image/tiff" = "org.gnome.Loupe.desktop"; - "video/mp4" = "io.bassi.Showtime.desktop"; - "video/x-matroska" = "io.bassi.Showtime.desktop"; - "video/webm" = "io.bassi.Showtime.desktop"; - "video/mpeg" = "io.bassi.Showtime.desktop"; - "video/x-msvideo" = "io.bassi.Showtime.desktop"; - "video/quicktime" = "io.bassi.Showtime.desktop"; - "video/x-flv" = "io.bassi.Showtime.desktop"; - "audio/mpeg" = "io.bassi.Showtime.desktop"; - "audio/flac" = "io.bassi.Showtime.desktop"; - "audio/ogg" = "io.bassi.Showtime.desktop"; - "audio/wav" = "io.bassi.Showtime.desktop"; - "audio/mp4" = "io.bassi.Showtime.desktop"; - "audio/x-opus+ogg" = "io.bassi.Showtime.desktop"; - "application/pdf" = [ - "org.gnome.Papers.desktop" - "zen-browser.desktop" - ]; - "text/plain" = "Helix.desktop"; - "text/markdown" = "Helix.desktop"; - "text/x-log" = "Helix.desktop"; - "application/x-shellscript" = "Helix.desktop"; - "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = - "com.collabora.Office.desktop"; # DOCX - "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = - "com.collabora.Office.desktop"; # XLSX - "application/vnd.openxmlformats-officedocument.presentationml.presentation" = - "com.collabora.Office.desktop"; # PPTX - "application/vnd.oasis.opendocument.text" = "com.collabora.Office.desktop"; # ODT - "application/vnd.oasis.opendocument.spreadsheet" = "com.collabora.Office.desktop"; # ODS - "application/vnd.oasis.opendocument.presentation" = "com.collabora.Office.desktop"; # ODP - "application/msword" = "com.collabora.Office.desktop"; # DOC - "application/vnd.ms-excel" = "com.collabora.Office.desktop"; # XLS - "application/vnd.ms-powerpoint" = "com.collabora.Office.desktop"; # PPT - "application/zip" = "org.gnome.FileRoller.desktop"; - "application/x-tar" = "org.gnome.FileRoller.desktop"; - "application/x-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-bzip-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-xz-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-7z-compressed" = "org.gnome.FileRoller.desktop"; - "application/x-rar" = "org.gnome.FileRoller.desktop"; - "application/gzip" = "org.gnome.FileRoller.desktop"; - "application/x-bzip" = "org.gnome.FileRoller.desktop"; - "inode/directory" = "org.gnome.Nautilus.desktop"; - }; - }; - }; - - # Set Ghostty as default terminal - home.sessionVariables = { - TERMINAL = "ghostty"; - }; -} diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix deleted file mode 100644 index 0cb5db8..0000000 --- a/users/modules/desktop/niri.nix +++ /dev/null @@ -1,229 +0,0 @@ -{ - inputs, - lib, - pkgs, - hostname ? null, - ... -}: - -let - isRotterdam = hostname == "rotterdam"; -in - -{ - imports = [ inputs.noctalia.homeModules.default ]; - - services.kanshi = { - enable = true; - settings = [ - { - profile.name = "default"; - profile.outputs = [ - { - criteria = "*"; - scale = 1.0; - } - ]; - } - ]; - }; - - home = { - packages = with pkgs; [ - xwayland-satellite - inputs.noctalia.packages.${pkgs.system}.default - ]; - sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; - }; - - xdg.configFile."niri/config.kdl".text = '' - input { - keyboard { - xkb { - layout "us" - variant "altgr-intl" - } - } - touchpad { - tap - dwt - drag true - drag-lock - natural-scroll - accel-speed 0.2 - accel-profile "flat" - scroll-method "two-finger" - middle-emulation - } - mouse { - natural-scroll - accel-speed 0.2 - accel-profile "flat" - } - warp-mouse-to-focus mode="center-xy" - focus-follows-mouse - } - - layout { - gaps 8 - center-focused-column "never" - auto-center-when-space-available - preset-column-widths { - ${ - if isRotterdam then - '' - proportion 0.33333 - proportion 0.5 - proportion 0.66667 - '' - else - '' - proportion 0.5 - proportion 1.0 - '' - } - } - default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } - focus-ring { - off - } - border { - width 4 - active-color "#ffc87f" - inactive-color "#505050" - urgent-color "#9b0000" - } - tab-indicator { - width 4 - gap 4 - place-within-column - } - } - - overview { - zoom 0.65 - } - - spawn-at-startup "noctalia-shell" "-d" - layer-rule { - match namespace="^wallpaper$" - place-within-backdrop true - } - layer-rule { - match namespace="^quickshell-overview$" - place-within-backdrop true - } - - hotkey-overlay { - skip-at-startup - } - - prefer-no-csd - screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" - - animations { - slowdown 0.3 - } - - window-rule { - match app-id="zen" - default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; } - } - - window-rule { - geometry-corner-radius 12 - clip-to-geometry true - } - - config-notification { - disable-failed - } - - binds { - Alt+Space repeat=false { spawn "vicinae" "toggle"; } - XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; } - XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; } - XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; } - XF86MonBrightnessUp allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "increase"; } - XF86MonBrightnessDown allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "decrease"; } - XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; } - XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } - XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } - XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } - Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; } - Mod+Shift+L repeat=false { spawn "noctalia-shell" "ipc" "call" "lockScreen" "lock"; } - Mod+Return { spawn "ghostty"; } - Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } - Mod+W repeat=false { toggle-overview; } - Mod+Q { close-window; } - Alt+Shift+Q { close-window;} - Mod+Shift+Q { close-window; } - Alt+F4 { close-window; } - Mod+Left { focus-column-left; } - Mod+Down { focus-window-or-workspace-down; } - Mod+Up { focus-window-or-workspace-up; } - Mod+Right { focus-column-right; } - Mod+H { focus-column-left; } - Mod+L { focus-column-right; } - Mod+J { focus-window-or-workspace-down; } - Mod+K { focus-window-or-workspace-up; } - Mod+Ctrl+Left { move-column-left; } - Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } - Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } - Mod+Ctrl+Right { move-column-right; } - Mod+Ctrl+H { move-column-left; } - Mod+Ctrl+J { move-window-down-or-to-workspace-down; } - Mod+Ctrl+K { move-window-up-or-to-workspace-up; } - Mod+Ctrl+L { move-column-right; } - Mod+Home { focus-column-first; } - Mod+End { focus-column-last; } - Mod+Ctrl+Home { move-column-to-first; } - Mod+Ctrl+End { move-column-to-last; } - Mod+Alt+Left { focus-monitor-left; } - Mod+Alt+Down { focus-monitor-down; } - Mod+Alt+Up { focus-monitor-up; } - Mod+Alt+Right { focus-monitor-right; } - Mod+Alt+H { focus-monitor-left; } - Mod+Alt+J { focus-monitor-down; } - Mod+Alt+K { focus-monitor-up; } - Mod+Alt+L { focus-monitor-right; } - Mod+Alt+Ctrl+Left { move-column-to-monitor-left; } - Mod+Alt+Ctrl+Down { move-column-to-monitor-down; } - Mod+Alt+Ctrl+Up { move-column-to-monitor-up; } - Mod+Alt+Ctrl+Right { move-column-to-monitor-right; } - Mod+Alt+Ctrl+H { move-column-to-monitor-left; } - Mod+Alt+Ctrl+J { move-column-to-monitor-down; } - Mod+Alt+Ctrl+K { move-column-to-monitor-up; } - Mod+Alt+Ctrl+L { move-column-to-monitor-right; } - Mod+Ctrl+U { move-workspace-down; } - Mod+Ctrl+I { move-workspace-up; } - Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; } - Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; } - Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; } - Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; } - Mod+Shift+WheelScrollDown { focus-column-right; } - Mod+Shift+WheelScrollUp { focus-column-left; } - Mod+Ctrl+Shift+WheelScrollDown { move-column-right; } - Mod+Ctrl+Shift+WheelScrollUp { move-column-left; } - Mod+BracketLeft { consume-or-expel-window-left; } - Mod+BracketRight { consume-or-expel-window-right; } - Mod+Comma { consume-window-into-column; } - Mod+Period { expel-window-from-column; } - Mod+R { switch-preset-column-width; } - Mod+F { maximize-column; } - Mod+Ctrl+F { fullscreen-window; } - Mod+C { center-visible-columns; } - Mod+Ctrl+C { center-column; } - Mod+Space { toggle-window-floating; } - Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; } - Mod+T { toggle-column-tabbed-display; } - Print { screenshot-screen; } - Mod+Print { screenshot; } - Ctrl+Print { screenshot-window; } - Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } - Mod+Alt+E { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } - Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } - Mod+Ctrl+P { power-off-monitors; } - } - ''; -} diff --git a/users/modules/direnv.nix b/users/modules/direnv.nix deleted file mode 100644 index c91d0af..0000000 --- a/users/modules/direnv.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: - -{ - programs.direnv = { - enable = true; - nix-direnv.enable = true; - }; -} \ No newline at end of file diff --git a/users/modules/gaming.nix b/users/modules/gaming.nix deleted file mode 100644 index 48825ab..0000000 --- a/users/modules/gaming.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, ... }: - -{ - programs.mangohud = { - enable = true; - enableSessionWide = true; - settings = { - position = "top-left"; - fps = true; - frametime = false; - frame_timing = false; - gpu_stats = true; - gpu_temp = true; - gpu_power = true; - cpu_stats = true; - cpu_temp = true; - cpu_power = true; - ram = true; - vram = true; - gamemode = false; - vkbasalt = false; - version = false; - engine_version = false; - vulkan_driver = false; - wine = false; - time = false; - fps_sampling_period = 500; - toggle_hud = "Shift_L+F12"; - toggle_logging = "Ctrl_L+F2"; - output_folder = "${config.home.homeDirectory}/.local/share/mangohud"; - }; - }; -} diff --git a/users/modules/helix.nix b/users/modules/helix.nix deleted file mode 100644 index a72ead3..0000000 --- a/users/modules/helix.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ pkgs, ... }: - -{ - home.sessionVariables = { - EDITOR = "hx"; - }; - - programs.helix = { - enable = true; - settings = { - editor = { - file-picker.hidden = false; - idle-timeout = 0; - line-number = "relative"; - cursor-shape = { - normal = "underline"; - insert = "bar"; - select = "underline"; - }; - soft-wrap.enable = true; - auto-format = true; - indent-guides.render = true; - }; - keys.normal = { - space = { - o = "file_picker_in_current_buffer_directory"; - esc = [ - "collapse_selection" - "keep_primary_selection" - ]; - }; - }; - }; - languages = { - language = [ - { - name = "nix"; - auto-format = true; - formatter.command = "nixfmt"; - } - { - name = "typst"; - auto-format = true; - formatter.command = "typstyle -c 1000 -i"; - } - ]; - }; - }; -} diff --git a/users/modules/obs-studio.nix b/users/modules/obs-studio.nix deleted file mode 100644 index 67e3b8b..0000000 --- a/users/modules/obs-studio.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ pkgs, ... }: - -{ - programs.obs-studio = { - enable = true; - plugins = [ - pkgs.obs-studio-plugins.obs-vkcapture - pkgs.obs-studio-plugins.obs-backgroundremoval - pkgs.obs-studio-plugins.obs-pipewire-audio-capture - ]; - }; - -} diff --git a/users/modules/starship.nix b/users/modules/starship.nix deleted file mode 100644 index c836c51..0000000 --- a/users/modules/starship.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ pkgs, ... }: - -{ - programs.starship = { - enable = true; - enableBashIntegration = true; - enableFishIntegration = true; - settings = { - add_newline = false; - format = '' - $hostname$directory$git_branch$git_status$nix_shell - [ ❯ ](bold green) - ''; - right_format = "$cmd_duration$character"; - hostname = { - ssh_symbol = "󰖟 "; - }; - character = { - error_symbol = "[](red)"; - success_symbol = "[󱐋](green)"; - }; - cmd_duration = { - format = "[󰄉 $duration ]($style)"; - style = "yellow"; - min_time = 500; - }; - git_branch = { - symbol = " "; - style = "purple"; - }; - git_status.style = "red"; - nix_shell = { - format = "via [$symbol$state]($style)"; - heuristic = true; - style = "blue"; - symbol = "󱄅 "; - }; - }; - }; -} diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix deleted file mode 100644 index f1c7e44..0000000 --- a/users/modules/stylix.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ - config, - inputs, - pkgs, - ... -}: - -{ - imports = [ - inputs.stylix.homeModules.stylix - inputs.zen-browser.homeModules.beta - ]; - - stylix = { - enable = true; - polarity = "dark"; - base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyodark.yaml"; - cursor = { - package = pkgs.kdePackages.breeze; - name = "breeze_cursors"; - size = 24; - }; - icons = { - enable = true; - package = pkgs.morewaita-icon-theme; - light = "MoreWaita"; - dark = "MoreWaita"; - }; - opacity = { - applications = 1.0; - desktop = 0.8; - popups = config.stylix.opacity.desktop; - terminal = 1.0; - }; - fonts = { - serif = { - package = pkgs.source-serif; - name = "Source Serif 4 Display"; - }; - sansSerif = { - package = pkgs.inter; - name = "Inter"; - }; - monospace = { - package = pkgs.nerd-fonts.fira-code; - name = "FiraCode Nerd Font"; - }; - emoji = { - package = pkgs.noto-fonts-color-emoji; - name = "Noto Color Emoji"; - }; - sizes = { - applications = 10; - desktop = config.stylix.fonts.sizes.applications; - popups = config.stylix.fonts.sizes.applications; - terminal = 12; - }; - }; - targets.zen-browser = { - enable = true; - profileNames = [ "william" ]; - }; - }; - - programs.zen-browser = { - enable = true; - profiles.william = { }; - }; -} diff --git a/users/modules/tmux.nix b/users/modules/tmux.nix deleted file mode 100644 index 4268e7a..0000000 --- a/users/modules/tmux.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ pkgs, ... }: - -{ - programs.tmux = { - enable = true; - clock24 = true; - terminal = "xterm-256color"; - mouse = true; - keyMode = "vi"; - }; -} \ No newline at end of file diff --git a/users/user/git.nix b/users/user/git.nix deleted file mode 100644 index 9c1fb20..0000000 --- a/users/user/git.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, ... }: - -{ - programs = { - git = { - enable = true; - settings.user = { - name = "William"; - email = "baduhai@proton.me"; - }; - }; - diff-so-fancy = { - enable = true; - enableGitIntegration = true; - }; - }; -} diff --git a/utils.nix b/utils.nix deleted file mode 100644 index e65837c..0000000 --- a/utils.nix +++ /dev/null @@ -1,233 +0,0 @@ -{ inputs, lib }: - -let - inherit (inputs) - self - nixpkgs - nixpkgs-stable - home-manager - agenix - ; - - # Import shared service definitions - sharedServices = import ./shared/services.nix; - - # Enrich services with host IP information - enrichedServices = builtins.map (svc: - let - hostInfo = sharedServices.hosts.${svc.host} or {}; - in - svc // lib.optionalAttrs (hostInfo ? lanIP) { inherit (hostInfo) lanIP; } - // lib.optionalAttrs (hostInfo ? tailscaleIP) { inherit (hostInfo) tailscaleIP; } - ) sharedServices.services; -in - -{ - # Re-export enriched services and hosts for use in host configs - services = enrichedServices; - inherit (sharedServices) hosts; - # Tag-based host configuration system - mkHost = - { - hostname, - tags ? [ ], - system ? "x86_64-linux", - extraModules ? [ ], - }: - let - # Validate that server and desktop tags are mutually exclusive - hasServer = builtins.elem "server" tags; - hasDesktop = builtins.elem "desktop" tags; - - # Always include "common" tag implicitly - allTags = - if hasServer && hasDesktop then - throw "Error: 'server' and 'desktop' tags are mutually exclusive for host '${hostname}'" - else - [ "common" ] ++ tags; - - # Choose nixpkgs based on server tag - pkgs = if builtins.elem "server" allTags then nixpkgs-stable else nixpkgs; - - # Tag-specific modules: each tag can be either: - # 1. A file: hosts/modules/${tag}.nix - # 2. A directory: hosts/modules/${tag}/*.nix (all .nix files imported) - tagModuleFiles = builtins.concatMap ( - tag: - let - filePath = ./hosts/modules/${tag}.nix; - dirPath = ./hosts/modules/${tag}; - in - # Check if it's a file first - if builtins.pathExists filePath then - [ filePath ] - # Then check if it's a directory - else if builtins.pathExists dirPath then - let - entries = builtins.readDir dirPath; - nixFiles = pkgs.lib.filterAttrs ( - name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name - ) entries; - in - map (name: dirPath + "/${name}") (builtins.attrNames nixFiles) - else - [ ] - ) allTags; - - # Automatically import all .nix files from hosts/${hostname}/ - hostModulePath = ./hosts/${hostname}; - hostModuleFiles = - if builtins.pathExists hostModulePath then - let - entries = builtins.readDir hostModulePath; - nixFiles = pkgs.lib.filterAttrs ( - name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name && name != "${hostname}.nix" - ) entries; - in - map (name: hostModulePath + "/${name}") (builtins.attrNames nixFiles) - else - [ ]; - - # Combine all modules - allModules = [ - agenix.nixosModules.default - { - networking.hostName = hostname; - nix.nixPath = [ "nixos-config=${self.outPath}/nixosConfigurations/${hostname}" ]; - nixpkgs.overlays = [ - agenix.overlays.default - self.overlays.default - ]; - } - ] - ++ tagModuleFiles - ++ hostModuleFiles - ++ extraModules; - in - pkgs.lib.nixosSystem { - inherit system; - specialArgs = { - inherit inputs; - hostTags = allTags; - }; - modules = allModules; - }; - - # Tag-based user configuration system - mkHome = - { - username, - hostname ? null, - homeDirectory ? "/home/${username}", - tags ? [ ], - extraModules ? [ ], - }: - let - pkgs = nixpkgs.legacyPackages.x86_64-linux; - - # Always include "common" tag implicitly - allTags = [ "common" ] ++ tags; - - # Tag-specific modules: each tag maps to users/modules/${tag}.nix if it exists - tagModuleFiles = builtins.concatMap ( - tag: - let - filePath = ./users/modules/${tag}.nix; - dirPath = ./users/modules/${tag}; - in - # Check if it's a file first - if builtins.pathExists filePath then - [ filePath ] - # Then check if it's a directory - else if builtins.pathExists dirPath then - let - entries = builtins.readDir dirPath; - nixFiles = pkgs.lib.filterAttrs ( - name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name - ) entries; - in - map (name: dirPath + "/${name}") (builtins.attrNames nixFiles) - else - [ ] - ) allTags; - - # Automatically import all .nix files from users/${username}/ - userModulePath = ./users/${username}; - userModuleFiles = - if builtins.pathExists userModulePath then - let - entries = builtins.readDir userModulePath; - nixFiles = pkgs.lib.filterAttrs ( - name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name - ) entries; - in - map (name: userModulePath + "/${name}") (builtins.attrNames nixFiles) - else - [ ]; - - # Combine all modules - allModules = [ - { - home = { - inherit username homeDirectory; - stateVersion = "22.05"; - }; - } - ] - ++ tagModuleFiles - ++ userModuleFiles - ++ extraModules; - in - home-manager.lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { - inherit inputs hostname; - userTags = allTags; - }; - modules = allModules ++ [ - { - nixpkgs.overlays = [ self.overlays.default ]; - } - ]; - }; - - # Nginx virtual host utilities - mkNginxVHosts = - { domains }: - let - # Extract domain name and apply it as useACMEHost - mkVHostConfig = domain: config: - lib.recursiveUpdate { - useACMEHost = domain; - forceSSL = true; - kTLS = true; - } config; - in - lib.mapAttrs mkVHostConfig domains; - - # Split DNS utilities for unbound - # Generates unbound view config from a list of DNS entries - mkSplitDNS = - entries: - let - # Generate local-data entries for all domains - tailscaleData = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') entries; - lanData = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') entries; - in - [ - # Single Tailscale view with all domains - { - name = "tailscale"; - view-first = true; - local-zone = ''"baduhai.dev." transparent''; - local-data = tailscaleData; - } - # Single LAN view with all domains - { - name = "lan"; - view-first = true; - local-zone = ''"baduhai.dev." transparent''; - local-data = lanData; - } - ]; -} From dd3f08827a18a8386899ad76433448232285b368 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 14:34:11 -0300 Subject: [PATCH 02/75] niri overview wallpaper --- users/modules/desktop/niri.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 0cb5db8..58a7aaf 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -106,11 +106,7 @@ in spawn-at-startup "noctalia-shell" "-d" layer-rule { - match namespace="^wallpaper$" - place-within-backdrop true - } - layer-rule { - match namespace="^quickshell-overview$" + match namespace="^noctalia-overview*" place-within-backdrop true } From 2c2eba13997184aaea74ba58b25175940fe2de83 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 14:34:47 -0300 Subject: [PATCH 03/75] stylix: everything should be opaque --- users/modules/stylix.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix index f1c7e44..6b34e43 100644 --- a/users/modules/stylix.nix +++ b/users/modules/stylix.nix @@ -28,7 +28,7 @@ }; opacity = { applications = 1.0; - desktop = 0.8; + desktop = 1.0; popups = config.stylix.opacity.desktop; terminal = 1.0; }; From b94d17d05d18aa9ddc00759f79cf344077d4d04f Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:05 -0300 Subject: [PATCH 04/75] add aspects/constants.nix Defines flake options for hosts, services, and lib utilities. Services are automatically enriched with host IP information. Co-Authored-By: Claude Opus 4.5 --- aspects/constants.nix | 166 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 166 insertions(+) create mode 100644 aspects/constants.nix diff --git a/aspects/constants.nix b/aspects/constants.nix new file mode 100644 index 0000000..633cff6 --- /dev/null +++ b/aspects/constants.nix @@ -0,0 +1,166 @@ +{ lib, config, ... }: + +let + # Host submodule type + hostType = lib.types.submodule { + options = { + lanIP = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "LAN IP address for the host"; + }; + tailscaleIP = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Tailscale IP address for the host"; + }; + }; + }; + + # Service submodule type + serviceType = lib.types.submodule { + options = { + name = lib.mkOption { + type = lib.types.str; + description = "Service name"; + }; + domain = lib.mkOption { + type = lib.types.str; + description = "Domain name for the service"; + }; + host = lib.mkOption { + type = lib.types.str; + description = "Host where the service runs"; + }; + public = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether the service is publicly accessible"; + }; + lanIP = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "LAN IP address (inherited from host)"; + }; + tailscaleIP = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Tailscale IP address (inherited from host)"; + }; + }; + }; + + # Raw services list before enrichment + rawServices = [ + { + name = "kanidm"; + domain = "auth.baduhai.dev"; + host = "alexandria"; + } + { + name = "vaultwarden"; + domain = "pass.baduhai.dev"; + host = "alexandria"; + } + { + name = "forgejo"; + domain = "git.baduhai.dev"; + host = "trantor"; + public = true; + } + { + name = "nextcloud"; + domain = "cloud.baduhai.dev"; + host = "alexandria"; + } + { + name = "jellyfin"; + domain = "jellyfin.baduhai.dev"; + host = "alexandria"; + } + ]; + + # Enrich services with host IP information + enrichServices = hosts: services: + map (svc: + let + hostInfo = hosts.${svc.host} or {}; + in + svc // { + lanIP = hostInfo.lanIP or null; + tailscaleIP = hostInfo.tailscaleIP or null; + } + ) services; + +in +{ + options.flake = { + hosts = lib.mkOption { + type = lib.types.attrsOf hostType; + default = {}; + description = "Host definitions with IP addresses"; + }; + + services = lib.mkOption { + type = lib.types.listOf serviceType; + default = []; + description = "Service definitions with enriched host information"; + }; + + lib = lib.mkOption { + type = lib.types.attrsOf lib.types.raw; + default = {}; + description = "Utility functions for flake configuration"; + }; + }; + + config.flake = { + hosts = { + alexandria = { + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + }; + trantor = { + tailscaleIP = "100.108.5.90"; + }; + }; + + services = enrichServices config.flake.hosts rawServices; + + lib = { + # Nginx virtual host utilities + mkNginxVHosts = { domains }: + let + mkVHostConfig = domain: vhostConfig: + lib.recursiveUpdate { + useACMEHost = domain; + forceSSL = true; + kTLS = true; + } vhostConfig; + in + lib.mapAttrs mkVHostConfig domains; + + # Split DNS utilities for unbound + # Generates unbound view config from a list of DNS entries + mkSplitDNS = entries: + let + tailscaleData = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') entries; + lanData = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') entries; + in + [ + { + name = "tailscale"; + view-first = true; + local-zone = ''"baduhai.dev." transparent''; + local-data = tailscaleData; + } + { + name = "lan"; + view-first = true; + local-zone = ''"baduhai.dev." transparent''; + local-data = lanData; + } + ]; + }; + }; +} From 0f193778c2f38ee554a8847aafa854ec4e586ee3 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:22 -0300 Subject: [PATCH 05/75] add aspects/common/ NixOS modules Migrates common NixOS configuration to dendritic aspect pattern: boot, console, firewall, locale, nix, openssh, programs, security, services, tailscale, users Co-Authored-By: Claude Opus 4.5 --- aspects/common/boot.nix | 21 ++++++++++++++++++ aspects/common/console.nix | 9 ++++++++ aspects/common/firewall.nix | 9 ++++++++ aspects/common/locale.nix | 22 +++++++++++++++++++ aspects/common/nix.nix | 39 ++++++++++++++++++++++++++++++++++ aspects/common/openssh.nix | 12 +++++++++++ aspects/common/programs.nix | 41 ++++++++++++++++++++++++++++++++++++ aspects/common/security.nix | 14 ++++++++++++ aspects/common/services.nix | 10 +++++++++ aspects/common/tailscale.nix | 9 ++++++++ aspects/common/users.nix | 25 ++++++++++++++++++++++ 11 files changed, 211 insertions(+) create mode 100644 aspects/common/boot.nix create mode 100644 aspects/common/console.nix create mode 100644 aspects/common/firewall.nix create mode 100644 aspects/common/locale.nix create mode 100644 aspects/common/nix.nix create mode 100644 aspects/common/openssh.nix create mode 100644 aspects/common/programs.nix create mode 100644 aspects/common/security.nix create mode 100644 aspects/common/services.nix create mode 100644 aspects/common/tailscale.nix create mode 100644 aspects/common/users.nix diff --git a/aspects/common/boot.nix b/aspects/common/boot.nix new file mode 100644 index 0000000..109d6f2 --- /dev/null +++ b/aspects/common/boot.nix @@ -0,0 +1,21 @@ +{ ... }: +{ + flake.modules.nixos.common-boot = { pkgs, ... }: { + boot = { + loader = { + timeout = 1; + efi.canTouchEfiVariables = true; + systemd-boot = { + enable = true; + editor = false; + consoleMode = "max"; + sortKey = "aa"; + netbootxyz = { + enable = true; + sortKey = "zz"; + }; + }; + }; + }; + }; +} diff --git a/aspects/common/console.nix b/aspects/common/console.nix new file mode 100644 index 0000000..6f6be9f --- /dev/null +++ b/aspects/common/console.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + flake.modules.nixos.common-console = { ... }: { + console = { + useXkbConfig = true; + earlySetup = true; + }; + }; +} diff --git a/aspects/common/firewall.nix b/aspects/common/firewall.nix new file mode 100644 index 0000000..af1a8f7 --- /dev/null +++ b/aspects/common/firewall.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + flake.modules.nixos.common-firewall = { ... }: { + networking = { + firewall.enable = true; + nftables.enable = true; + }; + }; +} diff --git a/aspects/common/locale.nix b/aspects/common/locale.nix new file mode 100644 index 0000000..2b91759 --- /dev/null +++ b/aspects/common/locale.nix @@ -0,0 +1,22 @@ +{ ... }: +{ + flake.modules.nixos.common-locale = { ... }: { + time.timeZone = "America/Bahia"; + + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocaleSettings = { + LC_ADDRESS = "pt_BR.utf8"; + LC_COLLATE = "pt_BR.utf8"; + LC_IDENTIFICATION = "pt_BR.utf8"; + LC_MEASUREMENT = "pt_BR.utf8"; + LC_MONETARY = "pt_BR.utf8"; + LC_NAME = "pt_BR.utf8"; + LC_NUMERIC = "pt_BR.utf8"; + LC_PAPER = "pt_BR.utf8"; + LC_TELEPHONE = "pt_BR.utf8"; + LC_TIME = "en_IE.utf8"; + }; + }; + }; +} diff --git a/aspects/common/nix.nix b/aspects/common/nix.nix new file mode 100644 index 0000000..414c315 --- /dev/null +++ b/aspects/common/nix.nix @@ -0,0 +1,39 @@ +{ ... }: +{ + flake.modules.nixos.common-nix = { inputs, ... }: { + imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; + + nix = { + settings = { + auto-optimise-store = true; + connect-timeout = 10; + log-lines = 25; + min-free = 128000000; + max-free = 1000000000; + trusted-users = [ "@wheel" ]; + }; + extraOptions = "experimental-features = nix-command flakes"; + gc = { + automatic = true; + options = "--delete-older-than 8d"; + }; + }; + + nixpkgs.config = { + allowUnfree = true; + enableParallelBuilding = true; + buildManPages = false; + buildDocs = false; + }; + + services.nixos-cli = { + enable = true; + config = { + use_nvd = true; + ignore_dirty_tree = true; + }; + }; + + system.stateVersion = "22.11"; + }; +} diff --git a/aspects/common/openssh.nix b/aspects/common/openssh.nix new file mode 100644 index 0000000..c515d81 --- /dev/null +++ b/aspects/common/openssh.nix @@ -0,0 +1,12 @@ +{ ... }: +{ + flake.modules.nixos.common-openssh = { ... }: { + services.openssh = { + enable = true; + settings.PermitRootLogin = "no"; + extraConfig = '' + PrintLastLog no + ''; + }; + }; +} diff --git a/aspects/common/programs.nix b/aspects/common/programs.nix new file mode 100644 index 0000000..a3233e9 --- /dev/null +++ b/aspects/common/programs.nix @@ -0,0 +1,41 @@ +{ ... }: +{ + flake.modules.nixos.common-programs = { lib, pkgs, ... }: { + environment = { + systemPackages = with pkgs; [ + ### Dev Tools ### + git + ### System Utilities ### + btop + fastfetch + helix + nixos-firewall-tool + nvd + sysz + tmux + wget + yazi + ]; + shellAliases = { + cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; + ls = "${lib.getExe pkgs.eza} --icons --group-directories-first"; + tree = "ls --tree"; + }; + }; + + programs = { + command-not-found.enable = false; + fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + if set -q SSH_CONNECTION + export TERM=xterm-256color + clear + fastfetch + end + ''; + }; + }; + }; +} diff --git a/aspects/common/security.nix b/aspects/common/security.nix new file mode 100644 index 0000000..b63074b --- /dev/null +++ b/aspects/common/security.nix @@ -0,0 +1,14 @@ +{ ... }: +{ + flake.modules.nixos.common-security = { ... }: { + security = { + unprivilegedUsernsClone = true; # Needed for rootless podman + sudo = { + wheelNeedsPassword = false; + extraConfig = '' + Defaults lecture = never + ''; + }; + }; + }; +} diff --git a/aspects/common/services.nix b/aspects/common/services.nix new file mode 100644 index 0000000..befdbb9 --- /dev/null +++ b/aspects/common/services.nix @@ -0,0 +1,10 @@ +{ ... }: +{ + flake.modules.nixos.common-services = { ... }: { + services = { + dbus.implementation = "broker"; + irqbalance.enable = true; + fstrim.enable = true; + }; + }; +} diff --git a/aspects/common/tailscale.nix b/aspects/common/tailscale.nix new file mode 100644 index 0000000..13eb82a --- /dev/null +++ b/aspects/common/tailscale.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + flake.modules.nixos.common-tailscale = { ... }: { + services.tailscale = { + enable = true; + extraUpFlags = [ "--operator=user" ]; + }; + }; +} diff --git a/aspects/common/users.nix b/aspects/common/users.nix new file mode 100644 index 0000000..e911663 --- /dev/null +++ b/aspects/common/users.nix @@ -0,0 +1,25 @@ +{ ... }: +{ + flake.modules.nixos.common-users = { pkgs, ... }: { + users.users = { + user = { + isNormalUser = true; + shell = pkgs.fish; + extraGroups = [ + "networkmanager" + "wheel" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + ]; + hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; + }; + root = { + shell = pkgs.fish; + hashedPassword = "!"; + }; + }; + }; +} From 37f2d5f64a7b4c4ccb342b35c2d3761537cc3aad Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:22 -0300 Subject: [PATCH 06/75] add aspects/desktop/ modules Desktop-specific NixOS and home-manager configuration: boot, desktop, niri, nix, services Co-Authored-By: Claude Opus 4.5 --- aspects/desktop/boot.nix | 30 ++++ aspects/desktop/desktop.nix | 292 +++++++++++++++++++++++++++++++++++ aspects/desktop/niri.nix | 220 ++++++++++++++++++++++++++ aspects/desktop/nix.nix | 17 ++ aspects/desktop/services.nix | 19 +++ 5 files changed, 578 insertions(+) create mode 100644 aspects/desktop/boot.nix create mode 100644 aspects/desktop/desktop.nix create mode 100644 aspects/desktop/niri.nix create mode 100644 aspects/desktop/nix.nix create mode 100644 aspects/desktop/services.nix diff --git a/aspects/desktop/boot.nix b/aspects/desktop/boot.nix new file mode 100644 index 0000000..bd98184 --- /dev/null +++ b/aspects/desktop/boot.nix @@ -0,0 +1,30 @@ +{ inputs, ... }: +{ + flake.modules.nixos.desktop-boot = { config, lib, pkgs, ... }: { + # Import parent aspect for inheritance + imports = [ inputs.self.modules.nixos.common-boot ]; + + boot = { + plymouth.enable = true; + initrd.systemd.enable = true; + loader.efi.efiSysMountPoint = "/boot/efi"; + kernelPackages = pkgs.linuxPackages_xanmod_latest; + extraModprobeConfig = '' + options bluetooth disable_ertm=1 + ''; + kernel.sysctl = { + "net.ipv4.tcp_mtu_probing" = 1; + }; + kernelParams = [ + "quiet" + "splash" + "i2c-dev" + "i2c-piix4" + "loglevel=3" + "udev.log_priority=3" + "rd.udev.log_level=3" + "rd.systemd.show_status=false" + ]; + }; + }; +} diff --git a/aspects/desktop/desktop.nix b/aspects/desktop/desktop.nix new file mode 100644 index 0000000..f2298e7 --- /dev/null +++ b/aspects/desktop/desktop.nix @@ -0,0 +1,292 @@ +{ + inputs, + ... +}: +{ + flake.modules = { + nixos.desktop-desktop = { config, lib, pkgs, ... }: { + imports = [ + inputs.niri-flake.nixosModules.niri + inputs.nix-flatpak.nixosModules.nix-flatpak + ]; + + environment = { + sessionVariables = { + KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir + NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland + }; + systemPackages = with pkgs; [ + ### Web ### + bitwarden-desktop + fragments + nextcloud-client + tor-browser + vesktop + inputs.zen-browser.packages."${system}".default + ### Office & Productivity ### + aspell + aspellDicts.de + aspellDicts.en + aspellDicts.en-computers + aspellDicts.pt_BR + papers + presenterm + rnote + ### Graphics & Design ### + gimp + inkscape + plasticity + ### System Utilities ### + adwaita-icon-theme + ghostty + gnome-disk-utility + junction + libfido2 + mission-center + nautilus + p7zip + rclone + toggleaudiosink + unrar + ### Media ### + decibels + loupe + obs-studio + showtime + ]; + }; + + services = { + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + wireplumber.enable = true; + }; + greetd = { + enable = true; + settings = { + default_session = { + command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; + user = "greeter"; + }; + } + // lib.optionalAttrs (config.networking.hostName == "io") { + initial_session = { + command = "${config.programs.niri.package}/bin/niri-session"; + user = "user"; + }; + }; + }; + flatpak = { + enable = true; + packages = [ + ### Office & Productivity ### + "com.collabora.Office" + ### Graphics & Design ### + "com.boxy_svg.BoxySVG" + rec { + appId = "io.github.softfever.OrcaSlicer"; + sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; + bundle = "${pkgs.fetchurl { + url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; + inherit sha256; + }}"; + } + ### System Utilities ### + "com.github.tchx84.Flatseal" + "com.rustdesk.RustDesk" + ]; + uninstallUnmanaged = true; + update.auto.enable = true; + }; + gvfs.enable = true; + }; + + security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority + + users = { + users.greeter = { + isSystemUser = true; + group = "greeter"; + }; + groups.greeter = { }; + }; + + programs = { + niri = { + enable = true; + package = inputs.niri.packages.${pkgs.system}.niri; + }; + kdeconnect = { + enable = true; + package = pkgs.valent; + }; + dconf.enable = true; + appimage = { + enable = true; + binfmt = true; + }; + }; + + niri-flake.cache.enable = false; + + fonts = { + fontDir.enable = true; + packages = with pkgs; [ + corefonts + inter + nerd-fonts.fira-code + noto-fonts-cjk-sans + noto-fonts-color-emoji + roboto + ]; + }; + + xdg.portal = { + extraPortals = with pkgs; [ + xdg-desktop-portal-gnome + xdg-desktop-portal-gtk + ]; + config = { + common.default = "*"; + niri.default = [ + "gtk" + "gnome" + ]; + }; + }; + }; + + homeManager.desktop-desktop = { config, lib, pkgs, inputs, ... }: { + imports = [ inputs.vicinae.homeManagerModules.default ]; + + fonts.fontconfig.enable = true; + + home.packages = with pkgs; [ xwayland-satellite ]; + + services.vicinae = { + enable = true; + systemd = { + enable = true; + autoStart = true; + }; + }; + + programs = { + ghostty = { + enable = true; + settings = { + cursor-style = "block"; + shell-integration-features = "no-cursor"; + cursor-style-blink = false; + custom-shader = "${builtins.fetchurl { + url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; + sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; + }}"; + bell-features = ""; + gtk-titlebar-style = "tabs"; + keybind = [ "shift+enter=text:\\x1b\\r" ]; + }; + }; + + password-store = { + enable = true; + package = pkgs.pass-wayland; + }; + }; + + xdg = { + enable = true; + userDirs.enable = true; + mimeApps = { + enable = true; + defaultApplications = { + "text/html" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/http" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/https" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/about" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/unknown" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "image/jpeg" = "org.gnome.Loupe.desktop"; + "image/png" = "org.gnome.Loupe.desktop"; + "image/gif" = "org.gnome.Loupe.desktop"; + "image/webp" = "org.gnome.Loupe.desktop"; + "image/bmp" = "org.gnome.Loupe.desktop"; + "image/svg+xml" = "org.gnome.Loupe.desktop"; + "image/tiff" = "org.gnome.Loupe.desktop"; + "video/mp4" = "io.bassi.Showtime.desktop"; + "video/x-matroska" = "io.bassi.Showtime.desktop"; + "video/webm" = "io.bassi.Showtime.desktop"; + "video/mpeg" = "io.bassi.Showtime.desktop"; + "video/x-msvideo" = "io.bassi.Showtime.desktop"; + "video/quicktime" = "io.bassi.Showtime.desktop"; + "video/x-flv" = "io.bassi.Showtime.desktop"; + "audio/mpeg" = "io.bassi.Showtime.desktop"; + "audio/flac" = "io.bassi.Showtime.desktop"; + "audio/ogg" = "io.bassi.Showtime.desktop"; + "audio/wav" = "io.bassi.Showtime.desktop"; + "audio/mp4" = "io.bassi.Showtime.desktop"; + "audio/x-opus+ogg" = "io.bassi.Showtime.desktop"; + "application/pdf" = [ + "org.gnome.Papers.desktop" + "zen-browser.desktop" + ]; + "text/plain" = "Helix.desktop"; + "text/markdown" = "Helix.desktop"; + "text/x-log" = "Helix.desktop"; + "application/x-shellscript" = "Helix.desktop"; + "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = + "com.collabora.Office.desktop"; # DOCX + "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = + "com.collabora.Office.desktop"; # XLSX + "application/vnd.openxmlformats-officedocument.presentationml.presentation" = + "com.collabora.Office.desktop"; # PPTX + "application/vnd.oasis.opendocument.text" = "com.collabora.Office.desktop"; # ODT + "application/vnd.oasis.opendocument.spreadsheet" = "com.collabora.Office.desktop"; # ODS + "application/vnd.oasis.opendocument.presentation" = "com.collabora.Office.desktop"; # ODP + "application/msword" = "com.collabora.Office.desktop"; # DOC + "application/vnd.ms-excel" = "com.collabora.Office.desktop"; # XLS + "application/vnd.ms-powerpoint" = "com.collabora.Office.desktop"; # PPT + "application/zip" = "org.gnome.FileRoller.desktop"; + "application/x-tar" = "org.gnome.FileRoller.desktop"; + "application/x-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-bzip-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-xz-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-7z-compressed" = "org.gnome.FileRoller.desktop"; + "application/x-rar" = "org.gnome.FileRoller.desktop"; + "application/gzip" = "org.gnome.FileRoller.desktop"; + "application/x-bzip" = "org.gnome.FileRoller.desktop"; + "inode/directory" = "org.gnome.Nautilus.desktop"; + }; + }; + }; + + # Set Ghostty as default terminal + home.sessionVariables = { + TERMINAL = "ghostty"; + }; + }; + }; +} diff --git a/aspects/desktop/niri.nix b/aspects/desktop/niri.nix new file mode 100644 index 0000000..6458ab0 --- /dev/null +++ b/aspects/desktop/niri.nix @@ -0,0 +1,220 @@ +{ ... }: +{ + flake.modules.homeManager.desktop-niri = { config, lib, pkgs, inputs, hostname ? null, ... }: + let + isRotterdam = hostname == "rotterdam"; + in + { + imports = [ inputs.noctalia.homeModules.default ]; + + services.kanshi = { + enable = true; + settings = [ + { + profile.name = "default"; + profile.outputs = [ + { + criteria = "*"; + scale = 1.0; + } + ]; + } + ]; + }; + + home = { + packages = with pkgs; [ + xwayland-satellite + inputs.noctalia.packages.${pkgs.system}.default + ]; + sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; + }; + + xdg.configFile."niri/config.kdl".text = '' + input { + keyboard { + xkb { + layout "us" + variant "altgr-intl" + } + } + touchpad { + tap + dwt + drag true + drag-lock + natural-scroll + accel-speed 0.2 + accel-profile "flat" + scroll-method "two-finger" + middle-emulation + } + mouse { + natural-scroll + accel-speed 0.2 + accel-profile "flat" + } + warp-mouse-to-focus mode="center-xy" + focus-follows-mouse + } + + layout { + gaps 8 + center-focused-column "never" + auto-center-when-space-available + preset-column-widths { + ${ + if isRotterdam then + '' + proportion 0.33333 + proportion 0.5 + proportion 0.66667 + '' + else + '' + proportion 0.5 + proportion 1.0 + '' + } + } + default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } + focus-ring { + off + } + border { + width 4 + active-color "#ffc87f" + inactive-color "#505050" + urgent-color "#9b0000" + } + tab-indicator { + width 4 + gap 4 + place-within-column + } + } + + overview { + zoom 0.65 + } + + spawn-at-startup "noctalia-shell" "-d" + layer-rule { + match namespace="^noctalia-overview*" + place-within-backdrop true + } + + hotkey-overlay { + skip-at-startup + } + + prefer-no-csd + screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" + + animations { + slowdown 0.3 + } + + window-rule { + match app-id="zen" + default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; } + } + + window-rule { + geometry-corner-radius 12 + clip-to-geometry true + } + + config-notification { + disable-failed + } + + binds { + Alt+Space repeat=false { spawn "vicinae" "toggle"; } + XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; } + XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; } + XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; } + XF86MonBrightnessUp allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "increase"; } + XF86MonBrightnessDown allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "decrease"; } + XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; } + XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } + XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } + XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } + Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; } + Mod+Shift+L repeat=false { spawn "noctalia-shell" "ipc" "call" "lockScreen" "lock"; } + Mod+Return { spawn "ghostty"; } + Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } + Mod+W repeat=false { toggle-overview; } + Mod+Q { close-window; } + Alt+Shift+Q { close-window;} + Mod+Shift+Q { close-window; } + Alt+F4 { close-window; } + Mod+Left { focus-column-left; } + Mod+Down { focus-window-or-workspace-down; } + Mod+Up { focus-window-or-workspace-up; } + Mod+Right { focus-column-right; } + Mod+H { focus-column-left; } + Mod+L { focus-column-right; } + Mod+J { focus-window-or-workspace-down; } + Mod+K { focus-window-or-workspace-up; } + Mod+Ctrl+Left { move-column-left; } + Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } + Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } + Mod+Ctrl+Right { move-column-right; } + Mod+Ctrl+H { move-column-left; } + Mod+Ctrl+J { move-window-down-or-to-workspace-down; } + Mod+Ctrl+K { move-window-up-or-to-workspace-up; } + Mod+Ctrl+L { move-column-right; } + Mod+Home { focus-column-first; } + Mod+End { focus-column-last; } + Mod+Ctrl+Home { move-column-to-first; } + Mod+Ctrl+End { move-column-to-last; } + Mod+Alt+Left { focus-monitor-left; } + Mod+Alt+Down { focus-monitor-down; } + Mod+Alt+Up { focus-monitor-up; } + Mod+Alt+Right { focus-monitor-right; } + Mod+Alt+H { focus-monitor-left; } + Mod+Alt+J { focus-monitor-down; } + Mod+Alt+K { focus-monitor-up; } + Mod+Alt+L { focus-monitor-right; } + Mod+Alt+Ctrl+Left { move-column-to-monitor-left; } + Mod+Alt+Ctrl+Down { move-column-to-monitor-down; } + Mod+Alt+Ctrl+Up { move-column-to-monitor-up; } + Mod+Alt+Ctrl+Right { move-column-to-monitor-right; } + Mod+Alt+Ctrl+H { move-column-to-monitor-left; } + Mod+Alt+Ctrl+J { move-column-to-monitor-down; } + Mod+Alt+Ctrl+K { move-column-to-monitor-up; } + Mod+Alt+Ctrl+L { move-column-to-monitor-right; } + Mod+Ctrl+U { move-workspace-down; } + Mod+Ctrl+I { move-workspace-up; } + Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; } + Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; } + Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; } + Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; } + Mod+Shift+WheelScrollDown { focus-column-right; } + Mod+Shift+WheelScrollUp { focus-column-left; } + Mod+Ctrl+Shift+WheelScrollDown { move-column-right; } + Mod+Ctrl+Shift+WheelScrollUp { move-column-left; } + Mod+BracketLeft { consume-or-expel-window-left; } + Mod+BracketRight { consume-or-expel-window-right; } + Mod+Comma { consume-window-into-column; } + Mod+Period { expel-window-from-column; } + Mod+R { switch-preset-column-width; } + Mod+F { maximize-column; } + Mod+Ctrl+F { fullscreen-window; } + Mod+C { center-visible-columns; } + Mod+Ctrl+C { center-column; } + Mod+Space { toggle-window-floating; } + Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; } + Mod+T { toggle-column-tabbed-display; } + Print { screenshot-screen; } + Mod+Print { screenshot; } + Ctrl+Print { screenshot-window; } + Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } + Mod+Alt+E { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } + Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } + Mod+Ctrl+P { power-off-monitors; } + } + ''; + }; +} diff --git a/aspects/desktop/nix.nix b/aspects/desktop/nix.nix new file mode 100644 index 0000000..67cfa11 --- /dev/null +++ b/aspects/desktop/nix.nix @@ -0,0 +1,17 @@ +{ inputs, ... }: +{ + flake.modules.nixos.desktop-nix = { config, lib, pkgs, ... }: { + # Import parent aspect for inheritance + imports = [ inputs.self.modules.nixos.common-nix ]; + + environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; + + nix = { + registry.nixpkgs.flake = inputs.nixpkgs; + nixPath = [ + "nixpkgs=${inputs.nixpkgs}" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; + }; +} diff --git a/aspects/desktop/services.nix b/aspects/desktop/services.nix new file mode 100644 index 0000000..59f0a56 --- /dev/null +++ b/aspects/desktop/services.nix @@ -0,0 +1,19 @@ +{ inputs, ... }: +{ + flake.modules.nixos.desktop-services = { config, lib, pkgs, ... }: { + # Import parent aspect for inheritance + imports = [ inputs.self.modules.nixos.common-services ]; + + services = { + printing.enable = true; + udev.packages = with pkgs; [ yubikey-personalization ]; + keyd = { + enable = true; + keyboards.all = { + ids = [ "*" ]; + settings.main.capslock = "overload(meta, esc)"; + }; + }; + }; + }; +} From f5c44965a887e7e951041727ba86805a8638e735 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:22 -0300 Subject: [PATCH 07/75] add aspects/server/ NixOS modules Server-specific NixOS configuration: boot, nix, tailscale Co-Authored-By: Claude Opus 4.5 --- aspects/server/boot.nix | 10 ++++++++++ aspects/server/nix.nix | 18 ++++++++++++++++++ aspects/server/tailscale.nix | 18 ++++++++++++++++++ 3 files changed, 46 insertions(+) create mode 100644 aspects/server/boot.nix create mode 100644 aspects/server/nix.nix create mode 100644 aspects/server/tailscale.nix diff --git a/aspects/server/boot.nix b/aspects/server/boot.nix new file mode 100644 index 0000000..68397f2 --- /dev/null +++ b/aspects/server/boot.nix @@ -0,0 +1,10 @@ +# aspects/server/boot.nix +{ inputs, ... }: +{ + flake.modules.nixos.server-boot = { config, lib, pkgs, ... }: { + # Import parent aspect for inheritance + imports = [ inputs.self.modules.nixos.common-boot ]; + + boot.kernelPackages = pkgs.linuxPackages_hardened; + }; +} diff --git a/aspects/server/nix.nix b/aspects/server/nix.nix new file mode 100644 index 0000000..b22565c --- /dev/null +++ b/aspects/server/nix.nix @@ -0,0 +1,18 @@ +# aspects/server/nix.nix +{ inputs, ... }: +{ + flake.modules.nixos.server-nix = { config, lib, pkgs, ... }: { + # Import parent aspect for inheritance + imports = [ inputs.self.modules.nixos.common-nix ]; + + environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; + + nix = { + registry.nixpkgs.flake = inputs.nixpkgs-stable; + nixPath = [ + "nixpkgs=/etc/channels/nixpkgs" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; + }; +} diff --git a/aspects/server/tailscale.nix b/aspects/server/tailscale.nix new file mode 100644 index 0000000..433494c --- /dev/null +++ b/aspects/server/tailscale.nix @@ -0,0 +1,18 @@ +# aspects/server/tailscale.nix +{ inputs, ... }: +{ + flake.modules.nixos.server-tailscale = { config, lib, pkgs, ... }: { + # Import parent aspect for inheritance + imports = [ inputs.self.modules.nixos.common-tailscale ]; + + services.tailscale = { + extraSetFlags = [ "--advertise-exit-node" ]; + useRoutingFeatures = "server"; + }; + + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + }; + }; +} From a2f013c5297607c15db65e0d15db6fbb7d0ceddb Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:30 -0300 Subject: [PATCH 08/75] add aspects/cli/ home-manager modules CLI tool configurations: btop, comma, direnv, helix, hm-cli, starship, tmux Co-Authored-By: Claude Opus 4.5 --- aspects/cli/btop.nix | 13 +++++++++++ aspects/cli/comma.nix | 8 +++++++ aspects/cli/direnv.nix | 9 ++++++++ aspects/cli/helix.nix | 50 ++++++++++++++++++++++++++++++++++++++++ aspects/cli/hm-cli.nix | 11 +++++++++ aspects/cli/starship.nix | 41 ++++++++++++++++++++++++++++++++ aspects/cli/tmux.nix | 12 ++++++++++ 7 files changed, 144 insertions(+) create mode 100644 aspects/cli/btop.nix create mode 100644 aspects/cli/comma.nix create mode 100644 aspects/cli/direnv.nix create mode 100644 aspects/cli/helix.nix create mode 100644 aspects/cli/hm-cli.nix create mode 100644 aspects/cli/starship.nix create mode 100644 aspects/cli/tmux.nix diff --git a/aspects/cli/btop.nix b/aspects/cli/btop.nix new file mode 100644 index 0000000..09a815e --- /dev/null +++ b/aspects/cli/btop.nix @@ -0,0 +1,13 @@ +{ ... }: +{ + flake.modules.homeManager.cli-btop = { config, lib, pkgs, ... }: { + programs.btop = { + enable = true; + settings = { + theme_background = false; + proc_sorting = "cpu direct"; + update_ms = 500; + }; + }; + }; +} diff --git a/aspects/cli/comma.nix b/aspects/cli/comma.nix new file mode 100644 index 0000000..b8e6c2a --- /dev/null +++ b/aspects/cli/comma.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + flake.modules.homeManager.cli-comma = { config, lib, pkgs, inputs, ... }: { + imports = [ inputs.nix-index-database.homeModules.nix-index ]; + + programs.nix-index-database.comma.enable = true; + }; +} diff --git a/aspects/cli/direnv.nix b/aspects/cli/direnv.nix new file mode 100644 index 0000000..4399283 --- /dev/null +++ b/aspects/cli/direnv.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + flake.modules.homeManager.cli-direnv = { config, lib, pkgs, ... }: { + programs.direnv = { + enable = true; + nix-direnv.enable = true; + }; + }; +} diff --git a/aspects/cli/helix.nix b/aspects/cli/helix.nix new file mode 100644 index 0000000..1fa2baf --- /dev/null +++ b/aspects/cli/helix.nix @@ -0,0 +1,50 @@ +{ ... }: +{ + flake.modules.homeManager.cli-helix = { config, lib, pkgs, ... }: { + home.sessionVariables = { + EDITOR = "hx"; + }; + + programs.helix = { + enable = true; + settings = { + editor = { + file-picker.hidden = false; + idle-timeout = 0; + line-number = "relative"; + cursor-shape = { + normal = "underline"; + insert = "bar"; + select = "underline"; + }; + soft-wrap.enable = true; + auto-format = true; + indent-guides.render = true; + }; + keys.normal = { + space = { + o = "file_picker_in_current_buffer_directory"; + esc = [ + "collapse_selection" + "keep_primary_selection" + ]; + }; + }; + }; + languages = { + language = [ + { + name = "nix"; + auto-format = true; + formatter.command = "nixfmt"; + } + { + name = "typst"; + auto-format = true; + formatter.command = "typstyle -c 1000 -i"; + } + ]; + }; + }; + }; +} diff --git a/aspects/cli/hm-cli.nix b/aspects/cli/hm-cli.nix new file mode 100644 index 0000000..acee59d --- /dev/null +++ b/aspects/cli/hm-cli.nix @@ -0,0 +1,11 @@ +{ ... }: +{ + flake.modules.homeManager.cli-base = { config, lib, pkgs, ... }: { + home = { + packages = with pkgs; [ hm-cli ]; + sessionVariables = { + HM_PATH = "/etc/nixos"; + }; + }; + }; +} diff --git a/aspects/cli/starship.nix b/aspects/cli/starship.nix new file mode 100644 index 0000000..e9884a7 --- /dev/null +++ b/aspects/cli/starship.nix @@ -0,0 +1,41 @@ +{ ... }: +{ + flake.modules.homeManager.cli-starship = { config, lib, pkgs, ... }: { + programs.starship = { + enable = true; + enableBashIntegration = true; + enableFishIntegration = true; + settings = { + add_newline = false; + format = '' + $hostname$directory$git_branch$git_status$nix_shell + [ ❯ ](bold green) + ''; + right_format = "$cmd_duration$character"; + hostname = { + ssh_symbol = "󰖟 "; + }; + character = { + error_symbol = "[](red)"; + success_symbol = "[󱐋](green)"; + }; + cmd_duration = { + format = "[󰄉 $duration ]($style)"; + style = "yellow"; + min_time = 500; + }; + git_branch = { + symbol = " "; + style = "purple"; + }; + git_status.style = "red"; + nix_shell = { + format = "via [$symbol$state]($style)"; + heuristic = true; + style = "blue"; + symbol = "󱄅 "; + }; + }; + }; + }; +} diff --git a/aspects/cli/tmux.nix b/aspects/cli/tmux.nix new file mode 100644 index 0000000..078a6aa --- /dev/null +++ b/aspects/cli/tmux.nix @@ -0,0 +1,12 @@ +{ ... }: +{ + flake.modules.homeManager.cli-tmux = { config, lib, pkgs, ... }: { + programs.tmux = { + enable = true; + clock24 = true; + terminal = "xterm-256color"; + mouse = true; + keyMode = "vi"; + }; + }; +} From e6aed18d8f88374dea23468754fc98c1ec85c280 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:30 -0300 Subject: [PATCH 09/75] add aspects/shell/ home-manager modules Shell configurations: bash, fish Co-Authored-By: Claude Opus 4.5 --- aspects/shell/bash.nix | 9 +++++++++ aspects/shell/fish.nix | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 aspects/shell/bash.nix create mode 100644 aspects/shell/fish.nix diff --git a/aspects/shell/bash.nix b/aspects/shell/bash.nix new file mode 100644 index 0000000..3ec7237 --- /dev/null +++ b/aspects/shell/bash.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + flake.modules.homeManager.shell-bash = { config, lib, pkgs, ... }: { + programs.bash = { + enable = true; + historyFile = "~/.cache/bash_history"; + }; + }; +} diff --git a/aspects/shell/fish.nix b/aspects/shell/fish.nix new file mode 100644 index 0000000..e2ae9cf --- /dev/null +++ b/aspects/shell/fish.nix @@ -0,0 +1,33 @@ +{ ... }: +{ + flake.modules.homeManager.shell-fish = { config, lib, pkgs, ... }: { + programs.fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + ${lib.getExe pkgs.nix-your-shell} fish | source + ''; + loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; + plugins = [ + { + name = "bang-bang"; + src = pkgs.fetchFromGitHub { + owner = "oh-my-fish"; + repo = "plugin-bang-bang"; + rev = "f969c618301163273d0a03d002614d9a81952c1e"; + sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; + }; + } + { + name = "z"; + src = pkgs.fetchFromGitHub { + owner = "jethrokuan"; + repo = "z"; + rev = "067e867debee59aee231e789fc4631f80fa5788e"; + sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU="; + }; + } + ]; + }; + }; +} From e8e62c81e3680e0137aa640f4c0e348bec2cd3d2 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:30 -0300 Subject: [PATCH 10/75] add aspects/gaming/ modules Gaming-related NixOS and home-manager configuration: flatpak, hardware, launchers, mangohud, steam Co-Authored-By: Claude Opus 4.5 --- aspects/gaming/flatpak.nix | 23 +++++++++++++++++++ aspects/gaming/hardware.nix | 11 +++++++++ aspects/gaming/launchers.nix | 11 +++++++++ aspects/gaming/mangohud.nix | 43 ++++++++++++++++++++++++++++++++++++ aspects/gaming/steam.nix | 17 ++++++++++++++ 5 files changed, 105 insertions(+) create mode 100644 aspects/gaming/flatpak.nix create mode 100644 aspects/gaming/hardware.nix create mode 100644 aspects/gaming/launchers.nix create mode 100644 aspects/gaming/mangohud.nix create mode 100644 aspects/gaming/steam.nix diff --git a/aspects/gaming/flatpak.nix b/aspects/gaming/flatpak.nix new file mode 100644 index 0000000..ad50c7c --- /dev/null +++ b/aspects/gaming/flatpak.nix @@ -0,0 +1,23 @@ +{ ... }: + +{ + flake.modules.nixos.gaming-flatpak = { pkgs, ... }: { + services.flatpak.packages = [ + "com.github.k4zmu2a.spacecadetpinball" + "com.steamgriddb.SGDBoop" + "io.github.Foldex.AdwSteamGtk" + "io.itch.itch" + "io.mrarm.mcpelauncher" + "net.retrodeck.retrodeck" + "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08" + rec { + appId = "com.hypixel.HytaleLauncher"; + sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv"; + bundle = "${pkgs.fetchurl { + url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak"; + inherit sha256; + }}"; + } + ]; + }; +} diff --git a/aspects/gaming/hardware.nix b/aspects/gaming/hardware.nix new file mode 100644 index 0000000..f1bd75b --- /dev/null +++ b/aspects/gaming/hardware.nix @@ -0,0 +1,11 @@ +{ ... }: + +{ + flake.modules.nixos.gaming-hardware = { ... }: { + hardware = { + xpadneo.enable = true; + steam-hardware.enable = true; # Allow steam client to manage controllers + graphics.enable32Bit = true; # For OpenGL games + }; + }; +} diff --git a/aspects/gaming/launchers.nix b/aspects/gaming/launchers.nix new file mode 100644 index 0000000..5684f9f --- /dev/null +++ b/aspects/gaming/launchers.nix @@ -0,0 +1,11 @@ +{ ... }: + +{ + flake.modules.nixos.gaming-launchers = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + clonehero + heroic + prismlauncher + ]; + }; +} diff --git a/aspects/gaming/mangohud.nix b/aspects/gaming/mangohud.nix new file mode 100644 index 0000000..7f83644 --- /dev/null +++ b/aspects/gaming/mangohud.nix @@ -0,0 +1,43 @@ +{ ... }: + +{ + flake.modules = { + nixos.gaming-mangohud = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + mangohud + ]; + }; + + homeManager.gaming-mangohud = { config, ... }: { + programs.mangohud = { + enable = true; + enableSessionWide = true; + settings = { + position = "top-left"; + fps = true; + frametime = false; + frame_timing = false; + gpu_stats = true; + gpu_temp = true; + gpu_power = true; + cpu_stats = true; + cpu_temp = true; + cpu_power = true; + ram = true; + vram = true; + gamemode = false; + vkbasalt = false; + version = false; + engine_version = false; + vulkan_driver = false; + wine = false; + time = false; + fps_sampling_period = 500; + toggle_hud = "Shift_L+F12"; + toggle_logging = "Ctrl_L+F2"; + output_folder = "${config.home.homeDirectory}/.local/share/mangohud"; + }; + }; + }; + }; +} diff --git a/aspects/gaming/steam.nix b/aspects/gaming/steam.nix new file mode 100644 index 0000000..e0ab9a8 --- /dev/null +++ b/aspects/gaming/steam.nix @@ -0,0 +1,17 @@ +{ ... }: + +{ + flake.modules.nixos.gaming-steam = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + steam-run + ]; + + programs = { + steam = { + enable = true; + extraCompatPackages = [ pkgs.proton-ge-bin ]; + }; + gamemode.enable = true; + }; + }; +} From 92e16d0032308324b768803b09f696e7b4320a59 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:30 -0300 Subject: [PATCH 11/75] add aspects/programs/ home-manager modules Program categories: graphics, media, office, utilities, web Co-Authored-By: Claude Opus 4.5 --- aspects/programs/graphics.nix | 27 ++++++++++++++ aspects/programs/media.nix | 29 +++++++++++++++ aspects/programs/office.nix | 25 +++++++++++++ aspects/programs/utilities.nix | 65 ++++++++++++++++++++++++++++++++++ aspects/programs/web.nix | 18 ++++++++++ 5 files changed, 164 insertions(+) create mode 100644 aspects/programs/graphics.nix create mode 100644 aspects/programs/media.nix create mode 100644 aspects/programs/office.nix create mode 100644 aspects/programs/utilities.nix create mode 100644 aspects/programs/web.nix diff --git a/aspects/programs/graphics.nix b/aspects/programs/graphics.nix new file mode 100644 index 0000000..1488125 --- /dev/null +++ b/aspects/programs/graphics.nix @@ -0,0 +1,27 @@ +{ ... }: + +{ + flake.modules.nixos.programs-graphics = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + # Image Editing + gimp + inkscape + # CAD & 3D Modeling + plasticity + ]; + + services.flatpak.packages = [ + # Vector Graphics + "com.boxy_svg.BoxySVG" + # 3D Printing / Slicing + rec { + appId = "io.github.softfever.OrcaSlicer"; + sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; + bundle = "${pkgs.fetchurl { + url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; + inherit sha256; + }}"; + } + ]; + }; +} diff --git a/aspects/programs/media.nix b/aspects/programs/media.nix new file mode 100644 index 0000000..8b50b2e --- /dev/null +++ b/aspects/programs/media.nix @@ -0,0 +1,29 @@ +{ ... }: + +{ + flake.modules = { + nixos.programs-media = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + # Audio + decibels + # Video + showtime + # Image Viewer + loupe + # Recording & Streaming + obs-studio + ]; + }; + + homeManager.programs-media = { pkgs, ... }: { + programs.obs-studio = { + enable = true; + plugins = with pkgs.obs-studio-plugins; [ + obs-vkcapture + obs-backgroundremoval + obs-pipewire-audio-capture + ]; + }; + }; + }; +} diff --git a/aspects/programs/office.nix b/aspects/programs/office.nix new file mode 100644 index 0000000..1fc6817 --- /dev/null +++ b/aspects/programs/office.nix @@ -0,0 +1,25 @@ +{ ... }: + +{ + flake.modules.nixos.programs-office = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + # Spelling + aspell + aspellDicts.de + aspellDicts.en + aspellDicts.en-computers + aspellDicts.pt_BR + # Document Viewing + papers + # Presentations + presenterm + # Note Taking & Drawing + rnote + ]; + + services.flatpak.packages = [ + # Office Suite + "com.collabora.Office" + ]; + }; +} diff --git a/aspects/programs/utilities.nix b/aspects/programs/utilities.nix new file mode 100644 index 0000000..15b267f --- /dev/null +++ b/aspects/programs/utilities.nix @@ -0,0 +1,65 @@ +{ ... }: + +{ + flake.modules = { + nixos.programs-utilities = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + # Terminal + ghostty + # File Management + nautilus + gnome-disk-utility + # Archive Tools + p7zip + unrar + # Cloud & Remote + rclone + # System Monitoring + mission-center + # Desktop Integration + adwaita-icon-theme + junction + libfido2 + toggleaudiosink + # Xwayland Support + xwayland-satellite + ]; + + services.flatpak.packages = [ + # Flatpak Management + "com.github.tchx84.Flatseal" + # Remote Desktop + "com.rustdesk.RustDesk" + ]; + }; + + homeManager.programs-utilities = { pkgs, ... }: { + programs = { + ghostty = { + enable = true; + settings = { + cursor-style = "block"; + shell-integration-features = "no-cursor"; + cursor-style-blink = false; + custom-shader = "${builtins.fetchurl { + url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; + sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; + }}"; + bell-features = ""; + gtk-titlebar-style = "tabs"; + keybind = [ "shift+enter=text:\\x1b\\r" ]; + }; + }; + + password-store = { + enable = true; + package = pkgs.pass-wayland; + }; + }; + + home.sessionVariables = { + TERMINAL = "ghostty"; + }; + }; + }; +} diff --git a/aspects/programs/web.nix b/aspects/programs/web.nix new file mode 100644 index 0000000..cc3753b --- /dev/null +++ b/aspects/programs/web.nix @@ -0,0 +1,18 @@ +{ ... }: + +{ + flake.modules.nixos.programs-web = { inputs, pkgs, system, ... }: { + environment.systemPackages = with pkgs; [ + # Browsers + inputs.zen-browser.packages."${system}".default + tor-browser + # Communication + vesktop + # Cloud & Sync + bitwarden-desktop + nextcloud-client + # Downloads + fragments + ]; + }; +} From 5247bbda031902455fd6b7fdf7ca66ab4ab8b708 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:37 -0300 Subject: [PATCH 12/75] add single-file NixOS aspects Standalone NixOS modules: ai, bluetooth, dev, fwupd, libvirtd, networkmanager, podman Co-Authored-By: Claude Opus 4.5 --- aspects/ai.nix | 12 ++++++++++++ aspects/bluetooth.nix | 6 ++++++ aspects/dev.nix | 19 +++++++++++++++++++ aspects/fwupd.nix | 6 ++++++ aspects/libvirtd.nix | 18 ++++++++++++++++++ aspects/networkmanager.nix | 11 +++++++++++ aspects/podman.nix | 15 +++++++++++++++ 7 files changed, 87 insertions(+) create mode 100644 aspects/ai.nix create mode 100644 aspects/bluetooth.nix create mode 100644 aspects/dev.nix create mode 100644 aspects/fwupd.nix create mode 100644 aspects/libvirtd.nix create mode 100644 aspects/networkmanager.nix create mode 100644 aspects/podman.nix diff --git a/aspects/ai.nix b/aspects/ai.nix new file mode 100644 index 0000000..6befeae --- /dev/null +++ b/aspects/ai.nix @@ -0,0 +1,12 @@ +{ ... }: +{ + flake.modules.nixos.ai = { inputs, pkgs, ... }: { + environment.systemPackages = + (with pkgs; [claude-desktop]) ++ + (with inputs.nix-ai-tools.packages.${pkgs.system}; [ + claude-code + claudebox + opencode + ]); + }; +} diff --git a/aspects/bluetooth.nix b/aspects/bluetooth.nix new file mode 100644 index 0000000..222bdf2 --- /dev/null +++ b/aspects/bluetooth.nix @@ -0,0 +1,6 @@ +{ ... }: +{ + flake.modules.nixos.bluetooth = { config, lib, pkgs, ... }: { + hardware.bluetooth.enable = true; + }; +} diff --git a/aspects/dev.nix b/aspects/dev.nix new file mode 100644 index 0000000..cc84646 --- /dev/null +++ b/aspects/dev.nix @@ -0,0 +1,19 @@ +{ ... }: +{ + flake.modules.nixos.dev = { config, lib, pkgs, ... }: { + environment.systemPackages = with pkgs; [ + android-tools + bat + lazygit + fd + fzf + glow + nixfmt + nix-init + nix-output-monitor + ripgrep + ]; + + users.users.user.extraGroups = [ "adbusers" ]; + }; +} diff --git a/aspects/fwupd.nix b/aspects/fwupd.nix new file mode 100644 index 0000000..746f1d0 --- /dev/null +++ b/aspects/fwupd.nix @@ -0,0 +1,6 @@ +{ ... }: +{ + flake.modules.nixos.fwupd = { config, lib, pkgs, ... }: { + services.fwupd.enable = true; + }; +} diff --git a/aspects/libvirtd.nix b/aspects/libvirtd.nix new file mode 100644 index 0000000..6487999 --- /dev/null +++ b/aspects/libvirtd.nix @@ -0,0 +1,18 @@ +{ ... }: +{ + flake.modules.nixos.libvirtd = { config, lib, pkgs, ... }: { + virtualisation = { + libvirtd.enable = true; + spiceUSBRedirection.enable = true; + }; + + programs.virt-manager.enable = true; + + networking.firewall.trustedInterfaces = [ "virbr0" ]; + + users.users.user.extraGroups = [ + "libvirt" + "libvirtd" + ]; + }; +} diff --git a/aspects/networkmanager.nix b/aspects/networkmanager.nix new file mode 100644 index 0000000..74c9260 --- /dev/null +++ b/aspects/networkmanager.nix @@ -0,0 +1,11 @@ +{ ... }: +{ + flake.modules.nixos.networkmanager = { config, lib, pkgs, ... }: { + networking.networkmanager = { + enable = true; + wifi.backend = "iwd"; + }; + + users.users.user.extraGroups = [ "networkmanager" ]; + }; +} diff --git a/aspects/podman.nix b/aspects/podman.nix new file mode 100644 index 0000000..04e7e04 --- /dev/null +++ b/aspects/podman.nix @@ -0,0 +1,15 @@ +{ ... }: +{ + flake.modules.nixos.podman = { config, lib, pkgs, ... }: { + virtualisation.podman = { + enable = true; + autoPrune.enable = true; + extraPackages = [ pkgs.podman-compose ]; + }; + + systemd = { + services.podman-auto-update.enable = true; + timers.podman-auto-update.enable = true; + }; + }; +} From c2302ac9fafef794e5491d78abd93f4732e5d2e6 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:37 -0300 Subject: [PATCH 13/75] add aspects/ephemeral.nix with factory pattern Ephemeral root configuration with impermanence support. Exports both a base module with options and a factory function for generating configured modules. Co-Authored-By: Claude Opus 4.5 --- aspects/ephemeral.nix | 136 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 136 insertions(+) create mode 100644 aspects/ephemeral.nix diff --git a/aspects/ephemeral.nix b/aspects/ephemeral.nix new file mode 100644 index 0000000..724f931 --- /dev/null +++ b/aspects/ephemeral.nix @@ -0,0 +1,136 @@ +# Ephemeral root aspect - provides automatic btrfs root subvolume rollover +# Exports both a base module with options and a factory function for easy configuration +{ inputs, ... }: +{ + # Base module with options (for external flakes or direct use) + flake.modules.nixos.ephemeral = { lib, config, ... }: + let + cfg = config.ephemeral; + in + { + options.ephemeral = { + enable = lib.mkEnableOption "ephemeral root with automatic rollback"; + + rootDevice = lib.mkOption { + type = lib.types.str; + example = "/dev/mapper/cryptroot"; + description = "Device path for the root btrfs filesystem"; + }; + + rootSubvolume = lib.mkOption { + type = lib.types.str; + default = "@root"; + description = "Name of the root btrfs subvolume"; + }; + + oldRootRetentionDays = lib.mkOption { + type = lib.types.int; + default = 30; + description = "Number of days to keep old root snapshots before deletion"; + }; + }; + + config = lib.mkIf cfg.enable { + boot.initrd.systemd.services.recreate-root = { + description = "Rolling over and creating new filesystem root"; + requires = [ "initrd-root-device.target" ]; + after = [ + "local-fs-pre.target" + "initrd-root-device.target" + ]; + requiredBy = [ "initrd-root-fs.target" ]; + before = [ "sysroot.mount" ]; + unitConfig = { + AssertPathExists = "/etc/initrd-release"; + DefaultDependencies = false; + }; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + set -euo pipefail + + mkdir /btrfs_tmp + if ! mount ${cfg.rootDevice} /btrfs_tmp; then + echo "ERROR: Failed to mount ${cfg.rootDevice}" + exit 1 + fi + + if [[ -e /btrfs_tmp/${cfg.rootSubvolume} ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/${cfg.rootSubvolume})" "+%Y-%m-%-d_%H:%M:%S") + mv /btrfs_tmp/${cfg.rootSubvolume} "/btrfs_tmp/old_roots/$timestamp" + fi + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +${toString cfg.oldRootRetentionDays}); do + delete_subvolume_recursively "$i" + done + + if ! btrfs subvolume create /btrfs_tmp/${cfg.rootSubvolume}; then + echo "ERROR: Failed to create subvolume ${cfg.rootSubvolume}" + umount /btrfs_tmp + exit 1 + fi + + umount /btrfs_tmp + ''; + }; + }; + }; + + # Factory function that generates configured modules + flake.factory.ephemeral = + { rootDevice + , rootSubvolume ? "@root" + , retentionDays ? 30 + , persistentStoragePath ? "/persistent" + , persistentFiles ? [ + "/etc/machine-id" + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + ] + , persistentDirectories ? [ + "/etc/NetworkManager/system-connections" + "/etc/nixos" + "/var/lib/bluetooth" + "/var/lib/flatpak" + "/var/lib/lxd" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + "/var/lib/systemd/timers" + "/var/lib/tailscale" + "/var/log" + ] + }: + { ... }: { + imports = [ + inputs.impermanence.nixosModules.impermanence + inputs.self.modules.nixos.ephemeral + ]; + + ephemeral = { + enable = true; + inherit rootDevice rootSubvolume; + oldRootRetentionDays = retentionDays; + }; + + fileSystems."/persistent".neededForBoot = true; + + environment.persistence.main = { + inherit persistentStoragePath; + files = persistentFiles; + directories = persistentDirectories; + }; + }; +} From ad0aa14d143a26d99b1306543c409ab2f582d81c Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:37 -0300 Subject: [PATCH 14/75] add aspects/stylix.nix Stylix theming configuration for NixOS and home-manager Co-Authored-By: Claude Opus 4.5 --- aspects/stylix.nix | 71 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 aspects/stylix.nix diff --git a/aspects/stylix.nix b/aspects/stylix.nix new file mode 100644 index 0000000..e64386f --- /dev/null +++ b/aspects/stylix.nix @@ -0,0 +1,71 @@ +{ ... }: +{ + flake.modules = { + nixos.stylix = { inputs, ... }: { + imports = [ inputs.stylix.nixosModules.stylix ]; + }; + + homeManager.stylix = { config, inputs, pkgs, ... }: { + imports = [ + inputs.stylix.homeManagerModules.stylix + inputs.zen-browser.homeModules.beta + ]; + + stylix = { + enable = true; + polarity = "dark"; + base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyodark.yaml"; + cursor = { + package = pkgs.kdePackages.breeze; + name = "breeze_cursors"; + size = 24; + }; + icons = { + enable = true; + package = pkgs.morewaita-icon-theme; + light = "MoreWaita"; + dark = "MoreWaita"; + }; + opacity = { + applications = 1.0; + desktop = 1.0; + popups = config.stylix.opacity.desktop; + terminal = 1.0; + }; + fonts = { + serif = { + package = pkgs.source-serif; + name = "Source Serif 4 Display"; + }; + sansSerif = { + package = pkgs.inter; + name = "Inter"; + }; + monospace = { + package = pkgs.nerd-fonts.fira-code; + name = "FiraCode Nerd Font"; + }; + emoji = { + package = pkgs.noto-fonts-color-emoji; + name = "Noto Color Emoji"; + }; + sizes = { + applications = 10; + desktop = config.stylix.fonts.sizes.applications; + popups = config.stylix.fonts.sizes.applications; + terminal = 12; + }; + }; + targets.zen-browser = { + enable = true; + profileNames = [ "william" ]; + }; + }; + + programs.zen-browser = { + enable = true; + profiles.william = { }; + }; + }; + }; +} From 25c69e3c18150efc5ef045a18a11d1878c68a1f5 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:50 -0300 Subject: [PATCH 15/75] add aspects/hosts/ configurations Host-specific NixOS configurations for: - alexandria (server) - io (desktop) - rotterdam (desktop) - trantor (server, aarch64) Each host has a main config file and _hostname/ directory with hardware-configuration and other host-specific modules. Co-Authored-By: Claude Opus 4.5 --- .../_alexandria/hardware-configuration.nix | 49 ++++++++++ aspects/hosts/_alexandria/jellyfin.nix | 15 +++ aspects/hosts/_alexandria/kanidm.nix | 83 ++++++++++++++++ aspects/hosts/_alexandria/nextcloud.nix | 97 +++++++++++++++++++ aspects/hosts/_alexandria/nginx.nix | 59 +++++++++++ aspects/hosts/_alexandria/unbound.nix | 58 +++++++++++ aspects/hosts/_alexandria/vaultwarden.nix | 26 +++++ aspects/hosts/_io/boot.nix | 14 +++ aspects/hosts/_io/disko.nix | 79 +++++++++++++++ aspects/hosts/_io/hardware-configuration.nix | 37 +++++++ aspects/hosts/_io/programs.nix | 27 ++++++ aspects/hosts/_io/services.nix | 61 ++++++++++++ aspects/hosts/_rotterdam/boot.nix | 31 ++++++ .../_rotterdam/hardware-configuration.nix | 82 ++++++++++++++++ aspects/hosts/_rotterdam/hardware.nix | 8 ++ aspects/hosts/_rotterdam/programs.nix | 31 ++++++ aspects/hosts/_rotterdam/services.nix | 11 +++ aspects/hosts/_trantor/boot.nix | 6 ++ aspects/hosts/_trantor/disko.nix | 64 ++++++++++++ aspects/hosts/_trantor/fail2ban.nix | 23 +++++ aspects/hosts/_trantor/forgejo.nix | 72 ++++++++++++++ .../hosts/_trantor/hardware-configuration.nix | 20 ++++ aspects/hosts/_trantor/networking.nix | 8 ++ aspects/hosts/_trantor/nginx.nix | 61 ++++++++++++ aspects/hosts/_trantor/openssh.nix | 23 +++++ aspects/hosts/_trantor/unbound.nix | 58 +++++++++++ aspects/hosts/alexandria.nix | 42 ++++++++ aspects/hosts/io.nix | 51 ++++++++++ aspects/hosts/rotterdam.nix | 56 +++++++++++ aspects/hosts/trantor.nix | 46 +++++++++ 30 files changed, 1298 insertions(+) create mode 100644 aspects/hosts/_alexandria/hardware-configuration.nix create mode 100644 aspects/hosts/_alexandria/jellyfin.nix create mode 100644 aspects/hosts/_alexandria/kanidm.nix create mode 100644 aspects/hosts/_alexandria/nextcloud.nix create mode 100644 aspects/hosts/_alexandria/nginx.nix create mode 100644 aspects/hosts/_alexandria/unbound.nix create mode 100644 aspects/hosts/_alexandria/vaultwarden.nix create mode 100644 aspects/hosts/_io/boot.nix create mode 100644 aspects/hosts/_io/disko.nix create mode 100644 aspects/hosts/_io/hardware-configuration.nix create mode 100644 aspects/hosts/_io/programs.nix create mode 100644 aspects/hosts/_io/services.nix create mode 100644 aspects/hosts/_rotterdam/boot.nix create mode 100644 aspects/hosts/_rotterdam/hardware-configuration.nix create mode 100644 aspects/hosts/_rotterdam/hardware.nix create mode 100644 aspects/hosts/_rotterdam/programs.nix create mode 100644 aspects/hosts/_rotterdam/services.nix create mode 100644 aspects/hosts/_trantor/boot.nix create mode 100644 aspects/hosts/_trantor/disko.nix create mode 100644 aspects/hosts/_trantor/fail2ban.nix create mode 100644 aspects/hosts/_trantor/forgejo.nix create mode 100644 aspects/hosts/_trantor/hardware-configuration.nix create mode 100644 aspects/hosts/_trantor/networking.nix create mode 100644 aspects/hosts/_trantor/nginx.nix create mode 100644 aspects/hosts/_trantor/openssh.nix create mode 100644 aspects/hosts/_trantor/unbound.nix create mode 100644 aspects/hosts/alexandria.nix create mode 100644 aspects/hosts/io.nix create mode 100644 aspects/hosts/rotterdam.nix create mode 100644 aspects/hosts/trantor.nix diff --git a/aspects/hosts/_alexandria/hardware-configuration.nix b/aspects/hosts/_alexandria/hardware-configuration.nix new file mode 100644 index 0000000..63ecba5 --- /dev/null +++ b/aspects/hosts/_alexandria/hardware-configuration.nix @@ -0,0 +1,49 @@ +{ + config, + lib, + modulesPath, + ... +}: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot = { + initrd = { + availableKernelModules = [ + "xhci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/31289617-1d84-4432-a833-680b52e88525"; + fsType = "ext4"; + }; + "/boot" = { + device = "/dev/disk/by-uuid/4130-BE54"; + fsType = "vfat"; + }; + }; + + swapDevices = [ + { + device = "/swapfile"; + size = 8192; + } + ]; + + networking.useDHCP = lib.mkDefault true; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/aspects/hosts/_alexandria/jellyfin.nix b/aspects/hosts/_alexandria/jellyfin.nix new file mode 100644 index 0000000..591403d --- /dev/null +++ b/aspects/hosts/_alexandria/jellyfin.nix @@ -0,0 +1,15 @@ +{ lib, inputs, ... }: +let + utils = import ../../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in +{ + services.jellyfin = { + enable = true; + openFirewall = true; + }; + + services.nginx.virtualHosts = mkNginxVHosts { + domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; + }; +} diff --git a/aspects/hosts/_alexandria/kanidm.nix b/aspects/hosts/_alexandria/kanidm.nix new file mode 100644 index 0000000..d51eb14 --- /dev/null +++ b/aspects/hosts/_alexandria/kanidm.nix @@ -0,0 +1,83 @@ +{ + config, + lib, + inputs, + pkgs, + ... +}: + +let + utils = import ../../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; + kanidmCertDir = "/var/lib/kanidm/certs"; +in + +{ + services.kanidm = { + enableServer = true; + enableClient = true; + package = pkgs.kanidm; + + serverSettings = { + domain = "auth.baduhai.dev"; + origin = "https://auth.baduhai.dev"; + bindaddress = "127.0.0.1:8443"; + ldapbindaddress = "127.0.0.1:636"; + trust_x_forward_for = true; + # Use self-signed certificates for internal TLS + tls_chain = "${kanidmCertDir}/cert.pem"; + tls_key = "${kanidmCertDir}/key.pem"; + }; + + clientSettings = { + uri = "https://auth.baduhai.dev"; + }; + }; + + services.nginx.virtualHosts = mkNginxVHosts { + domains."auth.baduhai.dev" = { + locations."/" = { + proxyPass = "https://127.0.0.1:8443"; + extraConfig = '' + proxy_ssl_verify off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + ''; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 636 ]; + + # Generate self-signed certificates for kanidm's internal TLS + systemd.services.kanidm-generate-certs = { + description = "Generate self-signed TLS certificates for Kanidm"; + wantedBy = [ "multi-user.target" ]; + before = [ "kanidm.service" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + mkdir -p ${kanidmCertDir} + if [ ! -f ${kanidmCertDir}/key.pem ]; then + ${pkgs.openssl}/bin/openssl req -x509 -newkey rsa:4096 \ + -keyout ${kanidmCertDir}/key.pem \ + -out ${kanidmCertDir}/cert.pem \ + -days 3650 -nodes \ + -subj "/CN=localhost" \ + -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" + chown -R kanidm:kanidm ${kanidmCertDir} + chmod 600 ${kanidmCertDir}/key.pem + chmod 644 ${kanidmCertDir}/cert.pem + fi + ''; + }; + + # Ensure certificate generation runs before kanidm starts + systemd.services.kanidm = { + after = [ "kanidm-generate-certs.service" ]; + wants = [ "kanidm-generate-certs.service" ]; + }; +} diff --git a/aspects/hosts/_alexandria/nextcloud.nix b/aspects/hosts/_alexandria/nextcloud.nix new file mode 100644 index 0000000..9d69199 --- /dev/null +++ b/aspects/hosts/_alexandria/nextcloud.nix @@ -0,0 +1,97 @@ +{ + lib, + config, + pkgs, + inputs, + ... +}: + +let + utils = import ../../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in + +{ + services = { + nextcloud = { + enable = true; + package = pkgs.nextcloud32; + datadir = "/data/nextcloud"; + hostName = "cloud.baduhai.dev"; + configureRedis = true; + https = true; + secretFile = config.age.secrets."nextcloud-secrets.json".path; + database.createLocally = true; + maxUploadSize = "16G"; + extraApps = { + inherit (config.services.nextcloud.package.packages.apps) + calendar + contacts + notes + tasks + user_oidc + ; + }; + extraAppsEnable = true; + caching = { + apcu = true; + redis = true; + }; + settings = { + trusted_proxies = [ "127.0.0.1" ]; + default_phone_region = "BR"; + maintenance_window_start = "4"; + allow_local_remote_servers = true; + enabledPreviewProviders = [ + "OC\\Preview\\BMP" + "OC\\Preview\\EMF" + "OC\\Preview\\Font" + "OC\\Preview\\GIF" + "OC\\Preview\\HEIC" + "OC\\Preview\\Illustrator" + "OC\\Preview\\JPEG" + "OC\\Preview\\Krita" + "OC\\Preview\\MarkDown" + "OC\\Preview\\Movie" + "OC\\Preview\\MP3" + "OC\\Preview\\MSOffice2003" + "OC\\Preview\\MSOffice2007" + "OC\\Preview\\MSOfficeDoc" + "OC\\Preview\\OpenDocument" + "OC\\Preview\\PDF" + "OC\\Preview\\Photoshop" + "OC\\Preview\\PNG" + "OC\\Preview\\Postscript" + "OC\\Preview\\SVG" + "OC\\Preview\\TIFF" + "OC\\Preview\\TXT" + "OC\\Preview\\XBitmap" + ]; + }; + config = { + dbtype = "pgsql"; + adminpassFile = config.age.secrets.nextcloud-adminpass.path; + }; + phpOptions = { + "opcache.interned_strings_buffer" = "16"; + }; + }; + + nginx.virtualHosts = mkNginxVHosts { + domains."cloud.baduhai.dev" = { }; + }; + }; + + age.secrets = { + "nextcloud-secrets.json" = { + file = ../../../secrets/nextcloud-secrets.json.age; + owner = "nextcloud"; + group = "nextcloud"; + }; + nextcloud-adminpass = { + file = ../../../secrets/nextcloud-adminpass.age; + owner = "nextcloud"; + group = "nextcloud"; + }; + }; +} diff --git a/aspects/hosts/_alexandria/nginx.nix b/aspects/hosts/_alexandria/nginx.nix new file mode 100644 index 0000000..19258dd --- /dev/null +++ b/aspects/hosts/_alexandria/nginx.nix @@ -0,0 +1,59 @@ +{ + config, + lib, + inputs, + ... +}: + +let + utils = import ../../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts services; + + # Get all unique domains from shared services that have LAN IPs (served by this host) + localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "alexandria") services)); + + # Generate ACME cert configs for all local domains + acmeCerts = lib.genAttrs localDomains (domain: { + group = "nginx"; + }); +in + +{ + security.acme = { + acceptTerms = true; + defaults = { + email = "baduhai@proton.me"; + dnsResolver = "1.1.1.1:53"; + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.cloudflare.path; + }; + certs = acmeCerts; + }; + + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = { + "_" = { + default = true; + locations."/".return = "444"; + }; + }; + }; + + users.users.nginx.extraGroups = [ "acme" ]; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + + age.secrets.cloudflare = { + file = ../../../secrets/cloudflare.age; + owner = "nginx"; + group = "nginx"; + }; +} diff --git a/aspects/hosts/_alexandria/unbound.nix b/aspects/hosts/_alexandria/unbound.nix new file mode 100644 index 0000000..6e46cdd --- /dev/null +++ b/aspects/hosts/_alexandria/unbound.nix @@ -0,0 +1,58 @@ +{ inputs, lib, ... }: + +let + utils = import ../../../utils.nix { inherit inputs lib; }; +in + +{ + services.unbound = { + enable = true; + enableRootTrustAnchor = true; + settings = { + server = { + interface = [ + "0.0.0.0" + "::" + ]; + access-control = [ + "127.0.0.0/8 allow" + "192.168.0.0/16 allow" + "::1/128 allow" + ]; + + num-threads = 2; + msg-cache-size = "50m"; + rrset-cache-size = "100m"; + cache-min-ttl = 300; + cache-max-ttl = 86400; + prefetch = true; + prefetch-key = true; + hide-identity = true; + hide-version = true; + so-rcvbuf = "1m"; + so-sndbuf = "1m"; + + # LAN-only DNS records + local-zone = ''"baduhai.dev." transparent''; + local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') + (lib.filter (e: e ? lanIP) utils.services); + }; + + forward-zone = [ + { + name = "."; + forward-addr = [ + "1.1.1.1@853#cloudflare-dns.com" + "1.0.0.1@853#cloudflare-dns.com" + ]; + forward-tls-upstream = true; + } + ]; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; +} diff --git a/aspects/hosts/_alexandria/vaultwarden.nix b/aspects/hosts/_alexandria/vaultwarden.nix new file mode 100644 index 0000000..81e65b1 --- /dev/null +++ b/aspects/hosts/_alexandria/vaultwarden.nix @@ -0,0 +1,26 @@ +{ + config, + lib, + inputs, + ... +}: +let + utils = import ../../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in +{ + services.vaultwarden = { + enable = true; + config = { + DOMAIN = "https://pass.baduhai.dev"; + SIGNUPS_ALLOWED = false; + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 58222; + }; + }; + + services.nginx.virtualHosts = mkNginxVHosts { + domains."pass.baduhai.dev".locations."/".proxyPass = + "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; + }; +} diff --git a/aspects/hosts/_io/boot.nix b/aspects/hosts/_io/boot.nix new file mode 100644 index 0000000..326f7dc --- /dev/null +++ b/aspects/hosts/_io/boot.nix @@ -0,0 +1,14 @@ +{ + boot = { + # TODO check if future kernel versions fix boot issue with systemd initrd with tpm + initrd.systemd.tpm2.enable = false; + kernelParams = [ + "nosgx" + "i915.fastboot=1" + "mem_sleep_default=deep" + ]; + extraModprobeConfig = '' + options snd-intel-dspcfg dsp_driver=3 + ''; + }; +} diff --git a/aspects/hosts/_io/disko.nix b/aspects/hosts/_io/disko.nix new file mode 100644 index 0000000..4e6c9d5 --- /dev/null +++ b/aspects/hosts/_io/disko.nix @@ -0,0 +1,79 @@ +{ inputs, ... }: + +{ + imports = [ inputs.disko.nixosModules.default ]; + + disko.devices.disk.main = { + type = "disk"; + device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689"; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1MiB"; + end = "1GiB"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot/efi"; + mountOptions = [ + "noatime" + "fmask=0077" + "dmask=0077" + ]; + }; + }; + cryptroot = { + priority = 2; + name = "root"; + size = "100%"; + content = { + type = "luks"; + name = "cryptroot"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "@root" = { + mountpoint = "/"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@root" + ]; + }; + "@home" = { + mountpoint = "/home"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@home" + ]; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@nix" + ]; + }; + "@persistent" = { + mountpoint = "/persistent"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@persistent" + ]; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/aspects/hosts/_io/hardware-configuration.nix b/aspects/hosts/_io/hardware-configuration.nix new file mode 100644 index 0000000..8e4dae4 --- /dev/null +++ b/aspects/hosts/_io/hardware-configuration.nix @@ -0,0 +1,37 @@ +{ + config, + lib, + modulesPath, + inputs, + ... +}: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot = { + initrd = { + availableKernelModules = [ + "xhci_pci" + "ahci" + "usb_storage" + "sd_mod" + "sdhci_pci" + ]; + }; + kernelModules = [ "kvm-intel" ]; + }; + + zramSwap = { + enable = true; + memoryPercent = 100; + }; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/aspects/hosts/_io/programs.nix b/aspects/hosts/_io/programs.nix new file mode 100644 index 0000000..e272d22 --- /dev/null +++ b/aspects/hosts/_io/programs.nix @@ -0,0 +1,27 @@ +{ pkgs, ... }: + +let + cml-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs { + wttsrc = pkgs.fetchFromGitHub { + owner = "WeirdTreeThing"; + repo = "chromebook-ucm-conf"; + rev = "b6ce2a7"; + hash = "sha256-QRUKHd3RQmg1tnZU8KCW0AmDtfw/daOJ/H3XU5qWTCc="; + }; + postInstall = '' + echo "v0.4.1" > $out/chromebook.patched + cp -R $wttsrc/{common,codecs,platforms} $out/share/alsa/ucm2 + cp -R $wttsrc/{cml,sof-rt5682} $out/share/alsa/ucm2/conf.d + ''; + }; +in + +{ + environment = { + systemPackages = with pkgs; [ + maliit-keyboard + sof-firmware + ]; + sessionVariables.ALSA_CONFIG_UCM2 = "${cml-ucm-conf}/share/alsa/ucm2"; + }; +} diff --git a/aspects/hosts/_io/services.nix b/aspects/hosts/_io/services.nix new file mode 100644 index 0000000..df41a6f --- /dev/null +++ b/aspects/hosts/_io/services.nix @@ -0,0 +1,61 @@ +{ pkgs, ... }: + +{ + services = { + keyd = { + enable = true; + keyboards.main = { + ids = [ "0001:0001" ]; + settings = { + main = { + meta = "overload(meta, esc)"; + f1 = "back"; + f2 = "forward"; + f3 = "refresh"; + f4 = "M-f11"; + f5 = "M-w"; + f6 = "brightnessdown"; + f7 = "brightnessup"; + f8 = "timeout(mute, 200, micmute)"; + f9 = "play"; + f10 = "timeout(nextsong, 200, previoussong)"; + f13 = "delete"; + "102nd" = "layer(function)"; + }; + shift = { + leftshift = "capslock"; + rightshift = "capslock"; + }; + function = { + escape = "f1"; + f1 = "f2"; + f2 = "f3"; + f3 = "f4"; + f4 = "f5"; + f5 = "f6"; + f6 = "f7"; + f7 = "f8"; + f8 = "f9"; + f9 = "f10"; + f10 = "f11"; + f13 = "f12"; + y = "sysrq"; + k = "home"; + l = "pageup"; + "," = "end"; + "." = "pagedown"; + }; + }; + }; + }; + upower.enable = true; + power-profiles-daemon.enable = true; + }; + + # TODO: remove once gmodena/nix-flatpak/issues/45 fixed + systemd.services."flatpak-managed-install" = { + serviceConfig = { + ExecStartPre = "${pkgs.coreutils}/bin/sleep 5"; + }; + }; +} diff --git a/aspects/hosts/_rotterdam/boot.nix b/aspects/hosts/_rotterdam/boot.nix new file mode 100644 index 0000000..d038ede --- /dev/null +++ b/aspects/hosts/_rotterdam/boot.nix @@ -0,0 +1,31 @@ +{ pkgs, ... }: + +let + qubesnsh = pkgs.writeTextFile { + name = "qubes.nsh"; + text = "HD1f65535a1:EFI\\qubes\\grubx64.efi"; + }; +in + +{ + boot = { + kernelParams = [ + "processor.max_cstate=1" # Fixes bug where ryzen cpus freeze when in highest C state + "clearcpuid=514" + "amdgpu.ppfeaturemask=0xfffd3fff" # Fixes amdgpu freezing + ]; + # QubesOS boot entry + loader.systemd-boot = { + extraFiles = { + "efi/edk2-shell/shell.efi" = "${pkgs.edk2-uefi-shell}/shell.efi"; + "qubes.nsh" = qubesnsh; + }; + extraEntries."qubes.conf" = '' + title Qubes OS + efi /efi/edk2-shell/shell.efi + options -nointerrupt qubes.nsh + sort-key ab + ''; + }; + }; +} diff --git a/aspects/hosts/_rotterdam/hardware-configuration.nix b/aspects/hosts/_rotterdam/hardware-configuration.nix new file mode 100644 index 0000000..169c53f --- /dev/null +++ b/aspects/hosts/_rotterdam/hardware-configuration.nix @@ -0,0 +1,82 @@ +{ + config, + lib, + modulesPath, + ... +}: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot = { + initrd = { + availableKernelModules = [ + "amdgpu" + "nvme" + "xhci_pci" + "ahci" + "usbhid" + "sd_mod" + ]; + luks.devices."cryptroot" = { + device = "/dev/disk/by-uuid/f7dd4142-7109-4493-834d-4a831777f08d"; + keyFile = "/dev/disk/by-partuuid/add5fc14-e20f-48be-8b2a-0799ef04d3cb"; + }; + }; + kernelModules = [ "kvm-amd" ]; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; + fsType = "btrfs"; + options = [ + "subvol=@root" + "noatime" + "compress=zstd" + ]; + }; + "/home" = { + device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; + fsType = "btrfs"; + options = [ + "subvol=@home" + "noatime" + "compress=zstd" + ]; + }; + "/boot/efi" = { + device = "/dev/disk/by-uuid/F2A2-CF5A"; + fsType = "vfat"; + options = [ + "noatime" + "fmask=0077" + "dmask=0077" + ]; + }; + "/nix" = { + device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; + fsType = "btrfs"; + options = [ + "subvol=@nix" + "noatime" + "compress=zstd" + ]; + }; + "/persistent" = { + device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; + fsType = "btrfs"; + options = [ + "subvol=@persistent" + "noatime" + "compress=zstd" + ]; + }; + }; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/aspects/hosts/_rotterdam/hardware.nix b/aspects/hosts/_rotterdam/hardware.nix new file mode 100644 index 0000000..6f76e99 --- /dev/null +++ b/aspects/hosts/_rotterdam/hardware.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: + +{ + hardware = { + amdgpu.opencl.enable = true; + graphics.extraPackages = with pkgs; [ rocmPackages.clr.icd ]; + }; +} diff --git a/aspects/hosts/_rotterdam/programs.nix b/aspects/hosts/_rotterdam/programs.nix new file mode 100644 index 0000000..b4dcfd9 --- /dev/null +++ b/aspects/hosts/_rotterdam/programs.nix @@ -0,0 +1,31 @@ +{ pkgs, ... }: + +let + reboot-into-qubes = pkgs.makeDesktopItem { + name = "reboot-into-qubes"; + icon = pkgs.fetchurl { + url = "https://raw.githubusercontent.com/vinceliuice/Qogir-icon-theme/31f267e1f5fd4e9596bfd78dfb41a03d3a9f33ee/src/scalable/apps/distributor-logo-qubes.svg"; + sha256 = "sha256-QbHr7s5Wcs7uFtfqZctMyS0iDbMfiiZOKy2nHhDOfn0="; + }; + desktopName = "Qubes OS"; + genericName = "Reboot into Qubes OS"; + categories = [ "System" ]; + startupNotify = true; + exec = pkgs.writeShellScript "reboot-into-qubes" '' + ${pkgs.yad}/bin/yad --form \ + --title="Qubes OS" \ + --image distributor-logo-qubes \ + --text "Are you sure you want to reboot into Qubes OS?" \ + --button="Yes:0" --button="Cancel:1" + if [ $? -eq 0 ]; then + systemctl reboot --boot-loader-entry=qubes.conf + fi + ''; + }; +in + +{ + environment.systemPackages = [ reboot-into-qubes ]; + + programs.steam.dedicatedServer.openFirewall = true; +} diff --git a/aspects/hosts/_rotterdam/services.nix b/aspects/hosts/_rotterdam/services.nix new file mode 100644 index 0000000..0bf276f --- /dev/null +++ b/aspects/hosts/_rotterdam/services.nix @@ -0,0 +1,11 @@ +{ + services.keyd = { + enable = true; + keyboards.main = { + ids = [ "5653:0001" ]; + settings.main = { + esc = "overload(meta, esc)"; + }; + }; + }; +} diff --git a/aspects/hosts/_trantor/boot.nix b/aspects/hosts/_trantor/boot.nix new file mode 100644 index 0000000..0498818 --- /dev/null +++ b/aspects/hosts/_trantor/boot.nix @@ -0,0 +1,6 @@ +{ + boot = { + initrd.systemd.enable = true; + loader.efi.efiSysMountPoint = "/boot/efi"; + }; +} diff --git a/aspects/hosts/_trantor/disko.nix b/aspects/hosts/_trantor/disko.nix new file mode 100644 index 0000000..0e47058 --- /dev/null +++ b/aspects/hosts/_trantor/disko.nix @@ -0,0 +1,64 @@ +{ inputs, ... }: + +{ + imports = [ inputs.disko.nixosModules.default ]; + + disko.devices.disk.main = { + type = "disk"; + device = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20"; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1MiB"; + end = "512MiB"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot/efi"; + mountOptions = [ + "noatime" + "fmask=0077" + "dmask=0077" + ]; + }; + }; + root = { + priority = 2; + name = "root"; + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "@root" = { + mountpoint = "/"; + mountOptions = [ + "noatime" + "compress=zstd" + ]; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = [ + "noatime" + "compress=zstd" + ]; + }; + "@persistent" = { + mountpoint = "/persistent"; + mountOptions = [ + "noatime" + "compress=zstd" + ]; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/aspects/hosts/_trantor/fail2ban.nix b/aspects/hosts/_trantor/fail2ban.nix new file mode 100644 index 0000000..bc05139 --- /dev/null +++ b/aspects/hosts/_trantor/fail2ban.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: + +{ + services.fail2ban = { + enable = true; + maxretry = 5; + ignoreIP = [ + "127.0.0.0/8" + "::1" + "10.0.0.0/8" + "172.16.0.0/12" + "192.168.0.0/16" + "100.64.0.0/10" + ]; + bantime = "1h"; + bantime-increment = { + enable = true; + multipliers = "1 2 4 8 16 32 64"; + maxtime = "10000h"; + overalljails = true; + }; + }; +} diff --git a/aspects/hosts/_trantor/forgejo.nix b/aspects/hosts/_trantor/forgejo.nix new file mode 100644 index 0000000..e6b2159 --- /dev/null +++ b/aspects/hosts/_trantor/forgejo.nix @@ -0,0 +1,72 @@ +{ + config, + lib, + inputs, + ... +}: + +let + utils = import ../../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in + +{ + services = { + forgejo = { + enable = true; + settings = { + session.COOKIE_SECURE = true; + server = { + PROTOCOL = "http+unix"; + DOMAIN = "git.baduhai.dev"; + ROOT_URL = "https://git.baduhai.dev"; + OFFLINE_MODE = true; # disable use of CDNs + SSH_DOMAIN = "git.baduhai.dev"; + }; + log.LEVEL = "Warn"; + mailer.ENABLED = false; + actions.ENABLED = false; + service.DISABLE_REGISTRATION = true; + oauth2_client = { + ENABLE_AUTO_REGISTRATION = true; + UPDATE_AVATAR = true; + ACCOUNT_LINKING = "login"; + USERNAME = "preferred_username"; + }; + }; + }; + nginx.virtualHosts = mkNginxVHosts { + domains."git.baduhai.dev".locations."/".proxyPass = + "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; + }; + fail2ban.jails.forgejo = { + settings = { + enabled = true; + filter = "forgejo"; + maxretry = 3; + findtime = "10m"; + bantime = "1h"; + }; + }; + }; + + environment = { + etc."fail2ban/filter.d/forgejo.conf".text = '' + [Definition] + failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from + ignoreregex = + journalmatch = _SYSTEMD_UNIT=forgejo.service + ''; + + persistence.main.directories = [ + { + directory = config.services.forgejo.stateDir; + inherit (config.services.forgejo) user group; + mode = "0700"; + } + ]; + }; + + # Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories + systemd.services.forgejo.serviceConfig.PrivateMounts = lib.mkForce false; +} diff --git a/aspects/hosts/_trantor/hardware-configuration.nix b/aspects/hosts/_trantor/hardware-configuration.nix new file mode 100644 index 0000000..039129e --- /dev/null +++ b/aspects/hosts/_trantor/hardware-configuration.nix @@ -0,0 +1,20 @@ +{ + lib, + modulesPath, + ... +}: + +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "virtio_pci" + "virtio_scsi" + "usbhid" + ]; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} diff --git a/aspects/hosts/_trantor/networking.nix b/aspects/hosts/_trantor/networking.nix new file mode 100644 index 0000000..4dcbe1e --- /dev/null +++ b/aspects/hosts/_trantor/networking.nix @@ -0,0 +1,8 @@ +{ + networking = { + firewall = { + allowedTCPPorts = [ 25566 ]; + allowedUDPPorts = [ 25566 ]; + }; + }; +} diff --git a/aspects/hosts/_trantor/nginx.nix b/aspects/hosts/_trantor/nginx.nix new file mode 100644 index 0000000..1fd6b5c --- /dev/null +++ b/aspects/hosts/_trantor/nginx.nix @@ -0,0 +1,61 @@ +{ + config, + lib, + inputs, + ... +}: + +let + utils = import ../../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts services; + + # Get all unique domains from shared services on trantor (host = "trantor") + localDomains = lib.unique ( + map (s: s.domain) (lib.filter (s: s.host == "trantor") services) + ); + + # Generate ACME cert configs for all local domains + acmeCerts = lib.genAttrs localDomains (domain: { + group = "nginx"; + }); +in + +{ + security.acme = { + acceptTerms = true; + defaults = { + email = "baduhai@proton.me"; + dnsResolver = "1.1.1.1:53"; + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.cloudflare.path; + }; + certs = acmeCerts; + }; + + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = { + "_" = { + default = true; + locations."/".return = "444"; + }; + }; + }; + + users.users.nginx.extraGroups = [ "acme" ]; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + + age.secrets.cloudflare = { + file = ../../../secrets/cloudflare.age; + owner = "nginx"; + group = "nginx"; + }; +} diff --git a/aspects/hosts/_trantor/openssh.nix b/aspects/hosts/_trantor/openssh.nix new file mode 100644 index 0000000..704b3df --- /dev/null +++ b/aspects/hosts/_trantor/openssh.nix @@ -0,0 +1,23 @@ +{ ... }: + +{ + services = { + openssh = { + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; + fail2ban.jails.sshd = { + settings = { + enabled = true; + port = "ssh"; + filter = "sshd"; + logpath = "/var/log/auth.log"; + maxretry = 3; + findtime = "10m"; + bantime = "1h"; + }; + }; + }; +} diff --git a/aspects/hosts/_trantor/unbound.nix b/aspects/hosts/_trantor/unbound.nix new file mode 100644 index 0000000..367c2c8 --- /dev/null +++ b/aspects/hosts/_trantor/unbound.nix @@ -0,0 +1,58 @@ +{ inputs, lib, ... }: + +let + utils = import ../../../utils.nix { inherit inputs lib; }; +in + +{ + services.unbound = { + enable = true; + enableRootTrustAnchor = true; + settings = { + server = { + interface = [ + "0.0.0.0" + "::" + ]; + access-control = [ + "127.0.0.0/8 allow" + "100.64.0.0/10 allow" # Tailscale CGNAT range + "::1/128 allow" + "fd7a:115c:a1e0::/48 allow" # Tailscale IPv6 + ]; + + num-threads = 2; + msg-cache-size = "50m"; + rrset-cache-size = "100m"; + cache-min-ttl = 300; + cache-max-ttl = 86400; + prefetch = true; + prefetch-key = true; + hide-identity = true; + hide-version = true; + so-rcvbuf = "1m"; + so-sndbuf = "1m"; + + # Tailnet DNS records from shared services + local-zone = ''"baduhai.dev." transparent''; + local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') utils.services; + }; + + forward-zone = [ + { + name = "."; + forward-addr = [ + "1.1.1.1@853#cloudflare-dns.com" + "1.0.0.1@853#cloudflare-dns.com" + ]; + forward-tls-upstream = true; + } + ]; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; +} diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix new file mode 100644 index 0000000..28a367d --- /dev/null +++ b/aspects/hosts/alexandria.nix @@ -0,0 +1,42 @@ +{ inputs, ... }: +{ + flake.nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "alexandria"; } + { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale + inputs.self.modules.nixos.common-users + + # Server aspects + inputs.self.modules.nixos.server-boot + inputs.self.modules.nixos.server-nix + inputs.self.modules.nixos.server-tailscale + + # Other aspects based on tags + inputs.self.modules.nixos.fwupd + + # Host-specific files (from _alexandria/) + ./_alexandria/hardware-configuration.nix + ./_alexandria/jellyfin.nix + ./_alexandria/kanidm.nix + ./_alexandria/nextcloud.nix + ./_alexandria/nginx.nix + ./_alexandria/unbound.nix + ./_alexandria/vaultwarden.nix + ]; + }; +} diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix new file mode 100644 index 0000000..1d7f15a --- /dev/null +++ b/aspects/hosts/io.nix @@ -0,0 +1,51 @@ +{ inputs, ... }: +{ + flake.nixosConfigurations.io = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "io"; } + { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale + inputs.self.modules.nixos.common-users + + # Desktop aspects + inputs.self.modules.nixos.desktop-boot + inputs.self.modules.nixos.desktop-desktop + inputs.self.modules.nixos.desktop-nix + inputs.self.modules.nixos.desktop-services + + # Other aspects based on tags + inputs.self.modules.nixos.ai + inputs.self.modules.nixos.bluetooth + inputs.self.modules.nixos.dev + inputs.self.modules.nixos.libvirtd + inputs.self.modules.nixos.networkmanager + inputs.self.modules.nixos.podman + + # Factory-generated ephemeral module + (inputs.self.factory.ephemeral { + rootDevice = "/dev/mapper/cryptroot"; + }) + + # Host-specific files (from _io/) + ./_io/hardware-configuration.nix + ./_io/disko.nix + ./_io/boot.nix + ./_io/programs.nix + ./_io/services.nix + ]; + }; +} diff --git a/aspects/hosts/rotterdam.nix b/aspects/hosts/rotterdam.nix new file mode 100644 index 0000000..e9d3f18 --- /dev/null +++ b/aspects/hosts/rotterdam.nix @@ -0,0 +1,56 @@ +{ inputs, ... }: +{ + flake.nixosConfigurations.rotterdam = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "rotterdam"; } + { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale + inputs.self.modules.nixos.common-users + + # Desktop aspects + inputs.self.modules.nixos.desktop-boot + inputs.self.modules.nixos.desktop-desktop + inputs.self.modules.nixos.desktop-nix + inputs.self.modules.nixos.desktop-services + + # Other aspects based on tags + inputs.self.modules.nixos.ai + inputs.self.modules.nixos.bluetooth + inputs.self.modules.nixos.dev + inputs.self.modules.nixos.fwupd + inputs.self.modules.nixos.gaming-steam + inputs.self.modules.nixos.gaming-hardware + inputs.self.modules.nixos.gaming-flatpak + inputs.self.modules.nixos.gaming-launchers + inputs.self.modules.nixos.libvirtd + inputs.self.modules.nixos.networkmanager + inputs.self.modules.nixos.podman + + # Factory-generated ephemeral module + (inputs.self.factory.ephemeral { + rootDevice = "/dev/mapper/cryptroot"; + }) + + # Host-specific files (from _rotterdam/) + ./_rotterdam/hardware-configuration.nix + ./_rotterdam/boot.nix + ./_rotterdam/hardware.nix + ./_rotterdam/programs.nix + ./_rotterdam/services.nix + ]; + }; +} diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix new file mode 100644 index 0000000..646cc73 --- /dev/null +++ b/aspects/hosts/trantor.nix @@ -0,0 +1,46 @@ +{ inputs, ... }: +{ + flake.nixosConfigurations.trantor = inputs.nixpkgs-stable.lib.nixosSystem { + system = "aarch64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "trantor"; } + { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale + inputs.self.modules.nixos.common-users + + # Server aspects + inputs.self.modules.nixos.server-boot + inputs.self.modules.nixos.server-nix + inputs.self.modules.nixos.server-tailscale + + # Factory-generated ephemeral module + (inputs.self.factory.ephemeral { + rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; + }) + + # Host-specific files (from _trantor/) + ./_trantor/hardware-configuration.nix + ./_trantor/disko.nix + ./_trantor/boot.nix + ./_trantor/fail2ban.nix + ./_trantor/forgejo.nix + ./_trantor/networking.nix + ./_trantor/nginx.nix + ./_trantor/openssh.nix + ./_trantor/unbound.nix + ]; + }; +} From a9f84629e3359a3ab902e62e187bba2d285db037 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:50 -0300 Subject: [PATCH 16/75] add aspects/users/ configurations User-specific home-manager configurations for: - user@rotterdam - user@io Includes user-specific modules in _user/ directory. Co-Authored-By: Claude Opus 4.5 --- aspects/users/_user/git.nix | 17 +++++++ aspects/users/user.nix | 91 +++++++++++++++++++++++++++++++++++++ 2 files changed, 108 insertions(+) create mode 100644 aspects/users/_user/git.nix create mode 100644 aspects/users/user.nix diff --git a/aspects/users/_user/git.nix b/aspects/users/_user/git.nix new file mode 100644 index 0000000..9c1fb20 --- /dev/null +++ b/aspects/users/_user/git.nix @@ -0,0 +1,17 @@ +{ pkgs, ... }: + +{ + programs = { + git = { + enable = true; + settings.user = { + name = "William"; + email = "baduhai@proton.me"; + }; + }; + diff-so-fancy = { + enable = true; + enableGitIntegration = true; + }; + }; +} diff --git a/aspects/users/user.nix b/aspects/users/user.nix new file mode 100644 index 0000000..5130abf --- /dev/null +++ b/aspects/users/user.nix @@ -0,0 +1,91 @@ +# aspects/users/user.nix +{ inputs, ... }: +{ + flake.homeConfigurations = { + "user@rotterdam" = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { inherit inputs; hostname = "rotterdam"; }; + modules = [ + { nixpkgs.overlays = [ inputs.self.overlays.default ]; } + + # CLI aspects (common module included) + inputs.self.modules.homeManager.cli-base + inputs.self.modules.homeManager.cli-btop + inputs.self.modules.homeManager.cli-comma + inputs.self.modules.homeManager.cli-direnv + inputs.self.modules.homeManager.cli-helix + inputs.self.modules.homeManager.cli-starship + inputs.self.modules.homeManager.cli-tmux + + # Shell + inputs.self.modules.homeManager.shell-fish + inputs.self.modules.homeManager.shell-bash + + # Desktop + inputs.self.modules.homeManager.desktop-desktop + inputs.self.modules.homeManager.desktop-niri + + # Gaming + inputs.self.modules.homeManager.gaming-mangohud + + # Programs + inputs.self.modules.homeManager.programs-media # for obs-studio + + # Stylix + inputs.self.modules.homeManager.stylix + + # User-specific (from _user/) + ./_user/git.nix + + # Home configuration + { + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + }; + } + ]; + }; + + "user@io" = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { inherit inputs; hostname = "io"; }; + modules = [ + { nixpkgs.overlays = [ inputs.self.overlays.default ]; } + + # CLI aspects (common module included) + inputs.self.modules.homeManager.cli-base + inputs.self.modules.homeManager.cli-btop + inputs.self.modules.homeManager.cli-comma + inputs.self.modules.homeManager.cli-direnv + inputs.self.modules.homeManager.cli-helix + inputs.self.modules.homeManager.cli-starship + inputs.self.modules.homeManager.cli-tmux + + # Shell + inputs.self.modules.homeManager.shell-fish + inputs.self.modules.homeManager.shell-bash + + # Desktop + inputs.self.modules.homeManager.desktop-desktop + inputs.self.modules.homeManager.desktop-niri + + # Stylix + inputs.self.modules.homeManager.stylix + + # User-specific (from _user/) + ./_user/git.nix + + # Home configuration + { + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + }; + } + ]; + }; + }; +} From 3200927cb5b3df90298f8f28bb3dec1037a61133 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:50 -0300 Subject: [PATCH 17/75] update flake.nix to use import-tree Use import-tree to automatically discover and import all aspects. Removes homeConfigurations.nix, nixosConfigurations.nix, and nixosModules.nix from imports as they're now in aspects/. Co-Authored-By: Claude Opus 4.5 --- flake.nix | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/flake.nix b/flake.nix index 20210f2..701406d 100644 --- a/flake.nix +++ b/flake.nix @@ -3,6 +3,7 @@ inputs = { flake-parts.url = "github:hercules-ci/flake-parts"; + import-tree.url = "github:vic/import-tree"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11"; @@ -56,22 +57,22 @@ }; outputs = - inputs@{ flake-parts, ... }: - flake-parts.lib.mkFlake { inherit inputs; } { - systems = [ - "x86_64-linux" - "aarch64-linux" - ]; + inputs@{ flake-parts, import-tree, ... }: + flake-parts.lib.mkFlake { inherit inputs; } ( + import-tree ./aspects + // { + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; - imports = [ - ./deploy.nix - ./devShells.nix - ./homeConfigurations.nix - ./nixosConfigurations.nix - ./nixosModules.nix - ./overlays.nix - ./packages.nix - ./terranixConfigurations.nix - ]; - }; + imports = [ + ./deploy.nix + ./devShells.nix + ./overlays.nix + ./packages.nix + ./terranixConfigurations.nix + ]; + } + ); } From 848f79f8bb8644c62a826c83c5561fcad8428e0d Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:37:27 -0300 Subject: [PATCH 18/75] remove old configuration structure Remove directories and files replaced by aspects/: - hosts/ - users/ - modules/ - shared/ - nixosConfigurations.nix - homeConfigurations.nix - nixosModules.nix - utils.nix Co-Authored-By: Claude Opus 4.5 --- homeConfigurations.nix | 43 ---- hosts/alexandria/hardware-configuration.nix | 49 ---- hosts/alexandria/jellyfin.nix | 15 -- hosts/alexandria/kanidm.nix | 83 ------- hosts/alexandria/nextcloud.nix | 97 -------- hosts/alexandria/nginx.nix | 59 ----- hosts/alexandria/unbound.nix | 58 ----- hosts/alexandria/vaultwarden.nix | 26 --- hosts/io/boot.nix | 14 -- hosts/io/disko.nix | 79 ------- hosts/io/hardware-configuration.nix | 37 ---- hosts/io/programs.nix | 27 --- hosts/io/services.nix | 61 ----- hosts/modules/ai.nix | 11 - hosts/modules/bluetooth.nix | 5 - hosts/modules/common/boot.nix | 20 -- hosts/modules/common/console.nix | 8 - hosts/modules/common/firewall.nix | 8 - hosts/modules/common/locale.nix | 21 -- hosts/modules/common/nix.nix | 38 ---- hosts/modules/common/openssh.nix | 11 - hosts/modules/common/programs.nix | 40 ---- hosts/modules/common/security.nix | 13 -- hosts/modules/common/services.nix | 9 - hosts/modules/common/tailscale.nix | 8 - hosts/modules/common/users.nix | 24 -- hosts/modules/desktop/boot.nix | 26 --- hosts/modules/desktop/desktop.nix | 163 -------------- hosts/modules/desktop/nix.nix | 13 -- hosts/modules/desktop/services.nix | 15 -- hosts/modules/dev.nix | 18 -- hosts/modules/ephemeral.nix | 43 ---- hosts/modules/fwupd.nix | 5 - hosts/modules/gaming.nix | 43 ---- hosts/modules/libvirtd.nix | 17 -- hosts/modules/networkmanager.nix | 10 - hosts/modules/podman.nix | 14 -- hosts/modules/server/boot.nix | 5 - hosts/modules/server/nix.nix | 13 -- hosts/modules/server/tailscale.nix | 13 -- hosts/rotterdam/boot.nix | 31 --- hosts/rotterdam/hardware-configuration.nix | 82 ------- hosts/rotterdam/hardware.nix | 8 - hosts/rotterdam/programs.nix | 31 --- hosts/rotterdam/services.nix | 11 - hosts/trantor/boot.nix | 6 - hosts/trantor/disko.nix | 64 ------ hosts/trantor/fail2ban.nix | 23 -- hosts/trantor/forgejo.nix | 72 ------ hosts/trantor/hardware-configuration.nix | 20 -- hosts/trantor/networking.nix | 8 - hosts/trantor/nginx.nix | 61 ----- hosts/trantor/openssh.nix | 23 -- hosts/trantor/unbound.nix | 58 ----- modules/ephemeral.nix | 84 ------- nixosConfigurations.nix | 56 ----- nixosModules.nix | 7 - shared/services.nix | 43 ---- users/modules/btop.nix | 12 - users/modules/comma.nix | 7 - users/modules/common/bash.nix | 8 - users/modules/common/fish.nix | 32 --- users/modules/common/hm-cli.nix | 10 - users/modules/desktop/desktop.nix | 134 ----------- users/modules/desktop/niri.nix | 225 ------------------- users/modules/direnv.nix | 8 - users/modules/gaming.nix | 33 --- users/modules/helix.nix | 49 ---- users/modules/obs-studio.nix | 13 -- users/modules/starship.nix | 40 ---- users/modules/stylix.nix | 69 ------ users/modules/tmux.nix | 11 - users/user/git.nix | 17 -- utils.nix | 233 -------------------- 74 files changed, 2851 deletions(-) delete mode 100644 homeConfigurations.nix delete mode 100644 hosts/alexandria/hardware-configuration.nix delete mode 100644 hosts/alexandria/jellyfin.nix delete mode 100644 hosts/alexandria/kanidm.nix delete mode 100644 hosts/alexandria/nextcloud.nix delete mode 100644 hosts/alexandria/nginx.nix delete mode 100644 hosts/alexandria/unbound.nix delete mode 100644 hosts/alexandria/vaultwarden.nix delete mode 100644 hosts/io/boot.nix delete mode 100644 hosts/io/disko.nix delete mode 100644 hosts/io/hardware-configuration.nix delete mode 100644 hosts/io/programs.nix delete mode 100644 hosts/io/services.nix delete mode 100644 hosts/modules/ai.nix delete mode 100644 hosts/modules/bluetooth.nix delete mode 100644 hosts/modules/common/boot.nix delete mode 100644 hosts/modules/common/console.nix delete mode 100644 hosts/modules/common/firewall.nix delete mode 100644 hosts/modules/common/locale.nix delete mode 100644 hosts/modules/common/nix.nix delete mode 100644 hosts/modules/common/openssh.nix delete mode 100644 hosts/modules/common/programs.nix delete mode 100644 hosts/modules/common/security.nix delete mode 100644 hosts/modules/common/services.nix delete mode 100644 hosts/modules/common/tailscale.nix delete mode 100644 hosts/modules/common/users.nix delete mode 100644 hosts/modules/desktop/boot.nix delete mode 100644 hosts/modules/desktop/desktop.nix delete mode 100644 hosts/modules/desktop/nix.nix delete mode 100644 hosts/modules/desktop/services.nix delete mode 100644 hosts/modules/dev.nix delete mode 100644 hosts/modules/ephemeral.nix delete mode 100644 hosts/modules/fwupd.nix delete mode 100644 hosts/modules/gaming.nix delete mode 100644 hosts/modules/libvirtd.nix delete mode 100644 hosts/modules/networkmanager.nix delete mode 100644 hosts/modules/podman.nix delete mode 100644 hosts/modules/server/boot.nix delete mode 100644 hosts/modules/server/nix.nix delete mode 100644 hosts/modules/server/tailscale.nix delete mode 100644 hosts/rotterdam/boot.nix delete mode 100644 hosts/rotterdam/hardware-configuration.nix delete mode 100644 hosts/rotterdam/hardware.nix delete mode 100644 hosts/rotterdam/programs.nix delete mode 100644 hosts/rotterdam/services.nix delete mode 100644 hosts/trantor/boot.nix delete mode 100644 hosts/trantor/disko.nix delete mode 100644 hosts/trantor/fail2ban.nix delete mode 100644 hosts/trantor/forgejo.nix delete mode 100644 hosts/trantor/hardware-configuration.nix delete mode 100644 hosts/trantor/networking.nix delete mode 100644 hosts/trantor/nginx.nix delete mode 100644 hosts/trantor/openssh.nix delete mode 100644 hosts/trantor/unbound.nix delete mode 100644 modules/ephemeral.nix delete mode 100644 nixosConfigurations.nix delete mode 100644 nixosModules.nix delete mode 100644 shared/services.nix delete mode 100644 users/modules/btop.nix delete mode 100644 users/modules/comma.nix delete mode 100644 users/modules/common/bash.nix delete mode 100644 users/modules/common/fish.nix delete mode 100644 users/modules/common/hm-cli.nix delete mode 100644 users/modules/desktop/desktop.nix delete mode 100644 users/modules/desktop/niri.nix delete mode 100644 users/modules/direnv.nix delete mode 100644 users/modules/gaming.nix delete mode 100644 users/modules/helix.nix delete mode 100644 users/modules/obs-studio.nix delete mode 100644 users/modules/starship.nix delete mode 100644 users/modules/stylix.nix delete mode 100644 users/modules/tmux.nix delete mode 100644 users/user/git.nix delete mode 100644 utils.nix diff --git a/homeConfigurations.nix b/homeConfigurations.nix deleted file mode 100644 index 296abfa..0000000 --- a/homeConfigurations.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ inputs, ... }: - -let - lib = inputs.nixpkgs.lib; - utils = import ./utils.nix { inherit inputs lib; }; - inherit (utils) mkHome; -in - -{ - flake.homeConfigurations = { - "user@rotterdam" = mkHome { - username = "user"; - hostname = "rotterdam"; - tags = [ - "desktop" - "btop" - "comma" - "direnv" - "gaming" - "helix" - "obs-studio" - "starship" - "stylix" - "tmux" - ]; - }; - - "user@io" = mkHome { - username = "user"; - hostname = "io"; - tags = [ - "desktop" - "btop" - "comma" - "direnv" - "helix" - "starship" - "stylix" - "tmux" - ]; - }; - }; -} diff --git a/hosts/alexandria/hardware-configuration.nix b/hosts/alexandria/hardware-configuration.nix deleted file mode 100644 index 63ecba5..0000000 --- a/hosts/alexandria/hardware-configuration.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ - config, - lib, - modulesPath, - ... -}: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - initrd = { - availableKernelModules = [ - "xhci_pci" - "ahci" - "usbhid" - "usb_storage" - "sd_mod" - ]; - kernelModules = [ ]; - }; - kernelModules = [ "kvm-intel" ]; - extraModulePackages = [ ]; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/31289617-1d84-4432-a833-680b52e88525"; - fsType = "ext4"; - }; - "/boot" = { - device = "/dev/disk/by-uuid/4130-BE54"; - fsType = "vfat"; - }; - }; - - swapDevices = [ - { - device = "/swapfile"; - size = 8192; - } - ]; - - networking.useDHCP = lib.mkDefault true; - - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/alexandria/jellyfin.nix b/hosts/alexandria/jellyfin.nix deleted file mode 100644 index 6ceac09..0000000 --- a/hosts/alexandria/jellyfin.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ lib, inputs, ... }: -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in -{ - services.jellyfin = { - enable = true; - openFirewall = true; - }; - - services.nginx.virtualHosts = mkNginxVHosts { - domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; - }; -} diff --git a/hosts/alexandria/kanidm.nix b/hosts/alexandria/kanidm.nix deleted file mode 100644 index eaaa9b9..0000000 --- a/hosts/alexandria/kanidm.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ - config, - lib, - inputs, - pkgs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; - kanidmCertDir = "/var/lib/kanidm/certs"; -in - -{ - services.kanidm = { - enableServer = true; - enableClient = true; - package = pkgs.kanidm; - - serverSettings = { - domain = "auth.baduhai.dev"; - origin = "https://auth.baduhai.dev"; - bindaddress = "127.0.0.1:8443"; - ldapbindaddress = "127.0.0.1:636"; - trust_x_forward_for = true; - # Use self-signed certificates for internal TLS - tls_chain = "${kanidmCertDir}/cert.pem"; - tls_key = "${kanidmCertDir}/key.pem"; - }; - - clientSettings = { - uri = "https://auth.baduhai.dev"; - }; - }; - - services.nginx.virtualHosts = mkNginxVHosts { - domains."auth.baduhai.dev" = { - locations."/" = { - proxyPass = "https://127.0.0.1:8443"; - extraConfig = '' - proxy_ssl_verify off; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $host; - ''; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ 636 ]; - - # Generate self-signed certificates for kanidm's internal TLS - systemd.services.kanidm-generate-certs = { - description = "Generate self-signed TLS certificates for Kanidm"; - wantedBy = [ "multi-user.target" ]; - before = [ "kanidm.service" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - mkdir -p ${kanidmCertDir} - if [ ! -f ${kanidmCertDir}/key.pem ]; then - ${pkgs.openssl}/bin/openssl req -x509 -newkey rsa:4096 \ - -keyout ${kanidmCertDir}/key.pem \ - -out ${kanidmCertDir}/cert.pem \ - -days 3650 -nodes \ - -subj "/CN=localhost" \ - -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" - chown -R kanidm:kanidm ${kanidmCertDir} - chmod 600 ${kanidmCertDir}/key.pem - chmod 644 ${kanidmCertDir}/cert.pem - fi - ''; - }; - - # Ensure certificate generation runs before kanidm starts - systemd.services.kanidm = { - after = [ "kanidm-generate-certs.service" ]; - wants = [ "kanidm-generate-certs.service" ]; - }; -} diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix deleted file mode 100644 index c449cce..0000000 --- a/hosts/alexandria/nextcloud.nix +++ /dev/null @@ -1,97 +0,0 @@ -{ - lib, - config, - pkgs, - inputs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in - -{ - services = { - nextcloud = { - enable = true; - package = pkgs.nextcloud32; - datadir = "/data/nextcloud"; - hostName = "cloud.baduhai.dev"; - configureRedis = true; - https = true; - secretFile = config.age.secrets."nextcloud-secrets.json".path; - database.createLocally = true; - maxUploadSize = "16G"; - extraApps = { - inherit (config.services.nextcloud.package.packages.apps) - calendar - contacts - notes - tasks - user_oidc - ; - }; - extraAppsEnable = true; - caching = { - apcu = true; - redis = true; - }; - settings = { - trusted_proxies = [ "127.0.0.1" ]; - default_phone_region = "BR"; - maintenance_window_start = "4"; - allow_local_remote_servers = true; - enabledPreviewProviders = [ - "OC\\Preview\\BMP" - "OC\\Preview\\EMF" - "OC\\Preview\\Font" - "OC\\Preview\\GIF" - "OC\\Preview\\HEIC" - "OC\\Preview\\Illustrator" - "OC\\Preview\\JPEG" - "OC\\Preview\\Krita" - "OC\\Preview\\MarkDown" - "OC\\Preview\\Movie" - "OC\\Preview\\MP3" - "OC\\Preview\\MSOffice2003" - "OC\\Preview\\MSOffice2007" - "OC\\Preview\\MSOfficeDoc" - "OC\\Preview\\OpenDocument" - "OC\\Preview\\PDF" - "OC\\Preview\\Photoshop" - "OC\\Preview\\PNG" - "OC\\Preview\\Postscript" - "OC\\Preview\\SVG" - "OC\\Preview\\TIFF" - "OC\\Preview\\TXT" - "OC\\Preview\\XBitmap" - ]; - }; - config = { - dbtype = "pgsql"; - adminpassFile = config.age.secrets.nextcloud-adminpass.path; - }; - phpOptions = { - "opcache.interned_strings_buffer" = "16"; - }; - }; - - nginx.virtualHosts = mkNginxVHosts { - domains."cloud.baduhai.dev" = { }; - }; - }; - - age.secrets = { - "nextcloud-secrets.json" = { - file = ../../secrets/nextcloud-secrets.json.age; - owner = "nextcloud"; - group = "nextcloud"; - }; - nextcloud-adminpass = { - file = ../../secrets/nextcloud-adminpass.age; - owner = "nextcloud"; - group = "nextcloud"; - }; - }; -} diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix deleted file mode 100644 index 274f645..0000000 --- a/hosts/alexandria/nginx.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts services; - - # Get all unique domains from shared services that have LAN IPs (served by this host) - localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "alexandria") services)); - - # Generate ACME cert configs for all local domains - acmeCerts = lib.genAttrs localDomains (domain: { - group = "nginx"; - }); -in - -{ - security.acme = { - acceptTerms = true; - defaults = { - email = "baduhai@proton.me"; - dnsResolver = "1.1.1.1:53"; - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets.cloudflare.path; - }; - certs = acmeCerts; - }; - - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts = { - "_" = { - default = true; - locations."/".return = "444"; - }; - }; - }; - - users.users.nginx.extraGroups = [ "acme" ]; - - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; - - age.secrets.cloudflare = { - file = ../../secrets/cloudflare.age; - owner = "nginx"; - group = "nginx"; - }; -} diff --git a/hosts/alexandria/unbound.nix b/hosts/alexandria/unbound.nix deleted file mode 100644 index 31363aa..0000000 --- a/hosts/alexandria/unbound.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ inputs, lib, ... }: - -let - utils = import ../../utils.nix { inherit inputs lib; }; -in - -{ - services.unbound = { - enable = true; - enableRootTrustAnchor = true; - settings = { - server = { - interface = [ - "0.0.0.0" - "::" - ]; - access-control = [ - "127.0.0.0/8 allow" - "192.168.0.0/16 allow" - "::1/128 allow" - ]; - - num-threads = 2; - msg-cache-size = "50m"; - rrset-cache-size = "100m"; - cache-min-ttl = 300; - cache-max-ttl = 86400; - prefetch = true; - prefetch-key = true; - hide-identity = true; - hide-version = true; - so-rcvbuf = "1m"; - so-sndbuf = "1m"; - - # LAN-only DNS records - local-zone = ''"baduhai.dev." transparent''; - local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') - (lib.filter (e: e ? lanIP) utils.services); - }; - - forward-zone = [ - { - name = "."; - forward-addr = [ - "1.1.1.1@853#cloudflare-dns.com" - "1.0.0.1@853#cloudflare-dns.com" - ]; - forward-tls-upstream = true; - } - ]; - }; - }; - - networking.firewall = { - allowedTCPPorts = [ 53 ]; - allowedUDPPorts = [ 53 ]; - }; -} diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix deleted file mode 100644 index 2335ee0..0000000 --- a/hosts/alexandria/vaultwarden.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in -{ - services.vaultwarden = { - enable = true; - config = { - DOMAIN = "https://pass.baduhai.dev"; - SIGNUPS_ALLOWED = false; - ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = 58222; - }; - }; - - services.nginx.virtualHosts = mkNginxVHosts { - domains."pass.baduhai.dev".locations."/".proxyPass = - "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; - }; -} diff --git a/hosts/io/boot.nix b/hosts/io/boot.nix deleted file mode 100644 index 326f7dc..0000000 --- a/hosts/io/boot.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - boot = { - # TODO check if future kernel versions fix boot issue with systemd initrd with tpm - initrd.systemd.tpm2.enable = false; - kernelParams = [ - "nosgx" - "i915.fastboot=1" - "mem_sleep_default=deep" - ]; - extraModprobeConfig = '' - options snd-intel-dspcfg dsp_driver=3 - ''; - }; -} diff --git a/hosts/io/disko.nix b/hosts/io/disko.nix deleted file mode 100644 index 4e6c9d5..0000000 --- a/hosts/io/disko.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.disko.nixosModules.default ]; - - disko.devices.disk.main = { - type = "disk"; - device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689"; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - start = "1MiB"; - end = "1GiB"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot/efi"; - mountOptions = [ - "noatime" - "fmask=0077" - "dmask=0077" - ]; - }; - }; - cryptroot = { - priority = 2; - name = "root"; - size = "100%"; - content = { - type = "luks"; - name = "cryptroot"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "@root" = { - mountpoint = "/"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@root" - ]; - }; - "@home" = { - mountpoint = "/home"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@home" - ]; - }; - "@nix" = { - mountpoint = "/nix"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@nix" - ]; - }; - "@persistent" = { - mountpoint = "/persistent"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@persistent" - ]; - }; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/io/hardware-configuration.nix b/hosts/io/hardware-configuration.nix deleted file mode 100644 index 8e4dae4..0000000 --- a/hosts/io/hardware-configuration.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - config, - lib, - modulesPath, - inputs, - ... -}: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - initrd = { - availableKernelModules = [ - "xhci_pci" - "ahci" - "usb_storage" - "sd_mod" - "sdhci_pci" - ]; - }; - kernelModules = [ "kvm-intel" ]; - }; - - zramSwap = { - enable = true; - memoryPercent = 100; - }; - - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - - networking.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/io/programs.nix b/hosts/io/programs.nix deleted file mode 100644 index e272d22..0000000 --- a/hosts/io/programs.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ pkgs, ... }: - -let - cml-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs { - wttsrc = pkgs.fetchFromGitHub { - owner = "WeirdTreeThing"; - repo = "chromebook-ucm-conf"; - rev = "b6ce2a7"; - hash = "sha256-QRUKHd3RQmg1tnZU8KCW0AmDtfw/daOJ/H3XU5qWTCc="; - }; - postInstall = '' - echo "v0.4.1" > $out/chromebook.patched - cp -R $wttsrc/{common,codecs,platforms} $out/share/alsa/ucm2 - cp -R $wttsrc/{cml,sof-rt5682} $out/share/alsa/ucm2/conf.d - ''; - }; -in - -{ - environment = { - systemPackages = with pkgs; [ - maliit-keyboard - sof-firmware - ]; - sessionVariables.ALSA_CONFIG_UCM2 = "${cml-ucm-conf}/share/alsa/ucm2"; - }; -} diff --git a/hosts/io/services.nix b/hosts/io/services.nix deleted file mode 100644 index df41a6f..0000000 --- a/hosts/io/services.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ pkgs, ... }: - -{ - services = { - keyd = { - enable = true; - keyboards.main = { - ids = [ "0001:0001" ]; - settings = { - main = { - meta = "overload(meta, esc)"; - f1 = "back"; - f2 = "forward"; - f3 = "refresh"; - f4 = "M-f11"; - f5 = "M-w"; - f6 = "brightnessdown"; - f7 = "brightnessup"; - f8 = "timeout(mute, 200, micmute)"; - f9 = "play"; - f10 = "timeout(nextsong, 200, previoussong)"; - f13 = "delete"; - "102nd" = "layer(function)"; - }; - shift = { - leftshift = "capslock"; - rightshift = "capslock"; - }; - function = { - escape = "f1"; - f1 = "f2"; - f2 = "f3"; - f3 = "f4"; - f4 = "f5"; - f5 = "f6"; - f6 = "f7"; - f7 = "f8"; - f8 = "f9"; - f9 = "f10"; - f10 = "f11"; - f13 = "f12"; - y = "sysrq"; - k = "home"; - l = "pageup"; - "," = "end"; - "." = "pagedown"; - }; - }; - }; - }; - upower.enable = true; - power-profiles-daemon.enable = true; - }; - - # TODO: remove once gmodena/nix-flatpak/issues/45 fixed - systemd.services."flatpak-managed-install" = { - serviceConfig = { - ExecStartPre = "${pkgs.coreutils}/bin/sleep 5"; - }; - }; -} diff --git a/hosts/modules/ai.nix b/hosts/modules/ai.nix deleted file mode 100644 index b80ac38..0000000 --- a/hosts/modules/ai.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ inputs, pkgs, ... }: - -{ - environment.systemPackages = - (with pkgs; [claude-desktop]) ++ - (with inputs.nix-ai-tools.packages.${pkgs.system}; [ - claude-code - claudebox - opencode - ]); -} diff --git a/hosts/modules/bluetooth.nix b/hosts/modules/bluetooth.nix deleted file mode 100644 index fb6a06a..0000000 --- a/hosts/modules/bluetooth.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: - -{ - hardware.bluetooth.enable = true; -} diff --git a/hosts/modules/common/boot.nix b/hosts/modules/common/boot.nix deleted file mode 100644 index fbba278..0000000 --- a/hosts/modules/common/boot.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, ... }: - -{ - boot = { - loader = { - timeout = 1; - efi.canTouchEfiVariables = true; - systemd-boot = { - enable = true; - editor = false; - consoleMode = "max"; - sortKey = "aa"; - netbootxyz = { - enable = true; - sortKey = "zz"; - }; - }; - }; - }; -} diff --git a/hosts/modules/common/console.nix b/hosts/modules/common/console.nix deleted file mode 100644 index 9cb99d4..0000000 --- a/hosts/modules/common/console.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - console = { - useXkbConfig = true; - earlySetup = true; - }; -} diff --git a/hosts/modules/common/firewall.nix b/hosts/modules/common/firewall.nix deleted file mode 100644 index 910e803..0000000 --- a/hosts/modules/common/firewall.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - networking = { - firewall.enable = true; - nftables.enable = true; - }; -} diff --git a/hosts/modules/common/locale.nix b/hosts/modules/common/locale.nix deleted file mode 100644 index 1171a32..0000000 --- a/hosts/modules/common/locale.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ ... }: - -{ - time.timeZone = "America/Bahia"; - - i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocaleSettings = { - LC_ADDRESS = "pt_BR.utf8"; - LC_COLLATE = "pt_BR.utf8"; - LC_IDENTIFICATION = "pt_BR.utf8"; - LC_MEASUREMENT = "pt_BR.utf8"; - LC_MONETARY = "pt_BR.utf8"; - LC_NAME = "pt_BR.utf8"; - LC_NUMERIC = "pt_BR.utf8"; - LC_PAPER = "pt_BR.utf8"; - LC_TELEPHONE = "pt_BR.utf8"; - LC_TIME = "en_IE.utf8"; - }; - }; -} diff --git a/hosts/modules/common/nix.nix b/hosts/modules/common/nix.nix deleted file mode 100644 index 5ef9c4c..0000000 --- a/hosts/modules/common/nix.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; - - nix = { - settings = { - auto-optimise-store = true; - connect-timeout = 10; - log-lines = 25; - min-free = 128000000; - max-free = 1000000000; - trusted-users = [ "@wheel" ]; - }; - extraOptions = "experimental-features = nix-command flakes"; - gc = { - automatic = true; - options = "--delete-older-than 8d"; - }; - }; - - nixpkgs.config = { - allowUnfree = true; - enableParallelBuilding = true; - buildManPages = false; - buildDocs = false; - }; - - services.nixos-cli = { - enable = true; - config = { - use_nvd = true; - ignore_dirty_tree = true; - }; - }; - - system.stateVersion = "22.11"; -} diff --git a/hosts/modules/common/openssh.nix b/hosts/modules/common/openssh.nix deleted file mode 100644 index df70bdd..0000000 --- a/hosts/modules/common/openssh.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: - -{ - services.openssh = { - enable = true; - settings.PermitRootLogin = "no"; - extraConfig = '' - PrintLastLog no - ''; - }; -} diff --git a/hosts/modules/common/programs.nix b/hosts/modules/common/programs.nix deleted file mode 100644 index fd10953..0000000 --- a/hosts/modules/common/programs.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ lib, pkgs, ... }: - -{ - environment = { - systemPackages = with pkgs; [ - ### Dev Tools ### - git - ### System Utilities ### - btop - fastfetch - helix - nixos-firewall-tool - nvd - sysz - tmux - wget - yazi - ]; - shellAliases = { - cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; - ls = "${lib.getExe pkgs.eza} --icons --group-directories-first"; - tree = "ls --tree"; - }; - }; - - programs = { - command-not-found.enable = false; - fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - if set -q SSH_CONNECTION - export TERM=xterm-256color - clear - fastfetch - end - ''; - }; - }; -} diff --git a/hosts/modules/common/security.nix b/hosts/modules/common/security.nix deleted file mode 100644 index 33d4953..0000000 --- a/hosts/modules/common/security.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: - -{ - security = { - unprivilegedUsernsClone = true; # Needed for rootless podman - sudo = { - wheelNeedsPassword = false; - extraConfig = '' - Defaults lecture = never - ''; - }; - }; -} diff --git a/hosts/modules/common/services.nix b/hosts/modules/common/services.nix deleted file mode 100644 index 89ac527..0000000 --- a/hosts/modules/common/services.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: - -{ - services = { - dbus.implementation = "broker"; - irqbalance.enable = true; - fstrim.enable = true; - }; -} diff --git a/hosts/modules/common/tailscale.nix b/hosts/modules/common/tailscale.nix deleted file mode 100644 index 98bea97..0000000 --- a/hosts/modules/common/tailscale.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - services.tailscale = { - enable = true; - extraUpFlags = [ "--operator=user" ]; - }; -} diff --git a/hosts/modules/common/users.nix b/hosts/modules/common/users.nix deleted file mode 100644 index 7dd6490..0000000 --- a/hosts/modules/common/users.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ pkgs, ... }: - -{ - users.users = { - user = { - isNormalUser = true; - shell = pkgs.fish; - extraGroups = [ - "networkmanager" - "wheel" - ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" - ]; - hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; - }; - root = { - shell = pkgs.fish; - hashedPassword = "!"; - }; - }; -} diff --git a/hosts/modules/desktop/boot.nix b/hosts/modules/desktop/boot.nix deleted file mode 100644 index 0ac4847..0000000 --- a/hosts/modules/desktop/boot.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ pkgs, ... }: - -{ - boot = { - plymouth.enable = true; - initrd.systemd.enable = true; - loader.efi.efiSysMountPoint = "/boot/efi"; - kernelPackages = pkgs.linuxPackages_xanmod_latest; - extraModprobeConfig = '' - options bluetooth disable_ertm=1 - ''; - kernel.sysctl = { - "net.ipv4.tcp_mtu_probing" = 1; - }; - kernelParams = [ - "quiet" - "splash" - "i2c-dev" - "i2c-piix4" - "loglevel=3" - "udev.log_priority=3" - "rd.udev.log_level=3" - "rd.systemd.show_status=false" - ]; - }; -} diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix deleted file mode 100644 index 7510c02..0000000 --- a/hosts/modules/desktop/desktop.nix +++ /dev/null @@ -1,163 +0,0 @@ -{ - config, - inputs, - lib, - pkgs, - ... -}: - -{ - imports = [ - inputs.niri-flake.nixosModules.niri - inputs.nix-flatpak.nixosModules.nix-flatpak - ]; - - environment = { - sessionVariables = { - KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir - NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland - }; - systemPackages = with pkgs; [ - ### Web ### - bitwarden-desktop - fragments - nextcloud-client - tor-browser - vesktop - inputs.zen-browser.packages."${system}".default - ### Office & Productivity ### - aspell - aspellDicts.de - aspellDicts.en - aspellDicts.en-computers - aspellDicts.pt_BR - papers - presenterm - rnote - ### Graphics & Design ### - gimp - inkscape - plasticity - ### System Utilities ### - adwaita-icon-theme - ghostty - gnome-disk-utility - junction - libfido2 - mission-center - nautilus - p7zip - rclone - toggleaudiosink - unrar - ### Media ### - decibels - loupe - obs-studio - showtime - ]; - }; - - services = { - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - wireplumber.enable = true; - }; - greetd = { - enable = true; - settings = { - default_session = { - command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; - user = "greeter"; - }; - } - // lib.optionalAttrs (config.networking.hostName == "io") { - initial_session = { - command = "${config.programs.niri.package}/bin/niri-session"; - user = "user"; - }; - }; - }; - flatpak = { - enable = true; - packages = [ - ### Office & Productivity ### - "com.collabora.Office" - ### Graphics & Design ### - "com.boxy_svg.BoxySVG" - rec { - appId = "io.github.softfever.OrcaSlicer"; - sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; - bundle = "${pkgs.fetchurl { - url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; - inherit sha256; - }}"; - } - ### System Utilities ### - "com.github.tchx84.Flatseal" - "com.rustdesk.RustDesk" - ]; - uninstallUnmanaged = true; - update.auto.enable = true; - }; - gvfs.enable = true; - }; - - security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority - - users = { - users.greeter = { - isSystemUser = true; - group = "greeter"; - }; - groups.greeter = { }; - }; - - programs = { - niri = { - enable = true; - package = inputs.niri.packages.${pkgs.system}.niri; - }; - kdeconnect = { - enable = true; - package = pkgs.valent; - }; - dconf.enable = true; - appimage = { - enable = true; - binfmt = true; - }; - }; - - niri-flake.cache.enable = false; - - fonts = { - fontDir.enable = true; - packages = with pkgs; [ - corefonts - inter - nerd-fonts.fira-code - noto-fonts-cjk-sans - noto-fonts-color-emoji - roboto - ]; - }; - - xdg.portal = { - extraPortals = with pkgs; [ - xdg-desktop-portal-gnome - xdg-desktop-portal-gtk - ]; - config = { - common.default = "*"; - niri.default = [ - "gtk" - "gnome" - ]; - }; - }; -} diff --git a/hosts/modules/desktop/nix.nix b/hosts/modules/desktop/nix.nix deleted file mode 100644 index 54a3549..0000000 --- a/hosts/modules/desktop/nix.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ inputs, ... }: - -{ - environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; - - nix = { - registry.nixpkgs.flake = inputs.nixpkgs; - nixPath = [ - "nixpkgs=${inputs.nixpkgs}" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - }; -} diff --git a/hosts/modules/desktop/services.nix b/hosts/modules/desktop/services.nix deleted file mode 100644 index 66b78f1..0000000 --- a/hosts/modules/desktop/services.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ pkgs, ... }: - -{ - services = { - printing.enable = true; - udev.packages = with pkgs; [ yubikey-personalization ]; - keyd = { - enable = true; - keyboards.all = { - ids = [ "*" ]; - settings.main.capslock = "overload(meta, esc)"; - }; - }; - }; -} diff --git a/hosts/modules/dev.nix b/hosts/modules/dev.nix deleted file mode 100644 index d9c31f7..0000000 --- a/hosts/modules/dev.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ pkgs, ... }: - -{ - environment.systemPackages = with pkgs; [ - android-tools - bat - lazygit - fd - fzf - glow - nixfmt - nix-init - nix-output-monitor - ripgrep - ]; - - users.users.user.extraGroups = [ "adbusers" ]; -} diff --git a/hosts/modules/ephemeral.nix b/hosts/modules/ephemeral.nix deleted file mode 100644 index e962a89..0000000 --- a/hosts/modules/ephemeral.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ config, inputs, ... }: - -{ - imports = [ - inputs.impermanence.nixosModules.impermanence - inputs.self.nixosModules.ephemeral - ]; - - ephemeral = { - enable = true; - rootDevice = - if config.networking.hostName == "trantor" then - "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2" - else - "/dev/mapper/cryptroot"; - rootSubvolume = "@root"; - }; - - fileSystems."/persistent".neededForBoot = true; - - environment.persistence.main = { - persistentStoragePath = "/persistent"; - files = [ - "/etc/machine-id" - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_rsa_key.pub" - ]; - directories = [ - "/etc/NetworkManager/system-connections" - "/etc/nixos" - "/var/lib/bluetooth" - "/var/lib/flatpak" - "/var/lib/lxd" - "/var/lib/nixos" - "/var/lib/systemd/coredump" - "/var/lib/systemd/timers" - "/var/lib/tailscale" - "/var/log" - ]; - }; -} diff --git a/hosts/modules/fwupd.nix b/hosts/modules/fwupd.nix deleted file mode 100644 index 52dc13e..0000000 --- a/hosts/modules/fwupd.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: - -{ - services.fwupd.enable = true; -} diff --git a/hosts/modules/gaming.nix b/hosts/modules/gaming.nix deleted file mode 100644 index 0f00fe3..0000000 --- a/hosts/modules/gaming.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ pkgs, ... }: - -{ - environment.systemPackages = with pkgs; [ - clonehero - heroic - mangohud - prismlauncher - steam-run - ]; - - programs = { - steam = { - enable = true; - extraCompatPackages = [ pkgs.proton-ge-bin ]; - }; - gamemode.enable = true; - }; - - hardware = { - xpadneo.enable = true; - steam-hardware.enable = true; # Allow steam client to manage controllers - graphics.enable32Bit = true; # For OpenGL games - }; - - services.flatpak.packages = [ - "com.github.k4zmu2a.spacecadetpinball" - "com.steamgriddb.SGDBoop" - "io.github.Foldex.AdwSteamGtk" - "io.itch.itch" - "io.mrarm.mcpelauncher" - "net.retrodeck.retrodeck" - "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08" - rec { - appId = "com.hypixel.HytaleLauncher"; - sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv"; - bundle = "${pkgs.fetchurl { - url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak"; - inherit sha256; - }}"; - } - ]; -} diff --git a/hosts/modules/libvirtd.nix b/hosts/modules/libvirtd.nix deleted file mode 100644 index 6bd154f..0000000 --- a/hosts/modules/libvirtd.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ ... }: - -{ - virtualisation = { - libvirtd.enable = true; - spiceUSBRedirection.enable = true; - }; - - programs.virt-manager.enable = true; - - networking.firewall.trustedInterfaces = [ "virbr0" ]; - - users.users.user.extraGroups = [ - "libvirt" - "libvirtd" - ]; -} diff --git a/hosts/modules/networkmanager.nix b/hosts/modules/networkmanager.nix deleted file mode 100644 index 7634116..0000000 --- a/hosts/modules/networkmanager.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ ... }: - -{ - networking.networkmanager = { - enable = true; - wifi.backend = "iwd"; - }; - - users.users.user.extraGroups = [ "networkmanager" ]; -} diff --git a/hosts/modules/podman.nix b/hosts/modules/podman.nix deleted file mode 100644 index 99018cc..0000000 --- a/hosts/modules/podman.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ pkgs, ... }: - -{ - virtualisation.podman = { - enable = true; - autoPrune.enable = true; - extraPackages = [ pkgs.podman-compose ]; - }; - - systemd = { - services.podman-auto-update.enable = true; - timers.podman-auto-update.enable = true; - }; -} diff --git a/hosts/modules/server/boot.nix b/hosts/modules/server/boot.nix deleted file mode 100644 index 5d6e482..0000000 --- a/hosts/modules/server/boot.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ pkgs, ... }: - -{ - boot.kernelPackages = pkgs.linuxPackages_hardened; -} diff --git a/hosts/modules/server/nix.nix b/hosts/modules/server/nix.nix deleted file mode 100644 index af57cae..0000000 --- a/hosts/modules/server/nix.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ inputs, ... }: - -{ - environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; - - nix = { - registry.nixpkgs.flake = inputs.nixpkgs-stable; - nixPath = [ - "nixpkgs=/etc/channels/nixpkgs" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - }; -} diff --git a/hosts/modules/server/tailscale.nix b/hosts/modules/server/tailscale.nix deleted file mode 100644 index 1f105ba..0000000 --- a/hosts/modules/server/tailscale.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: - -{ - services.tailscale = { - extraSetFlags = [ "--advertise-exit-node" ]; - useRoutingFeatures = "server"; - }; - - boot.kernel.sysctl = { - "net.ipv4.ip_forward" = 1; - "net.ipv6.conf.all.forwarding" = 1; - }; -} diff --git a/hosts/rotterdam/boot.nix b/hosts/rotterdam/boot.nix deleted file mode 100644 index d038ede..0000000 --- a/hosts/rotterdam/boot.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ pkgs, ... }: - -let - qubesnsh = pkgs.writeTextFile { - name = "qubes.nsh"; - text = "HD1f65535a1:EFI\\qubes\\grubx64.efi"; - }; -in - -{ - boot = { - kernelParams = [ - "processor.max_cstate=1" # Fixes bug where ryzen cpus freeze when in highest C state - "clearcpuid=514" - "amdgpu.ppfeaturemask=0xfffd3fff" # Fixes amdgpu freezing - ]; - # QubesOS boot entry - loader.systemd-boot = { - extraFiles = { - "efi/edk2-shell/shell.efi" = "${pkgs.edk2-uefi-shell}/shell.efi"; - "qubes.nsh" = qubesnsh; - }; - extraEntries."qubes.conf" = '' - title Qubes OS - efi /efi/edk2-shell/shell.efi - options -nointerrupt qubes.nsh - sort-key ab - ''; - }; - }; -} diff --git a/hosts/rotterdam/hardware-configuration.nix b/hosts/rotterdam/hardware-configuration.nix deleted file mode 100644 index 169c53f..0000000 --- a/hosts/rotterdam/hardware-configuration.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ - config, - lib, - modulesPath, - ... -}: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - initrd = { - availableKernelModules = [ - "amdgpu" - "nvme" - "xhci_pci" - "ahci" - "usbhid" - "sd_mod" - ]; - luks.devices."cryptroot" = { - device = "/dev/disk/by-uuid/f7dd4142-7109-4493-834d-4a831777f08d"; - keyFile = "/dev/disk/by-partuuid/add5fc14-e20f-48be-8b2a-0799ef04d3cb"; - }; - }; - kernelModules = [ "kvm-amd" ]; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; - fsType = "btrfs"; - options = [ - "subvol=@root" - "noatime" - "compress=zstd" - ]; - }; - "/home" = { - device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; - fsType = "btrfs"; - options = [ - "subvol=@home" - "noatime" - "compress=zstd" - ]; - }; - "/boot/efi" = { - device = "/dev/disk/by-uuid/F2A2-CF5A"; - fsType = "vfat"; - options = [ - "noatime" - "fmask=0077" - "dmask=0077" - ]; - }; - "/nix" = { - device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; - fsType = "btrfs"; - options = [ - "subvol=@nix" - "noatime" - "compress=zstd" - ]; - }; - "/persistent" = { - device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; - fsType = "btrfs"; - options = [ - "subvol=@persistent" - "noatime" - "compress=zstd" - ]; - }; - }; - - networking.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/rotterdam/hardware.nix b/hosts/rotterdam/hardware.nix deleted file mode 100644 index 6f76e99..0000000 --- a/hosts/rotterdam/hardware.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: - -{ - hardware = { - amdgpu.opencl.enable = true; - graphics.extraPackages = with pkgs; [ rocmPackages.clr.icd ]; - }; -} diff --git a/hosts/rotterdam/programs.nix b/hosts/rotterdam/programs.nix deleted file mode 100644 index b4dcfd9..0000000 --- a/hosts/rotterdam/programs.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ pkgs, ... }: - -let - reboot-into-qubes = pkgs.makeDesktopItem { - name = "reboot-into-qubes"; - icon = pkgs.fetchurl { - url = "https://raw.githubusercontent.com/vinceliuice/Qogir-icon-theme/31f267e1f5fd4e9596bfd78dfb41a03d3a9f33ee/src/scalable/apps/distributor-logo-qubes.svg"; - sha256 = "sha256-QbHr7s5Wcs7uFtfqZctMyS0iDbMfiiZOKy2nHhDOfn0="; - }; - desktopName = "Qubes OS"; - genericName = "Reboot into Qubes OS"; - categories = [ "System" ]; - startupNotify = true; - exec = pkgs.writeShellScript "reboot-into-qubes" '' - ${pkgs.yad}/bin/yad --form \ - --title="Qubes OS" \ - --image distributor-logo-qubes \ - --text "Are you sure you want to reboot into Qubes OS?" \ - --button="Yes:0" --button="Cancel:1" - if [ $? -eq 0 ]; then - systemctl reboot --boot-loader-entry=qubes.conf - fi - ''; - }; -in - -{ - environment.systemPackages = [ reboot-into-qubes ]; - - programs.steam.dedicatedServer.openFirewall = true; -} diff --git a/hosts/rotterdam/services.nix b/hosts/rotterdam/services.nix deleted file mode 100644 index 0bf276f..0000000 --- a/hosts/rotterdam/services.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - services.keyd = { - enable = true; - keyboards.main = { - ids = [ "5653:0001" ]; - settings.main = { - esc = "overload(meta, esc)"; - }; - }; - }; -} diff --git a/hosts/trantor/boot.nix b/hosts/trantor/boot.nix deleted file mode 100644 index 0498818..0000000 --- a/hosts/trantor/boot.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - boot = { - initrd.systemd.enable = true; - loader.efi.efiSysMountPoint = "/boot/efi"; - }; -} diff --git a/hosts/trantor/disko.nix b/hosts/trantor/disko.nix deleted file mode 100644 index 0e47058..0000000 --- a/hosts/trantor/disko.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.disko.nixosModules.default ]; - - disko.devices.disk.main = { - type = "disk"; - device = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20"; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - start = "1MiB"; - end = "512MiB"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot/efi"; - mountOptions = [ - "noatime" - "fmask=0077" - "dmask=0077" - ]; - }; - }; - root = { - priority = 2; - name = "root"; - size = "100%"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "@root" = { - mountpoint = "/"; - mountOptions = [ - "noatime" - "compress=zstd" - ]; - }; - "@nix" = { - mountpoint = "/nix"; - mountOptions = [ - "noatime" - "compress=zstd" - ]; - }; - "@persistent" = { - mountpoint = "/persistent"; - mountOptions = [ - "noatime" - "compress=zstd" - ]; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/trantor/fail2ban.nix b/hosts/trantor/fail2ban.nix deleted file mode 100644 index bc05139..0000000 --- a/hosts/trantor/fail2ban.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, pkgs, ... }: - -{ - services.fail2ban = { - enable = true; - maxretry = 5; - ignoreIP = [ - "127.0.0.0/8" - "::1" - "10.0.0.0/8" - "172.16.0.0/12" - "192.168.0.0/16" - "100.64.0.0/10" - ]; - bantime = "1h"; - bantime-increment = { - enable = true; - multipliers = "1 2 4 8 16 32 64"; - maxtime = "10000h"; - overalljails = true; - }; - }; -} diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix deleted file mode 100644 index fdfa64a..0000000 --- a/hosts/trantor/forgejo.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in - -{ - services = { - forgejo = { - enable = true; - settings = { - session.COOKIE_SECURE = true; - server = { - PROTOCOL = "http+unix"; - DOMAIN = "git.baduhai.dev"; - ROOT_URL = "https://git.baduhai.dev"; - OFFLINE_MODE = true; # disable use of CDNs - SSH_DOMAIN = "git.baduhai.dev"; - }; - log.LEVEL = "Warn"; - mailer.ENABLED = false; - actions.ENABLED = false; - service.DISABLE_REGISTRATION = true; - oauth2_client = { - ENABLE_AUTO_REGISTRATION = true; - UPDATE_AVATAR = true; - ACCOUNT_LINKING = "login"; - USERNAME = "preferred_username"; - }; - }; - }; - nginx.virtualHosts = mkNginxVHosts { - domains."git.baduhai.dev".locations."/".proxyPass = - "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; - }; - fail2ban.jails.forgejo = { - settings = { - enabled = true; - filter = "forgejo"; - maxretry = 3; - findtime = "10m"; - bantime = "1h"; - }; - }; - }; - - environment = { - etc."fail2ban/filter.d/forgejo.conf".text = '' - [Definition] - failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from - ignoreregex = - journalmatch = _SYSTEMD_UNIT=forgejo.service - ''; - - persistence.main.directories = [ - { - directory = config.services.forgejo.stateDir; - inherit (config.services.forgejo) user group; - mode = "0700"; - } - ]; - }; - - # Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories - systemd.services.forgejo.serviceConfig.PrivateMounts = lib.mkForce false; -} diff --git a/hosts/trantor/hardware-configuration.nix b/hosts/trantor/hardware-configuration.nix deleted file mode 100644 index 039129e..0000000 --- a/hosts/trantor/hardware-configuration.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - lib, - modulesPath, - ... -}: - -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - boot.initrd.availableKernelModules = [ - "xhci_pci" - "virtio_pci" - "virtio_scsi" - "usbhid" - ]; - - networking.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; -} diff --git a/hosts/trantor/networking.nix b/hosts/trantor/networking.nix deleted file mode 100644 index 4dcbe1e..0000000 --- a/hosts/trantor/networking.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - networking = { - firewall = { - allowedTCPPorts = [ 25566 ]; - allowedUDPPorts = [ 25566 ]; - }; - }; -} diff --git a/hosts/trantor/nginx.nix b/hosts/trantor/nginx.nix deleted file mode 100644 index 56eed7c..0000000 --- a/hosts/trantor/nginx.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts services; - - # Get all unique domains from shared services on trantor (host = "trantor") - localDomains = lib.unique ( - map (s: s.domain) (lib.filter (s: s.host == "trantor") services) - ); - - # Generate ACME cert configs for all local domains - acmeCerts = lib.genAttrs localDomains (domain: { - group = "nginx"; - }); -in - -{ - security.acme = { - acceptTerms = true; - defaults = { - email = "baduhai@proton.me"; - dnsResolver = "1.1.1.1:53"; - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets.cloudflare.path; - }; - certs = acmeCerts; - }; - - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts = { - "_" = { - default = true; - locations."/".return = "444"; - }; - }; - }; - - users.users.nginx.extraGroups = [ "acme" ]; - - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; - - age.secrets.cloudflare = { - file = ../../secrets/cloudflare.age; - owner = "nginx"; - group = "nginx"; - }; -} diff --git a/hosts/trantor/openssh.nix b/hosts/trantor/openssh.nix deleted file mode 100644 index 704b3df..0000000 --- a/hosts/trantor/openssh.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ ... }: - -{ - services = { - openssh = { - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; - fail2ban.jails.sshd = { - settings = { - enabled = true; - port = "ssh"; - filter = "sshd"; - logpath = "/var/log/auth.log"; - maxretry = 3; - findtime = "10m"; - bantime = "1h"; - }; - }; - }; -} diff --git a/hosts/trantor/unbound.nix b/hosts/trantor/unbound.nix deleted file mode 100644 index 46808c6..0000000 --- a/hosts/trantor/unbound.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ inputs, lib, ... }: - -let - utils = import ../../utils.nix { inherit inputs lib; }; -in - -{ - services.unbound = { - enable = true; - enableRootTrustAnchor = true; - settings = { - server = { - interface = [ - "0.0.0.0" - "::" - ]; - access-control = [ - "127.0.0.0/8 allow" - "100.64.0.0/10 allow" # Tailscale CGNAT range - "::1/128 allow" - "fd7a:115c:a1e0::/48 allow" # Tailscale IPv6 - ]; - - num-threads = 2; - msg-cache-size = "50m"; - rrset-cache-size = "100m"; - cache-min-ttl = 300; - cache-max-ttl = 86400; - prefetch = true; - prefetch-key = true; - hide-identity = true; - hide-version = true; - so-rcvbuf = "1m"; - so-sndbuf = "1m"; - - # Tailnet DNS records from shared services - local-zone = ''"baduhai.dev." transparent''; - local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') utils.services; - }; - - forward-zone = [ - { - name = "."; - forward-addr = [ - "1.1.1.1@853#cloudflare-dns.com" - "1.0.0.1@853#cloudflare-dns.com" - ]; - forward-tls-upstream = true; - } - ]; - }; - }; - - networking.firewall = { - allowedTCPPorts = [ 53 ]; - allowedUDPPorts = [ 53 ]; - }; -} diff --git a/modules/ephemeral.nix b/modules/ephemeral.nix deleted file mode 100644 index 7403aac..0000000 --- a/modules/ephemeral.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ lib, config, ... }: - -let - cfg = config.ephemeral; -in -{ - options.ephemeral = { - enable = lib.mkEnableOption "ephemeral root with automatic rollback"; - - rootDevice = lib.mkOption { - type = lib.types.str; - example = "/dev/mapper/cryptroot"; - description = "Device path for the root btrfs filesystem"; - }; - - rootSubvolume = lib.mkOption { - type = lib.types.str; - example = "@root"; - description = "Name of the root btrfs subvolume"; - }; - - oldRootRetentionDays = lib.mkOption { - type = lib.types.int; - default = 30; - description = "Number of days to keep old root snapshots before deletion"; - }; - }; - - config = lib.mkIf cfg.enable { - boot.initrd.systemd.services.recreate-root = { - description = "Rolling over and creating new filesystem root"; - requires = [ "initrd-root-device.target" ]; - after = [ - "local-fs-pre.target" - "initrd-root-device.target" - ]; - requiredBy = [ "initrd-root-fs.target" ]; - before = [ "sysroot.mount" ]; - unitConfig = { - AssertPathExists = "/etc/initrd-release"; - DefaultDependencies = false; - }; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - set -euo pipefail - - mkdir /btrfs_tmp - if ! mount ${cfg.rootDevice} /btrfs_tmp; then - echo "ERROR: Failed to mount ${cfg.rootDevice}" - exit 1 - fi - - if [[ -e /btrfs_tmp/${cfg.rootSubvolume} ]]; then - mkdir -p /btrfs_tmp/old_roots - timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/${cfg.rootSubvolume})" "+%Y-%m-%-d_%H:%M:%S") - mv /btrfs_tmp/${cfg.rootSubvolume} "/btrfs_tmp/old_roots/$timestamp" - fi - - delete_subvolume_recursively() { - IFS=$'\n' - for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do - delete_subvolume_recursively "/btrfs_tmp/$i" - done - btrfs subvolume delete "$1" - } - - for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +${toString cfg.oldRootRetentionDays}); do - delete_subvolume_recursively "$i" - done - - if ! btrfs subvolume create /btrfs_tmp/${cfg.rootSubvolume}; then - echo "ERROR: Failed to create subvolume ${cfg.rootSubvolume}" - umount /btrfs_tmp - exit 1 - fi - - umount /btrfs_tmp - ''; - }; - }; -} diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix deleted file mode 100644 index 8367438..0000000 --- a/nixosConfigurations.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ inputs, ... }: -let - lib = inputs.nixpkgs.lib; - utils = import ./utils.nix { inherit inputs lib; }; - inherit (utils) mkHost; -in -{ - flake.nixosConfigurations = { - rotterdam = mkHost { - hostname = "rotterdam"; - tags = [ - "desktop" - "ai" - "bluetooth" - "dev" - "ephemeral" - "fwupd" - "gaming" - "libvirtd" - "networkmanager" - "podman" - ]; - }; - - io = mkHost { - hostname = "io"; - tags = [ - "desktop" - "ai" - "bluetooth" - "dev" - "ephemeral" - "libvirtd" - "networkmanager" - "podman" - ]; - }; - - alexandria = mkHost { - hostname = "alexandria"; - tags = [ - "server" - "fwupd" - ]; - }; - - trantor = mkHost { - hostname = "trantor"; - system = "aarch64-linux"; - tags = [ - "server" - "ephemeral" - ]; - }; - }; -} diff --git a/nixosModules.nix b/nixosModules.nix deleted file mode 100644 index 5fd416b..0000000 --- a/nixosModules.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: - -{ - flake.nixosModules = { - ephemeral = import ./modules/ephemeral.nix; - }; -} diff --git a/shared/services.nix b/shared/services.nix deleted file mode 100644 index 1173b3b..0000000 --- a/shared/services.nix +++ /dev/null @@ -1,43 +0,0 @@ -# Shared service definitions for cross-host configuration -{ - # Host IP definitions - hosts = { - alexandria = { - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - }; - trantor = { - tailscaleIP = "100.108.5.90"; - }; - }; - - # Service definitions - IPs are inherited from host - services = [ - { - name = "kanidm"; - domain = "auth.baduhai.dev"; - host = "alexandria"; - } - { - name = "vaultwarden"; - domain = "pass.baduhai.dev"; - host = "alexandria"; - } - { - name = "forgejo"; - domain = "git.baduhai.dev"; - host = "trantor"; - public = true; - } - { - name = "nextcloud"; - domain = "cloud.baduhai.dev"; - host = "alexandria"; - } - { - name = "jellyfin"; - domain = "jellyfin.baduhai.dev"; - host = "alexandria"; - } - ]; -} diff --git a/users/modules/btop.nix b/users/modules/btop.nix deleted file mode 100644 index c19c4bb..0000000 --- a/users/modules/btop.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ pkgs, ... }: - -{ - programs.btop = { - enable = true; - settings = { - theme_background = false; - proc_sorting = "cpu direct"; - update_ms = 500; - }; - }; -} \ No newline at end of file diff --git a/users/modules/comma.nix b/users/modules/comma.nix deleted file mode 100644 index 0aad530..0000000 --- a/users/modules/comma.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.nix-index-database.homeModules.nix-index ]; - - programs.nix-index-database.comma.enable = true; -} diff --git a/users/modules/common/bash.nix b/users/modules/common/bash.nix deleted file mode 100644 index a5a0823..0000000 --- a/users/modules/common/bash.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: - -{ - programs.bash = { - enable = true; - historyFile = "~/.cache/bash_history"; - }; -} \ No newline at end of file diff --git a/users/modules/common/fish.nix b/users/modules/common/fish.nix deleted file mode 100644 index c753297..0000000 --- a/users/modules/common/fish.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ pkgs, lib, ... }: - -{ - programs.fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - ${lib.getExe pkgs.nix-your-shell} fish | source - ''; - loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; - plugins = [ - { - name = "bang-bang"; - src = pkgs.fetchFromGitHub { - owner = "oh-my-fish"; - repo = "plugin-bang-bang"; - rev = "f969c618301163273d0a03d002614d9a81952c1e"; - sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; - }; - } - { - name = "z"; - src = pkgs.fetchFromGitHub { - owner = "jethrokuan"; - repo = "z"; - rev = "067e867debee59aee231e789fc4631f80fa5788e"; - sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU="; - }; - } - ]; - }; -} diff --git a/users/modules/common/hm-cli.nix b/users/modules/common/hm-cli.nix deleted file mode 100644 index d2ed715..0000000 --- a/users/modules/common/hm-cli.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, ... }: - -{ - home = { - packages = with pkgs; [ hm-cli ]; - sessionVariables = { - HM_PATH = "/etc/nixos"; - }; - }; -} diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix deleted file mode 100644 index fd3d306..0000000 --- a/users/modules/desktop/desktop.nix +++ /dev/null @@ -1,134 +0,0 @@ -{ - inputs, - pkgs, - ... -}: - -{ - imports = [ inputs.vicinae.homeManagerModules.default ]; - - fonts.fontconfig.enable = true; - - home.packages = with pkgs; [ xwayland-satellite ]; - - services.vicinae = { - enable = true; - systemd = { - enable = true; - autoStart = true; - }; - }; - - programs = { - ghostty = { - enable = true; - settings = { - cursor-style = "block"; - shell-integration-features = "no-cursor"; - cursor-style-blink = false; - custom-shader = "${builtins.fetchurl { - url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; - sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; - }}"; - bell-features = ""; - gtk-titlebar-style = "tabs"; - keybind = [ "shift+enter=text:\\x1b\\r" ]; - }; - }; - - password-store = { - enable = true; - package = pkgs.pass-wayland; - }; - }; - - xdg = { - enable = true; - userDirs.enable = true; - mimeApps = { - enable = true; - defaultApplications = { - "text/html" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/http" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/https" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/about" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/unknown" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "image/jpeg" = "org.gnome.Loupe.desktop"; - "image/png" = "org.gnome.Loupe.desktop"; - "image/gif" = "org.gnome.Loupe.desktop"; - "image/webp" = "org.gnome.Loupe.desktop"; - "image/bmp" = "org.gnome.Loupe.desktop"; - "image/svg+xml" = "org.gnome.Loupe.desktop"; - "image/tiff" = "org.gnome.Loupe.desktop"; - "video/mp4" = "io.bassi.Showtime.desktop"; - "video/x-matroska" = "io.bassi.Showtime.desktop"; - "video/webm" = "io.bassi.Showtime.desktop"; - "video/mpeg" = "io.bassi.Showtime.desktop"; - "video/x-msvideo" = "io.bassi.Showtime.desktop"; - "video/quicktime" = "io.bassi.Showtime.desktop"; - "video/x-flv" = "io.bassi.Showtime.desktop"; - "audio/mpeg" = "io.bassi.Showtime.desktop"; - "audio/flac" = "io.bassi.Showtime.desktop"; - "audio/ogg" = "io.bassi.Showtime.desktop"; - "audio/wav" = "io.bassi.Showtime.desktop"; - "audio/mp4" = "io.bassi.Showtime.desktop"; - "audio/x-opus+ogg" = "io.bassi.Showtime.desktop"; - "application/pdf" = [ - "org.gnome.Papers.desktop" - "zen-browser.desktop" - ]; - "text/plain" = "Helix.desktop"; - "text/markdown" = "Helix.desktop"; - "text/x-log" = "Helix.desktop"; - "application/x-shellscript" = "Helix.desktop"; - "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = - "com.collabora.Office.desktop"; # DOCX - "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = - "com.collabora.Office.desktop"; # XLSX - "application/vnd.openxmlformats-officedocument.presentationml.presentation" = - "com.collabora.Office.desktop"; # PPTX - "application/vnd.oasis.opendocument.text" = "com.collabora.Office.desktop"; # ODT - "application/vnd.oasis.opendocument.spreadsheet" = "com.collabora.Office.desktop"; # ODS - "application/vnd.oasis.opendocument.presentation" = "com.collabora.Office.desktop"; # ODP - "application/msword" = "com.collabora.Office.desktop"; # DOC - "application/vnd.ms-excel" = "com.collabora.Office.desktop"; # XLS - "application/vnd.ms-powerpoint" = "com.collabora.Office.desktop"; # PPT - "application/zip" = "org.gnome.FileRoller.desktop"; - "application/x-tar" = "org.gnome.FileRoller.desktop"; - "application/x-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-bzip-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-xz-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-7z-compressed" = "org.gnome.FileRoller.desktop"; - "application/x-rar" = "org.gnome.FileRoller.desktop"; - "application/gzip" = "org.gnome.FileRoller.desktop"; - "application/x-bzip" = "org.gnome.FileRoller.desktop"; - "inode/directory" = "org.gnome.Nautilus.desktop"; - }; - }; - }; - - # Set Ghostty as default terminal - home.sessionVariables = { - TERMINAL = "ghostty"; - }; -} diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix deleted file mode 100644 index 58a7aaf..0000000 --- a/users/modules/desktop/niri.nix +++ /dev/null @@ -1,225 +0,0 @@ -{ - inputs, - lib, - pkgs, - hostname ? null, - ... -}: - -let - isRotterdam = hostname == "rotterdam"; -in - -{ - imports = [ inputs.noctalia.homeModules.default ]; - - services.kanshi = { - enable = true; - settings = [ - { - profile.name = "default"; - profile.outputs = [ - { - criteria = "*"; - scale = 1.0; - } - ]; - } - ]; - }; - - home = { - packages = with pkgs; [ - xwayland-satellite - inputs.noctalia.packages.${pkgs.system}.default - ]; - sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; - }; - - xdg.configFile."niri/config.kdl".text = '' - input { - keyboard { - xkb { - layout "us" - variant "altgr-intl" - } - } - touchpad { - tap - dwt - drag true - drag-lock - natural-scroll - accel-speed 0.2 - accel-profile "flat" - scroll-method "two-finger" - middle-emulation - } - mouse { - natural-scroll - accel-speed 0.2 - accel-profile "flat" - } - warp-mouse-to-focus mode="center-xy" - focus-follows-mouse - } - - layout { - gaps 8 - center-focused-column "never" - auto-center-when-space-available - preset-column-widths { - ${ - if isRotterdam then - '' - proportion 0.33333 - proportion 0.5 - proportion 0.66667 - '' - else - '' - proportion 0.5 - proportion 1.0 - '' - } - } - default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } - focus-ring { - off - } - border { - width 4 - active-color "#ffc87f" - inactive-color "#505050" - urgent-color "#9b0000" - } - tab-indicator { - width 4 - gap 4 - place-within-column - } - } - - overview { - zoom 0.65 - } - - spawn-at-startup "noctalia-shell" "-d" - layer-rule { - match namespace="^noctalia-overview*" - place-within-backdrop true - } - - hotkey-overlay { - skip-at-startup - } - - prefer-no-csd - screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" - - animations { - slowdown 0.3 - } - - window-rule { - match app-id="zen" - default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; } - } - - window-rule { - geometry-corner-radius 12 - clip-to-geometry true - } - - config-notification { - disable-failed - } - - binds { - Alt+Space repeat=false { spawn "vicinae" "toggle"; } - XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; } - XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; } - XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; } - XF86MonBrightnessUp allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "increase"; } - XF86MonBrightnessDown allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "decrease"; } - XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; } - XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } - XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } - XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } - Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; } - Mod+Shift+L repeat=false { spawn "noctalia-shell" "ipc" "call" "lockScreen" "lock"; } - Mod+Return { spawn "ghostty"; } - Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } - Mod+W repeat=false { toggle-overview; } - Mod+Q { close-window; } - Alt+Shift+Q { close-window;} - Mod+Shift+Q { close-window; } - Alt+F4 { close-window; } - Mod+Left { focus-column-left; } - Mod+Down { focus-window-or-workspace-down; } - Mod+Up { focus-window-or-workspace-up; } - Mod+Right { focus-column-right; } - Mod+H { focus-column-left; } - Mod+L { focus-column-right; } - Mod+J { focus-window-or-workspace-down; } - Mod+K { focus-window-or-workspace-up; } - Mod+Ctrl+Left { move-column-left; } - Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } - Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } - Mod+Ctrl+Right { move-column-right; } - Mod+Ctrl+H { move-column-left; } - Mod+Ctrl+J { move-window-down-or-to-workspace-down; } - Mod+Ctrl+K { move-window-up-or-to-workspace-up; } - Mod+Ctrl+L { move-column-right; } - Mod+Home { focus-column-first; } - Mod+End { focus-column-last; } - Mod+Ctrl+Home { move-column-to-first; } - Mod+Ctrl+End { move-column-to-last; } - Mod+Alt+Left { focus-monitor-left; } - Mod+Alt+Down { focus-monitor-down; } - Mod+Alt+Up { focus-monitor-up; } - Mod+Alt+Right { focus-monitor-right; } - Mod+Alt+H { focus-monitor-left; } - Mod+Alt+J { focus-monitor-down; } - Mod+Alt+K { focus-monitor-up; } - Mod+Alt+L { focus-monitor-right; } - Mod+Alt+Ctrl+Left { move-column-to-monitor-left; } - Mod+Alt+Ctrl+Down { move-column-to-monitor-down; } - Mod+Alt+Ctrl+Up { move-column-to-monitor-up; } - Mod+Alt+Ctrl+Right { move-column-to-monitor-right; } - Mod+Alt+Ctrl+H { move-column-to-monitor-left; } - Mod+Alt+Ctrl+J { move-column-to-monitor-down; } - Mod+Alt+Ctrl+K { move-column-to-monitor-up; } - Mod+Alt+Ctrl+L { move-column-to-monitor-right; } - Mod+Ctrl+U { move-workspace-down; } - Mod+Ctrl+I { move-workspace-up; } - Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; } - Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; } - Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; } - Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; } - Mod+Shift+WheelScrollDown { focus-column-right; } - Mod+Shift+WheelScrollUp { focus-column-left; } - Mod+Ctrl+Shift+WheelScrollDown { move-column-right; } - Mod+Ctrl+Shift+WheelScrollUp { move-column-left; } - Mod+BracketLeft { consume-or-expel-window-left; } - Mod+BracketRight { consume-or-expel-window-right; } - Mod+Comma { consume-window-into-column; } - Mod+Period { expel-window-from-column; } - Mod+R { switch-preset-column-width; } - Mod+F { maximize-column; } - Mod+Ctrl+F { fullscreen-window; } - Mod+C { center-visible-columns; } - Mod+Ctrl+C { center-column; } - Mod+Space { toggle-window-floating; } - Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; } - Mod+T { toggle-column-tabbed-display; } - Print { screenshot-screen; } - Mod+Print { screenshot; } - Ctrl+Print { screenshot-window; } - Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } - Mod+Alt+E { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } - Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } - Mod+Ctrl+P { power-off-monitors; } - } - ''; -} diff --git a/users/modules/direnv.nix b/users/modules/direnv.nix deleted file mode 100644 index c91d0af..0000000 --- a/users/modules/direnv.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: - -{ - programs.direnv = { - enable = true; - nix-direnv.enable = true; - }; -} \ No newline at end of file diff --git a/users/modules/gaming.nix b/users/modules/gaming.nix deleted file mode 100644 index 48825ab..0000000 --- a/users/modules/gaming.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, ... }: - -{ - programs.mangohud = { - enable = true; - enableSessionWide = true; - settings = { - position = "top-left"; - fps = true; - frametime = false; - frame_timing = false; - gpu_stats = true; - gpu_temp = true; - gpu_power = true; - cpu_stats = true; - cpu_temp = true; - cpu_power = true; - ram = true; - vram = true; - gamemode = false; - vkbasalt = false; - version = false; - engine_version = false; - vulkan_driver = false; - wine = false; - time = false; - fps_sampling_period = 500; - toggle_hud = "Shift_L+F12"; - toggle_logging = "Ctrl_L+F2"; - output_folder = "${config.home.homeDirectory}/.local/share/mangohud"; - }; - }; -} diff --git a/users/modules/helix.nix b/users/modules/helix.nix deleted file mode 100644 index a72ead3..0000000 --- a/users/modules/helix.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ pkgs, ... }: - -{ - home.sessionVariables = { - EDITOR = "hx"; - }; - - programs.helix = { - enable = true; - settings = { - editor = { - file-picker.hidden = false; - idle-timeout = 0; - line-number = "relative"; - cursor-shape = { - normal = "underline"; - insert = "bar"; - select = "underline"; - }; - soft-wrap.enable = true; - auto-format = true; - indent-guides.render = true; - }; - keys.normal = { - space = { - o = "file_picker_in_current_buffer_directory"; - esc = [ - "collapse_selection" - "keep_primary_selection" - ]; - }; - }; - }; - languages = { - language = [ - { - name = "nix"; - auto-format = true; - formatter.command = "nixfmt"; - } - { - name = "typst"; - auto-format = true; - formatter.command = "typstyle -c 1000 -i"; - } - ]; - }; - }; -} diff --git a/users/modules/obs-studio.nix b/users/modules/obs-studio.nix deleted file mode 100644 index 67e3b8b..0000000 --- a/users/modules/obs-studio.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ pkgs, ... }: - -{ - programs.obs-studio = { - enable = true; - plugins = [ - pkgs.obs-studio-plugins.obs-vkcapture - pkgs.obs-studio-plugins.obs-backgroundremoval - pkgs.obs-studio-plugins.obs-pipewire-audio-capture - ]; - }; - -} diff --git a/users/modules/starship.nix b/users/modules/starship.nix deleted file mode 100644 index c836c51..0000000 --- a/users/modules/starship.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ pkgs, ... }: - -{ - programs.starship = { - enable = true; - enableBashIntegration = true; - enableFishIntegration = true; - settings = { - add_newline = false; - format = '' - $hostname$directory$git_branch$git_status$nix_shell - [ ❯ ](bold green) - ''; - right_format = "$cmd_duration$character"; - hostname = { - ssh_symbol = "󰖟 "; - }; - character = { - error_symbol = "[](red)"; - success_symbol = "[󱐋](green)"; - }; - cmd_duration = { - format = "[󰄉 $duration ]($style)"; - style = "yellow"; - min_time = 500; - }; - git_branch = { - symbol = " "; - style = "purple"; - }; - git_status.style = "red"; - nix_shell = { - format = "via [$symbol$state]($style)"; - heuristic = true; - style = "blue"; - symbol = "󱄅 "; - }; - }; - }; -} diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix deleted file mode 100644 index 6b34e43..0000000 --- a/users/modules/stylix.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ - config, - inputs, - pkgs, - ... -}: - -{ - imports = [ - inputs.stylix.homeModules.stylix - inputs.zen-browser.homeModules.beta - ]; - - stylix = { - enable = true; - polarity = "dark"; - base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyodark.yaml"; - cursor = { - package = pkgs.kdePackages.breeze; - name = "breeze_cursors"; - size = 24; - }; - icons = { - enable = true; - package = pkgs.morewaita-icon-theme; - light = "MoreWaita"; - dark = "MoreWaita"; - }; - opacity = { - applications = 1.0; - desktop = 1.0; - popups = config.stylix.opacity.desktop; - terminal = 1.0; - }; - fonts = { - serif = { - package = pkgs.source-serif; - name = "Source Serif 4 Display"; - }; - sansSerif = { - package = pkgs.inter; - name = "Inter"; - }; - monospace = { - package = pkgs.nerd-fonts.fira-code; - name = "FiraCode Nerd Font"; - }; - emoji = { - package = pkgs.noto-fonts-color-emoji; - name = "Noto Color Emoji"; - }; - sizes = { - applications = 10; - desktop = config.stylix.fonts.sizes.applications; - popups = config.stylix.fonts.sizes.applications; - terminal = 12; - }; - }; - targets.zen-browser = { - enable = true; - profileNames = [ "william" ]; - }; - }; - - programs.zen-browser = { - enable = true; - profiles.william = { }; - }; -} diff --git a/users/modules/tmux.nix b/users/modules/tmux.nix deleted file mode 100644 index 4268e7a..0000000 --- a/users/modules/tmux.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ pkgs, ... }: - -{ - programs.tmux = { - enable = true; - clock24 = true; - terminal = "xterm-256color"; - mouse = true; - keyMode = "vi"; - }; -} \ No newline at end of file diff --git a/users/user/git.nix b/users/user/git.nix deleted file mode 100644 index 9c1fb20..0000000 --- a/users/user/git.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, ... }: - -{ - programs = { - git = { - enable = true; - settings.user = { - name = "William"; - email = "baduhai@proton.me"; - }; - }; - diff-so-fancy = { - enable = true; - enableGitIntegration = true; - }; - }; -} diff --git a/utils.nix b/utils.nix deleted file mode 100644 index e65837c..0000000 --- a/utils.nix +++ /dev/null @@ -1,233 +0,0 @@ -{ inputs, lib }: - -let - inherit (inputs) - self - nixpkgs - nixpkgs-stable - home-manager - agenix - ; - - # Import shared service definitions - sharedServices = import ./shared/services.nix; - - # Enrich services with host IP information - enrichedServices = builtins.map (svc: - let - hostInfo = sharedServices.hosts.${svc.host} or {}; - in - svc // lib.optionalAttrs (hostInfo ? lanIP) { inherit (hostInfo) lanIP; } - // lib.optionalAttrs (hostInfo ? tailscaleIP) { inherit (hostInfo) tailscaleIP; } - ) sharedServices.services; -in - -{ - # Re-export enriched services and hosts for use in host configs - services = enrichedServices; - inherit (sharedServices) hosts; - # Tag-based host configuration system - mkHost = - { - hostname, - tags ? [ ], - system ? "x86_64-linux", - extraModules ? [ ], - }: - let - # Validate that server and desktop tags are mutually exclusive - hasServer = builtins.elem "server" tags; - hasDesktop = builtins.elem "desktop" tags; - - # Always include "common" tag implicitly - allTags = - if hasServer && hasDesktop then - throw "Error: 'server' and 'desktop' tags are mutually exclusive for host '${hostname}'" - else - [ "common" ] ++ tags; - - # Choose nixpkgs based on server tag - pkgs = if builtins.elem "server" allTags then nixpkgs-stable else nixpkgs; - - # Tag-specific modules: each tag can be either: - # 1. A file: hosts/modules/${tag}.nix - # 2. A directory: hosts/modules/${tag}/*.nix (all .nix files imported) - tagModuleFiles = builtins.concatMap ( - tag: - let - filePath = ./hosts/modules/${tag}.nix; - dirPath = ./hosts/modules/${tag}; - in - # Check if it's a file first - if builtins.pathExists filePath then - [ filePath ] - # Then check if it's a directory - else if builtins.pathExists dirPath then - let - entries = builtins.readDir dirPath; - nixFiles = pkgs.lib.filterAttrs ( - name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name - ) entries; - in - map (name: dirPath + "/${name}") (builtins.attrNames nixFiles) - else - [ ] - ) allTags; - - # Automatically import all .nix files from hosts/${hostname}/ - hostModulePath = ./hosts/${hostname}; - hostModuleFiles = - if builtins.pathExists hostModulePath then - let - entries = builtins.readDir hostModulePath; - nixFiles = pkgs.lib.filterAttrs ( - name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name && name != "${hostname}.nix" - ) entries; - in - map (name: hostModulePath + "/${name}") (builtins.attrNames nixFiles) - else - [ ]; - - # Combine all modules - allModules = [ - agenix.nixosModules.default - { - networking.hostName = hostname; - nix.nixPath = [ "nixos-config=${self.outPath}/nixosConfigurations/${hostname}" ]; - nixpkgs.overlays = [ - agenix.overlays.default - self.overlays.default - ]; - } - ] - ++ tagModuleFiles - ++ hostModuleFiles - ++ extraModules; - in - pkgs.lib.nixosSystem { - inherit system; - specialArgs = { - inherit inputs; - hostTags = allTags; - }; - modules = allModules; - }; - - # Tag-based user configuration system - mkHome = - { - username, - hostname ? null, - homeDirectory ? "/home/${username}", - tags ? [ ], - extraModules ? [ ], - }: - let - pkgs = nixpkgs.legacyPackages.x86_64-linux; - - # Always include "common" tag implicitly - allTags = [ "common" ] ++ tags; - - # Tag-specific modules: each tag maps to users/modules/${tag}.nix if it exists - tagModuleFiles = builtins.concatMap ( - tag: - let - filePath = ./users/modules/${tag}.nix; - dirPath = ./users/modules/${tag}; - in - # Check if it's a file first - if builtins.pathExists filePath then - [ filePath ] - # Then check if it's a directory - else if builtins.pathExists dirPath then - let - entries = builtins.readDir dirPath; - nixFiles = pkgs.lib.filterAttrs ( - name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name - ) entries; - in - map (name: dirPath + "/${name}") (builtins.attrNames nixFiles) - else - [ ] - ) allTags; - - # Automatically import all .nix files from users/${username}/ - userModulePath = ./users/${username}; - userModuleFiles = - if builtins.pathExists userModulePath then - let - entries = builtins.readDir userModulePath; - nixFiles = pkgs.lib.filterAttrs ( - name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name - ) entries; - in - map (name: userModulePath + "/${name}") (builtins.attrNames nixFiles) - else - [ ]; - - # Combine all modules - allModules = [ - { - home = { - inherit username homeDirectory; - stateVersion = "22.05"; - }; - } - ] - ++ tagModuleFiles - ++ userModuleFiles - ++ extraModules; - in - home-manager.lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { - inherit inputs hostname; - userTags = allTags; - }; - modules = allModules ++ [ - { - nixpkgs.overlays = [ self.overlays.default ]; - } - ]; - }; - - # Nginx virtual host utilities - mkNginxVHosts = - { domains }: - let - # Extract domain name and apply it as useACMEHost - mkVHostConfig = domain: config: - lib.recursiveUpdate { - useACMEHost = domain; - forceSSL = true; - kTLS = true; - } config; - in - lib.mapAttrs mkVHostConfig domains; - - # Split DNS utilities for unbound - # Generates unbound view config from a list of DNS entries - mkSplitDNS = - entries: - let - # Generate local-data entries for all domains - tailscaleData = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') entries; - lanData = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') entries; - in - [ - # Single Tailscale view with all domains - { - name = "tailscale"; - view-first = true; - local-zone = ''"baduhai.dev." transparent''; - local-data = tailscaleData; - } - # Single LAN view with all domains - { - name = "lan"; - view-first = true; - local-zone = ''"baduhai.dev." transparent''; - local-data = lanData; - } - ]; -} From bde5e2aabc17b452be085704cfdaa9e11e510fa6 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:46:49 -0300 Subject: [PATCH 19/75] add data/services.nix for shared service definitions Creates a standalone data file that can be imported by both aspects/constants.nix and terranix configurations. Co-Authored-By: Claude Opus 4.5 --- aspects/desktop/boot.nix | 5 +- aspects/desktop/nix.nix | 3 - aspects/desktop/services.nix | 5 +- aspects/hosts/_alexandria/jellyfin.nix | 3 +- aspects/hosts/_alexandria/kanidm.nix | 3 +- aspects/hosts/_alexandria/nextcloud.nix | 3 +- aspects/hosts/_alexandria/nginx.nix | 3 +- aspects/hosts/_alexandria/unbound.nix | 4 +- aspects/hosts/_alexandria/vaultwarden.nix | 3 +- aspects/hosts/_trantor/forgejo.nix | 3 +- aspects/hosts/_trantor/nginx.nix | 3 +- aspects/hosts/_trantor/unbound.nix | 4 +- aspects/server/boot.nix | 5 +- aspects/server/nix.nix | 3 - aspects/server/tailscale.nix | 5 +- data/services.nix | 42 +++++++++++ flake.lock | 16 ++++ flake.nix | 34 +++++---- plan.md | 89 +++++++++++++++++++++++ terranix/cloudflare/baduhai.dev.nix | 10 ++- 20 files changed, 189 insertions(+), 57 deletions(-) create mode 100644 data/services.nix create mode 100644 plan.md diff --git a/aspects/desktop/boot.nix b/aspects/desktop/boot.nix index bd98184..48f879d 100644 --- a/aspects/desktop/boot.nix +++ b/aspects/desktop/boot.nix @@ -1,9 +1,6 @@ -{ inputs, ... }: +{ ... }: { flake.modules.nixos.desktop-boot = { config, lib, pkgs, ... }: { - # Import parent aspect for inheritance - imports = [ inputs.self.modules.nixos.common-boot ]; - boot = { plymouth.enable = true; initrd.systemd.enable = true; diff --git a/aspects/desktop/nix.nix b/aspects/desktop/nix.nix index 67cfa11..a3aa421 100644 --- a/aspects/desktop/nix.nix +++ b/aspects/desktop/nix.nix @@ -1,9 +1,6 @@ { inputs, ... }: { flake.modules.nixos.desktop-nix = { config, lib, pkgs, ... }: { - # Import parent aspect for inheritance - imports = [ inputs.self.modules.nixos.common-nix ]; - environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; nix = { diff --git a/aspects/desktop/services.nix b/aspects/desktop/services.nix index 59f0a56..8ebbb6b 100644 --- a/aspects/desktop/services.nix +++ b/aspects/desktop/services.nix @@ -1,9 +1,6 @@ -{ inputs, ... }: +{ ... }: { flake.modules.nixos.desktop-services = { config, lib, pkgs, ... }: { - # Import parent aspect for inheritance - imports = [ inputs.self.modules.nixos.common-services ]; - services = { printing.enable = true; udev.packages = with pkgs; [ yubikey-personalization ]; diff --git a/aspects/hosts/_alexandria/jellyfin.nix b/aspects/hosts/_alexandria/jellyfin.nix index 591403d..0b024bd 100644 --- a/aspects/hosts/_alexandria/jellyfin.nix +++ b/aspects/hosts/_alexandria/jellyfin.nix @@ -1,7 +1,6 @@ { lib, inputs, ... }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + mkNginxVHosts = inputs.self.lib.mkNginxVHosts; in { services.jellyfin = { diff --git a/aspects/hosts/_alexandria/kanidm.nix b/aspects/hosts/_alexandria/kanidm.nix index d51eb14..35e08c8 100644 --- a/aspects/hosts/_alexandria/kanidm.nix +++ b/aspects/hosts/_alexandria/kanidm.nix @@ -7,8 +7,7 @@ }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + mkNginxVHosts = inputs.self.lib.mkNginxVHosts; kanidmCertDir = "/var/lib/kanidm/certs"; in diff --git a/aspects/hosts/_alexandria/nextcloud.nix b/aspects/hosts/_alexandria/nextcloud.nix index 9d69199..c4a9669 100644 --- a/aspects/hosts/_alexandria/nextcloud.nix +++ b/aspects/hosts/_alexandria/nextcloud.nix @@ -7,8 +7,7 @@ }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + mkNginxVHosts = inputs.self.lib.mkNginxVHosts; in { diff --git a/aspects/hosts/_alexandria/nginx.nix b/aspects/hosts/_alexandria/nginx.nix index 19258dd..26a7ba1 100644 --- a/aspects/hosts/_alexandria/nginx.nix +++ b/aspects/hosts/_alexandria/nginx.nix @@ -6,8 +6,7 @@ }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts services; + services = inputs.self.services; # Get all unique domains from shared services that have LAN IPs (served by this host) localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "alexandria") services)); diff --git a/aspects/hosts/_alexandria/unbound.nix b/aspects/hosts/_alexandria/unbound.nix index 6e46cdd..07c8850 100644 --- a/aspects/hosts/_alexandria/unbound.nix +++ b/aspects/hosts/_alexandria/unbound.nix @@ -1,7 +1,7 @@ { inputs, lib, ... }: let - utils = import ../../../utils.nix { inherit inputs lib; }; + services = inputs.self.services; in { @@ -35,7 +35,7 @@ in # LAN-only DNS records local-zone = ''"baduhai.dev." transparent''; local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') - (lib.filter (e: e ? lanIP) utils.services); + (lib.filter (e: e.lanIP != null) services); }; forward-zone = [ diff --git a/aspects/hosts/_alexandria/vaultwarden.nix b/aspects/hosts/_alexandria/vaultwarden.nix index 81e65b1..8577b2d 100644 --- a/aspects/hosts/_alexandria/vaultwarden.nix +++ b/aspects/hosts/_alexandria/vaultwarden.nix @@ -5,8 +5,7 @@ ... }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + mkNginxVHosts = inputs.self.lib.mkNginxVHosts; in { services.vaultwarden = { diff --git a/aspects/hosts/_trantor/forgejo.nix b/aspects/hosts/_trantor/forgejo.nix index e6b2159..1112622 100644 --- a/aspects/hosts/_trantor/forgejo.nix +++ b/aspects/hosts/_trantor/forgejo.nix @@ -6,8 +6,7 @@ }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + mkNginxVHosts = inputs.self.lib.mkNginxVHosts; in { diff --git a/aspects/hosts/_trantor/nginx.nix b/aspects/hosts/_trantor/nginx.nix index 1fd6b5c..5522e24 100644 --- a/aspects/hosts/_trantor/nginx.nix +++ b/aspects/hosts/_trantor/nginx.nix @@ -6,8 +6,7 @@ }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts services; + services = inputs.self.services; # Get all unique domains from shared services on trantor (host = "trantor") localDomains = lib.unique ( diff --git a/aspects/hosts/_trantor/unbound.nix b/aspects/hosts/_trantor/unbound.nix index 367c2c8..9f84228 100644 --- a/aspects/hosts/_trantor/unbound.nix +++ b/aspects/hosts/_trantor/unbound.nix @@ -1,7 +1,7 @@ { inputs, lib, ... }: let - utils = import ../../../utils.nix { inherit inputs lib; }; + services = inputs.self.services; in { @@ -35,7 +35,7 @@ in # Tailnet DNS records from shared services local-zone = ''"baduhai.dev." transparent''; - local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') utils.services; + local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') services; }; forward-zone = [ diff --git a/aspects/server/boot.nix b/aspects/server/boot.nix index 68397f2..ff5ef25 100644 --- a/aspects/server/boot.nix +++ b/aspects/server/boot.nix @@ -1,10 +1,7 @@ # aspects/server/boot.nix -{ inputs, ... }: +{ ... }: { flake.modules.nixos.server-boot = { config, lib, pkgs, ... }: { - # Import parent aspect for inheritance - imports = [ inputs.self.modules.nixos.common-boot ]; - boot.kernelPackages = pkgs.linuxPackages_hardened; }; } diff --git a/aspects/server/nix.nix b/aspects/server/nix.nix index b22565c..84bec67 100644 --- a/aspects/server/nix.nix +++ b/aspects/server/nix.nix @@ -2,9 +2,6 @@ { inputs, ... }: { flake.modules.nixos.server-nix = { config, lib, pkgs, ... }: { - # Import parent aspect for inheritance - imports = [ inputs.self.modules.nixos.common-nix ]; - environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; nix = { diff --git a/aspects/server/tailscale.nix b/aspects/server/tailscale.nix index 433494c..5a48799 100644 --- a/aspects/server/tailscale.nix +++ b/aspects/server/tailscale.nix @@ -1,10 +1,7 @@ # aspects/server/tailscale.nix -{ inputs, ... }: +{ ... }: { flake.modules.nixos.server-tailscale = { config, lib, pkgs, ... }: { - # Import parent aspect for inheritance - imports = [ inputs.self.modules.nixos.common-tailscale ]; - services.tailscale = { extraSetFlags = [ "--advertise-exit-node" ]; useRoutingFeatures = "server"; diff --git a/data/services.nix b/data/services.nix new file mode 100644 index 0000000..ae7395c --- /dev/null +++ b/data/services.nix @@ -0,0 +1,42 @@ +# Shared service and host definitions +# This file can be imported directly (unlike aspects which use flake-parts) +{ + hosts = { + alexandria = { + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + }; + trantor = { + tailscaleIP = "100.108.5.90"; + }; + }; + + services = [ + { + name = "kanidm"; + domain = "auth.baduhai.dev"; + host = "alexandria"; + } + { + name = "vaultwarden"; + domain = "pass.baduhai.dev"; + host = "alexandria"; + } + { + name = "forgejo"; + domain = "git.baduhai.dev"; + host = "trantor"; + public = true; + } + { + name = "nextcloud"; + domain = "cloud.baduhai.dev"; + host = "alexandria"; + } + { + name = "jellyfin"; + domain = "jellyfin.baduhai.dev"; + host = "alexandria"; + } + ]; +} diff --git a/flake.lock b/flake.lock index b5b63cf..c7b2e16 100644 --- a/flake.lock +++ b/flake.lock @@ -453,6 +453,21 @@ "type": "github" } }, + "import-tree": { + "locked": { + "lastModified": 1763762820, + "narHash": "sha256-ZvYKbFib3AEwiNMLsejb/CWs/OL/srFQ8AogkebEPF0=", + "owner": "vic", + "repo": "import-tree", + "rev": "3c23749d8013ec6daa1d7255057590e9ca726646", + "type": "github" + }, + "original": { + "owner": "vic", + "repo": "import-tree", + "type": "github" + } + }, "niri": { "inputs": { "nixpkgs": "nixpkgs_4", @@ -932,6 +947,7 @@ "flake-parts": "flake-parts", "home-manager": "home-manager_2", "impermanence": "impermanence", + "import-tree": "import-tree", "niri": "niri", "niri-flake": "niri-flake", "nix-ai-tools": "nix-ai-tools", diff --git a/flake.nix b/flake.nix index 701406d..ca1a349 100644 --- a/flake.nix +++ b/flake.nix @@ -58,21 +58,23 @@ outputs = inputs@{ flake-parts, import-tree, ... }: - flake-parts.lib.mkFlake { inherit inputs; } ( - import-tree ./aspects - // { - systems = [ - "x86_64-linux" - "aarch64-linux" - ]; + let + aspectsModule = import-tree ./aspects; + in + flake-parts.lib.mkFlake { inherit inputs; } { + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; - imports = [ - ./deploy.nix - ./devShells.nix - ./overlays.nix - ./packages.nix - ./terranixConfigurations.nix - ]; - } - ); + imports = [ + flake-parts.flakeModules.modules + ] ++ aspectsModule.imports ++ [ + ./deploy.nix + ./devShells.nix + ./overlays.nix + ./packages.nix + ./terranixConfigurations.nix + ]; + }; } diff --git a/plan.md b/plan.md new file mode 100644 index 0000000..af88fb9 --- /dev/null +++ b/plan.md @@ -0,0 +1,89 @@ +# Current structure: + +``` + hosts +├──  alexandria +│ ├──  hardware-configuration.nix +│ ├──  jellyfin.nix +│ ├──  kanidm.nix +│ ├──  nextcloud.nix +│ ├──  nginx.nix +│ ├──  unbound.nix +│ └──  vaultwarden.nix +├──  io +│ ├──  boot.nix +│ ├──  disko.nix +│ ├──  hardware-configuration.nix +│ ├──  programs.nix +│ └──  services.nix +├──  modules +│ ├──  common +│ │ ├──  boot.nix +│ │ ├──  console.nix +│ │ ├──  firewall.nix +│ │ ├──  locale.nix +│ │ ├──  nix.nix +│ │ ├──  openssh.nix +│ │ ├──  programs.nix +│ │ ├──  security.nix +│ │ ├──  services.nix +│ │ ├──  tailscale.nix +│ │ └──  users.nix +│ ├──  desktop +│ │ ├──  boot.nix +│ │ ├──  desktop.nix +│ │ ├──  nix.nix +│ │ └──  services.nix +│ ├──  server +│ │ ├──  boot.nix +│ │ ├──  nix.nix +│ │ └──  tailscale.nix +│ ├──  ai.nix +│ ├──  bluetooth.nix +│ ├──  dev.nix +│ ├──  ephemeral.nix +│ ├──  fwupd.nix +│ ├──  gaming.nix +│ ├──  libvirtd.nix +│ ├──  networkmanager.nix +│ └──  podman.nix +├──  rotterdam +│ ├──  boot.nix +│ ├──  hardware-configuration.nix +│ ├──  hardware.nix +│ ├──  programs.nix +│ └──  services.nix +└──  trantor + ├──  boot.nix + ├──  disko.nix + ├──  fail2ban.nix + ├──  forgejo.nix + ├──  hardware-configuration.nix + ├──  networking.nix + ├──  nginx.nix + ├──  openssh.nix + └──  unbound.nix + modules +└──  ephemeral.nix + users +├──  modules +│ ├──  common +│ │ ├──  bash.nix +│ │ ├──  fish.nix +│ │ └──  hm-cli.nix +│ ├──  desktop +│ │ ├──  desktop.nix +│ │ └──  niri.nix +│ ├──  btop.nix +│ ├──  comma.nix +│ ├──  direnv.nix +│ ├──  gaming.nix +│ ├──  helix.nix +│ ├──  obs-studio.nix +│ ├──  starship.nix +│ ├──  stylix.nix +│ └──  tmux.nix +└──  user + └──  git.nix +``` + diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix index 1b456f3..185e5bd 100644 --- a/terranix/cloudflare/baduhai.dev.nix +++ b/terranix/cloudflare/baduhai.dev.nix @@ -6,7 +6,15 @@ { config, lib, ... }: let - inherit (import ../../shared/services.nix) services; + sharedData = import ../../data/services.nix; + # Enrich services with host IPs + services = map (svc: + let hostInfo = sharedData.hosts.${svc.host} or {}; + in svc // { + lanIP = hostInfo.lanIP or null; + tailscaleIP = hostInfo.tailscaleIP or null; + } + ) sharedData.services; # Helper to extract subdomain from full domain (e.g., "git.baduhai.dev" -> "git") getSubdomain = domain: lib.head (lib.splitString "." domain); From 1b7ea7e59b95bee0dbf969e9b31cf9a142201f19 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 23:50:27 -0300 Subject: [PATCH 20/75] constants: import hosts/services from data/services.nix Eliminates duplication by using data/services.nix as single source of truth for both flake-parts modules and terranix. Co-Authored-By: Claude Opus 4.5 --- aspects/constants.nix | 43 ++++--------------------------------------- 1 file changed, 4 insertions(+), 39 deletions(-) diff --git a/aspects/constants.nix b/aspects/constants.nix index 633cff6..2d980e1 100644 --- a/aspects/constants.nix +++ b/aspects/constants.nix @@ -50,35 +50,8 @@ let }; }; - # Raw services list before enrichment - rawServices = [ - { - name = "kanidm"; - domain = "auth.baduhai.dev"; - host = "alexandria"; - } - { - name = "vaultwarden"; - domain = "pass.baduhai.dev"; - host = "alexandria"; - } - { - name = "forgejo"; - domain = "git.baduhai.dev"; - host = "trantor"; - public = true; - } - { - name = "nextcloud"; - domain = "cloud.baduhai.dev"; - host = "alexandria"; - } - { - name = "jellyfin"; - domain = "jellyfin.baduhai.dev"; - host = "alexandria"; - } - ]; + # Import shared data (also used by terranix) + sharedData = import ../data/services.nix; # Enrich services with host IP information enrichServices = hosts: services: @@ -115,17 +88,9 @@ in }; config.flake = { - hosts = { - alexandria = { - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - }; - trantor = { - tailscaleIP = "100.108.5.90"; - }; - }; + hosts = sharedData.hosts; - services = enrichServices config.flake.hosts rawServices; + services = enrichServices config.flake.hosts sharedData.services; lib = { # Nginx virtual host utilities From 829fde6a3af7ba20959d90911e07dde5167b3f4b Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 07:54:49 -0300 Subject: [PATCH 21/75] packages: convert to self-contained flake-parts modules Each package file now exports its own perSystem.packages. definition instead of being called from a centralized packages.nix file. Co-Authored-By: Claude Opus 4.5 --- packages/base16-schemes.nix | 55 ++--- packages/claude-desktop.nix | 400 +++++++++++++++++------------------ packages/fastfetch.nix | 159 +++++++------- packages/hm-cli.nix | 176 +++++++-------- packages/kwrite.nix | 32 +-- packages/toggleaudiosink.nix | 82 +++---- 6 files changed, 459 insertions(+), 445 deletions(-) diff --git a/packages/base16-schemes.nix b/packages/base16-schemes.nix index ffd6c04..fbb1341 100644 --- a/packages/base16-schemes.nix +++ b/packages/base16-schemes.nix @@ -1,32 +1,35 @@ +{ ... }: + { - lib, - stdenv, - fetchFromGitHub, -}: -stdenv.mkDerivation (finalAttrs: { - pname = "base16-schemes"; - version = "0-unstable-2025-06-04"; + perSystem = + { pkgs, ... }: + { + packages.base16-schemes = pkgs.stdenv.mkDerivation (finalAttrs: { + pname = "base16-schemes"; + version = "0-unstable-2025-06-04"; - src = fetchFromGitHub { - owner = "tinted-theming"; - repo = "schemes"; - rev = "317a5e10c35825a6c905d912e480dfe8e71c7559"; - hash = "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM="; - }; + src = pkgs.fetchFromGitHub { + owner = "tinted-theming"; + repo = "schemes"; + rev = "317a5e10c35825a6c905d912e480dfe8e71c7559"; + hash = "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM="; + }; - installPhase = '' - runHook preInstall + installPhase = '' + runHook preInstall - mkdir -p $out/share/themes/ - install base16/*.yaml $out/share/themes/ + mkdir -p $out/share/themes/ + install base16/*.yaml $out/share/themes/ - runHook postInstall - ''; + runHook postInstall + ''; - meta = { - description = "All the color schemes for use in base16 packages"; - homepage = "https://github.com/tinted-theming/schemes"; - maintainers = [ lib.maintainers.DamienCassou ]; - license = lib.licenses.mit; - }; -}) + meta = { + description = "All the color schemes for use in base16 packages"; + homepage = "https://github.com/tinted-theming/schemes"; + maintainers = [ pkgs.lib.maintainers.DamienCassou ]; + license = pkgs.lib.licenses.mit; + }; + }); + }; +} diff --git a/packages/claude-desktop.nix b/packages/claude-desktop.nix index e72fc37..e93f3af 100644 --- a/packages/claude-desktop.nix +++ b/packages/claude-desktop.nix @@ -1,221 +1,215 @@ +{ inputs, ... }: + { - lib, - stdenv, - fetchurl, - makeWrapper, - makeDesktopItem, - copyDesktopItems, - p7zip, - unzip, - electron, - nodejs, - asar, - graphicsmagick, -}: + perSystem = + { system, ... }: + let + pkgs = import inputs.nixpkgs { + inherit system; + config.allowUnfree = true; + }; -let - pname = "claude-desktop"; - version = "1.0.1768"; # Updated based on extracted nupkg + pname = "claude-desktop"; + version = "1.0.1768"; - srcs.x86_64-linux = fetchurl { - url = "https://downloads.claude.ai/releases/win32/x64/1.0.1768/Claude-67d01376d0e9d08b328455f6db9e63b0d603506a.exe"; - hash = "sha256-x76Qav38ya3ObpWIq3dDowo79LgvVquMfaZeH8M1LUk=;"; - }; + srcs.x86_64-linux = pkgs.fetchurl { + url = "https://downloads.claude.ai/releases/win32/x64/1.0.1768/Claude-67d01376d0e9d08b328455f6db9e63b0d603506a.exe"; + hash = "sha256-x76Qav38ya3ObpWIq3dDowo79LgvVquMfaZeH8M1LUk=;"; + }; - src = - srcs.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); + src = + srcs.${pkgs.stdenv.hostPlatform.system} or (throw "Unsupported system: ${pkgs.stdenv.hostPlatform.system}"); - # Stub implementation for claude-native module - claudeNativeStub = '' - // Stub implementation of claude-native using KeyboardKey enum values - const KeyboardKey = { - Backspace: 43, Tab: 280, Enter: 261, Shift: 272, Control: 61, Alt: 40, - CapsLock: 56, Escape: 85, Space: 276, PageUp: 251, PageDown: 250, - End: 83, Home: 154, LeftArrow: 175, UpArrow: 282, RightArrow: 262, - DownArrow: 81, Delete: 79, Meta: 187 - }; - Object.freeze(KeyboardKey); - module.exports = { - getWindowsVersion: () => "10.0.0", - setWindowEffect: () => {}, - removeWindowEffect: () => {}, - getIsMaximized: () => false, - flashFrame: () => {}, - clearFlashFrame: () => {}, - showNotification: () => {}, - setProgressBar: () => {}, - clearProgressBar: () => {}, - setOverlayIcon: () => {}, - clearOverlayIcon: () => {}, - KeyboardKey - }; - ''; + claudeNativeStub = '' + // Stub implementation of claude-native using KeyboardKey enum values + const KeyboardKey = { + Backspace: 43, Tab: 280, Enter: 261, Shift: 272, Control: 61, Alt: 40, + CapsLock: 56, Escape: 85, Space: 276, PageUp: 251, PageDown: 250, + End: 83, Home: 154, LeftArrow: 175, UpArrow: 282, RightArrow: 262, + DownArrow: 81, Delete: 79, Meta: 187 + }; + Object.freeze(KeyboardKey); + module.exports = { + getWindowsVersion: () => "10.0.0", + setWindowEffect: () => {}, + removeWindowEffect: () => {}, + getIsMaximized: () => false, + flashFrame: () => {}, + clearFlashFrame: () => {}, + showNotification: () => {}, + setProgressBar: () => {}, + clearProgressBar: () => {}, + setOverlayIcon: () => {}, + clearOverlayIcon: () => {}, + KeyboardKey + }; + ''; + in + { + packages.claude-desktop = pkgs.stdenv.mkDerivation rec { + inherit pname version src; -in -stdenv.mkDerivation rec { - inherit pname version src; + nativeBuildInputs = with pkgs; [ + makeWrapper + copyDesktopItems + p7zip + unzip + nodejs + graphicsmagick + ]; - nativeBuildInputs = [ - makeWrapper - copyDesktopItems - p7zip - unzip - nodejs - graphicsmagick - ]; + buildInputs = [ pkgs.electron ]; - buildInputs = [ - electron - ]; + desktopItems = [ + (pkgs.makeDesktopItem { + name = "claude-desktop"; + desktopName = "Claude"; + comment = "AI assistant from Anthropic"; + exec = "claude-desktop %u"; + icon = "claude-desktop"; + categories = [ + "Network" + "Chat" + "Office" + ]; + mimeTypes = [ "x-scheme-handler/claude" ]; + startupNotify = true; + startupWMClass = "Claude"; + }) + ]; - desktopItems = [ - (makeDesktopItem { - name = "claude-desktop"; - desktopName = "Claude"; - comment = "AI assistant from Anthropic"; - exec = "claude-desktop %u"; - icon = "claude-desktop"; - categories = [ - "Network" - "Chat" - "Office" - ]; - mimeTypes = [ "x-scheme-handler/claude" ]; - startupNotify = true; - startupWMClass = "Claude"; - }) - ]; + unpackPhase = '' + runHook preUnpack - unpackPhase = '' - runHook preUnpack + # Extract the Windows installer - use -y to auto-overwrite + 7z x -y $src -o./extracted - # Extract the Windows installer - use -y to auto-overwrite - 7z x -y $src -o./extracted + # The installer contains a NuGet package + if [ -f ./extracted/AnthropicClaude-*-full.nupkg ]; then + echo "Found NuGet package, extracting..." + # NuGet packages are just zip files + unzip -q ./extracted/AnthropicClaude-*-full.nupkg -d ./nupkg - # The installer contains a NuGet package - if [ -f ./extracted/AnthropicClaude-*-full.nupkg ]; then - echo "Found NuGet package, extracting..." - # NuGet packages are just zip files - unzip -q ./extracted/AnthropicClaude-*-full.nupkg -d ./nupkg + # Extract app.asar to modify it + if [ -f ./nupkg/lib/net45/resources/app.asar ]; then + echo "Extracting app.asar..." + ${pkgs.asar}/bin/asar extract ./nupkg/lib/net45/resources/app.asar ./app - # Extract app.asar to modify it - if [ -f ./nupkg/lib/net45/resources/app.asar ]; then - echo "Extracting app.asar..." - ${asar}/bin/asar extract ./nupkg/lib/net45/resources/app.asar ./app + # Also copy the unpacked resources + if [ -d ./nupkg/lib/net45/resources/app.asar.unpacked ]; then + cp -r ./nupkg/lib/net45/resources/app.asar.unpacked/* ./app/ + fi - # Also copy the unpacked resources - if [ -d ./nupkg/lib/net45/resources/app.asar.unpacked ]; then - cp -r ./nupkg/lib/net45/resources/app.asar.unpacked/* ./app/ - fi - - # Copy additional resources - mkdir -p ./app/resources - mkdir -p ./app/resources/i18n - cp ./nupkg/lib/net45/resources/Tray* ./app/resources/ || true - cp ./nupkg/lib/net45/resources/*-*.json ./app/resources/i18n/ || true - fi - else - echo "NuGet package not found" - ls -la ./extracted/ - exit 1 - fi - - runHook postUnpack - ''; - - buildPhase = '' - runHook preBuild - - # Replace the Windows-specific claude-native module with a stub - if [ -d ./app/node_modules/claude-native ]; then - echo "Replacing claude-native module with Linux stub..." - rm -rf ./app/node_modules/claude-native/*.node - cat > ./app/node_modules/claude-native/index.js << 'EOF' - ${claudeNativeStub} - EOF - fi - - # Fix the title bar detection (from aaddrick script) - echo "Fixing title bar detection..." - SEARCH_BASE="./app/.vite/renderer/main_window/assets" - if [ -d "$SEARCH_BASE" ]; then - TARGET_FILE=$(find "$SEARCH_BASE" -type f -name "MainWindowPage-*.js" | head -1) - if [ -n "$TARGET_FILE" ]; then - echo "Found target file: $TARGET_FILE" - # Replace patterns like 'if(!VAR1 && VAR2)' with 'if(VAR1 && VAR2)' - sed -i -E 's/if\(!([a-zA-Z]+)[[:space:]]*&&[[:space:]]*([a-zA-Z]+)\)/if(\1 \&\& \2)/g' "$TARGET_FILE" - echo "Title bar fix applied" - fi - fi - - runHook postBuild - ''; - - installPhase = '' - runHook preInstall - - mkdir -p $out/lib/claude-desktop - - # Repack the modified app as app.asar - cd ./app - ${asar}/bin/asar pack . ../app.asar - cd .. - - # Copy resources - mkdir -p $out/lib/claude-desktop/resources - cp ./app.asar $out/lib/claude-desktop/resources/ - - # Create app.asar.unpacked directory with the stub - mkdir -p $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native - cat > $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native/index.js << 'EOF' - ${claudeNativeStub} - EOF - - # Copy other resources - if [ -d ./nupkg/lib/net45/resources ]; then - cp ./nupkg/lib/net45/resources/*.png $out/lib/claude-desktop/resources/ 2>/dev/null || true - cp ./nupkg/lib/net45/resources/*.ico $out/lib/claude-desktop/resources/ 2>/dev/null || true - cp ./nupkg/lib/net45/resources/*.json $out/lib/claude-desktop/resources/ 2>/dev/null || true - fi - - # Create wrapper script - makeWrapper ${electron}/bin/electron $out/bin/claude-desktop \ - --add-flags "$out/lib/claude-desktop/resources/app.asar" \ - --set DISABLE_AUTOUPDATER 1 \ - --set NODE_ENV production - - # Extract and install icons in multiple sizes - if [ -f ./extracted/setupIcon.ico ]; then - echo "Converting and installing icons..." - # Count frames in the ICO file and extract each one - frame_count=$(gm identify ./extracted/setupIcon.ico | wc -l) - for i in $(seq 0 $((frame_count - 1))); do - gm convert "./extracted/setupIcon.ico[$i]" "./extracted/setupIcon-$i.png" 2>/dev/null || true - done - - # Loop through converted icons and install them by size - for img in ./extracted/setupIcon-*.png; do - if [ -f "$img" ]; then - size=$(gm identify -format "%wx%h" "$img") - # Skip smallest icons (16x16 and 32x32) as they're too low quality - if [ "$size" != "16x16" ] && [ "$size" != "32x32" ]; then - mkdir -p "$out/share/icons/hicolor/$size/apps" - cp "$img" "$out/share/icons/hicolor/$size/apps/claude-desktop.png" + # Copy additional resources + mkdir -p ./app/resources + mkdir -p ./app/resources/i18n + cp ./nupkg/lib/net45/resources/Tray* ./app/resources/ || true + cp ./nupkg/lib/net45/resources/*-*.json ./app/resources/i18n/ || true + fi + else + echo "NuGet package not found" + ls -la ./extracted/ + exit 1 fi - fi - done - fi - runHook postInstall - ''; + runHook postUnpack + ''; - meta = with lib; { - description = "Claude Desktop - AI assistant from Anthropic"; - homepage = "https://claude.ai"; - license = licenses.unfree; - sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; - maintainers = with maintainers; [ ]; - platforms = [ "x86_64-linux" ]; - mainProgram = "claude-desktop"; - }; + buildPhase = '' + runHook preBuild + + # Replace the Windows-specific claude-native module with a stub + if [ -d ./app/node_modules/claude-native ]; then + echo "Replacing claude-native module with Linux stub..." + rm -rf ./app/node_modules/claude-native/*.node + cat > ./app/node_modules/claude-native/index.js << 'EOF' + ${claudeNativeStub} + EOF + fi + + # Fix the title bar detection (from aaddrick script) + echo "Fixing title bar detection..." + SEARCH_BASE="./app/.vite/renderer/main_window/assets" + if [ -d "$SEARCH_BASE" ]; then + TARGET_FILE=$(find "$SEARCH_BASE" -type f -name "MainWindowPage-*.js" | head -1) + if [ -n "$TARGET_FILE" ]; then + echo "Found target file: $TARGET_FILE" + # Replace patterns like 'if(!VAR1 && VAR2)' with 'if(VAR1 && VAR2)' + sed -i -E 's/if\(!([a-zA-Z]+)[[:space:]]*&&[[:space:]]*([a-zA-Z]+)\)/if(\1 \&\& \2)/g' "$TARGET_FILE" + echo "Title bar fix applied" + fi + fi + + runHook postBuild + ''; + + installPhase = '' + runHook preInstall + + mkdir -p $out/lib/claude-desktop + + # Repack the modified app as app.asar + cd ./app + ${pkgs.asar}/bin/asar pack . ../app.asar + cd .. + + # Copy resources + mkdir -p $out/lib/claude-desktop/resources + cp ./app.asar $out/lib/claude-desktop/resources/ + + # Create app.asar.unpacked directory with the stub + mkdir -p $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native + cat > $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native/index.js << 'EOF' + ${claudeNativeStub} + EOF + + # Copy other resources + if [ -d ./nupkg/lib/net45/resources ]; then + cp ./nupkg/lib/net45/resources/*.png $out/lib/claude-desktop/resources/ 2>/dev/null || true + cp ./nupkg/lib/net45/resources/*.ico $out/lib/claude-desktop/resources/ 2>/dev/null || true + cp ./nupkg/lib/net45/resources/*.json $out/lib/claude-desktop/resources/ 2>/dev/null || true + fi + + # Create wrapper script + makeWrapper ${pkgs.electron}/bin/electron $out/bin/claude-desktop \ + --add-flags "$out/lib/claude-desktop/resources/app.asar" \ + --set DISABLE_AUTOUPDATER 1 \ + --set NODE_ENV production + + # Extract and install icons in multiple sizes + if [ -f ./extracted/setupIcon.ico ]; then + echo "Converting and installing icons..." + # Count frames in the ICO file and extract each one + frame_count=$(gm identify ./extracted/setupIcon.ico | wc -l) + for i in $(seq 0 $((frame_count - 1))); do + gm convert "./extracted/setupIcon.ico[$i]" "./extracted/setupIcon-$i.png" 2>/dev/null || true + done + + # Loop through converted icons and install them by size + for img in ./extracted/setupIcon-*.png; do + if [ -f "$img" ]; then + size=$(gm identify -format "%wx%h" "$img") + # Skip smallest icons (16x16 and 32x32) as they're too low quality + if [ "$size" != "16x16" ] && [ "$size" != "32x32" ]; then + mkdir -p "$out/share/icons/hicolor/$size/apps" + cp "$img" "$out/share/icons/hicolor/$size/apps/claude-desktop.png" + fi + fi + done + fi + + runHook postInstall + ''; + + meta = with pkgs.lib; { + description = "Claude Desktop - AI assistant from Anthropic"; + homepage = "https://claude.ai"; + license = licenses.unfree; + sourceProvenance = with sourceTypes; [ binaryNativeCode ]; + maintainers = [ ]; + platforms = [ "x86_64-linux" ]; + mainProgram = "claude-desktop"; + }; + }; + }; } diff --git a/packages/fastfetch.nix b/packages/fastfetch.nix index fa8e0ea..aa8d616 100644 --- a/packages/fastfetch.nix +++ b/packages/fastfetch.nix @@ -1,81 +1,84 @@ +{ ... }: + { - lib, - pkgs ? import { }, -}: + perSystem = + { pkgs, lib, ... }: + let + fastfetch-logo = pkgs.fetchurl { + url = "https://discourse.nixos.org/uploads/default/original/3X/3/6/36954e6d6aa32c8b00f50ca43f142d898c1ff535.png"; + hash = "sha256-aLHz8jSAFocrn+Pb4vRq0wtkYFJpBpZRevd+VoZC/PQ="; + }; -let - fastfetch-logo = pkgs.fetchurl { - url = "https://discourse.nixos.org/uploads/default/original/3X/3/6/36954e6d6aa32c8b00f50ca43f142d898c1ff535.png"; - hash = "sha256-aLHz8jSAFocrn+Pb4vRq0wtkYFJpBpZRevd+VoZC/PQ="; - }; - - fastfetch-config = pkgs.writeText "fastfetch-config.json" ( - builtins.toJSON { - "$schema" = "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json"; - modules = [ - "title" - "separator" - { - type = "os"; - keyWidth = 9; + fastfetch-config = pkgs.writeText "fastfetch-config.json" ( + builtins.toJSON { + "$schema" = "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json"; + modules = [ + "title" + "separator" + { + type = "os"; + keyWidth = 9; + } + { + type = "kernel"; + keyWidth = 9; + } + { + type = "uptime"; + keyWidth = 9; + } + { + type = "shell"; + keyWidth = 9; + } + "break" + { + type = "cpu"; + keyWidth = 11; + } + { + type = "memory"; + keyWidth = 11; + } + { + type = "swap"; + keyWidth = 11; + } + { + type = "disk"; + folders = "/"; + keyWidth = 11; + } + { + type = "command"; + key = "Systemd"; + keyWidth = 11; + text = "echo \"$(systemctl list-units --state=failed --no-legend | wc -l) failed units, $(systemctl list-jobs --no-legend | wc -l) queued jobs\""; + } + "break" + { + type = "command"; + key = "Public IP"; + keyWidth = 15; + text = "curl -s -4 ifconfig.me 2>/dev/null || echo 'N/A'"; + } + { + type = "command"; + key = "Tailscale IP"; + keyWidth = 15; + text = "tailscale ip -4 2>/dev/null || echo 'N/A'"; + } + { + type = "command"; + key = "Local IP"; + keyWidth = 15; + text = "ip -4 addr show scope global | grep inet | head -n1 | awk '{print $2}' | cut -d/ -f1"; + } + ]; } - { - type = "kernel"; - keyWidth = 9; - } - { - type = "uptime"; - keyWidth = 9; - } - { - type = "shell"; - keyWidth = 9; - } - "break" - { - type = "cpu"; - keyWidth = 11; - } - { - type = "memory"; - keyWidth = 11; - } - { - type = "swap"; - keyWidth = 11; - } - { - type = "disk"; - folders = "/"; - keyWidth = 11; - } - { - type = "command"; - key = "Systemd"; - keyWidth = 11; - text = "echo \"$(systemctl list-units --state=failed --no-legend | wc -l) failed units, $(systemctl list-jobs --no-legend | wc -l) queued jobs\""; - } - "break" - { - type = "command"; - key = "Public IP"; - keyWidth = 15; - text = "curl -s -4 ifconfig.me 2>/dev/null || echo 'N/A'"; - } - { - type = "command"; - key = "Tailscale IP"; - keyWidth = 15; - text = "tailscale ip -4 2>/dev/null || echo 'N/A'"; - } - { - type = "command"; - key = "Local IP"; - keyWidth = 15; - text = "ip -4 addr show scope global | grep inet | head -n1 | awk '{print $2}' | cut -d/ -f1"; - } - ]; - } - ); -in -pkgs.writeShellScriptBin "fastfetch" ''exec ${lib.getExe pkgs.fastfetch} --config ${fastfetch-config} --logo-type kitty --logo ${fastfetch-logo} --logo-padding-right 1 --logo-width 36 "$@" '' + ); + in + { + packages.fastfetch = pkgs.writeShellScriptBin "fastfetch" ''exec ${lib.getExe pkgs.fastfetch} --config ${fastfetch-config} --logo-type kitty --logo ${fastfetch-logo} --logo-padding-right 1 --logo-width 36 "$@" ''; + }; +} diff --git a/packages/hm-cli.nix b/packages/hm-cli.nix index f6034ea..94dae66 100644 --- a/packages/hm-cli.nix +++ b/packages/hm-cli.nix @@ -1,105 +1,109 @@ +{ ... }: + { - pkgs ? import { }, -}: + perSystem = + { pkgs, ... }: + { + packages.hm-cli = pkgs.writeShellScriptBin "hm" '' + set -e -pkgs.writeShellScriptBin "hm" '' - set -e + HM="${pkgs.lib.getExe pkgs.home-manager}" + FLAKE_PATH="''${HM_PATH:-$HOME/.config/home-manager}" + FLAKE_OUTPUT="''${HM_USER:-$(whoami)@$(hostname)}" - HM="${pkgs.lib.getExe pkgs.home-manager}" - FLAKE_PATH="''${HM_PATH:-$HOME/.config/home-manager}" - FLAKE_OUTPUT="''${HM_USER:-$(whoami)@$(hostname)}" + show_usage() { + cat < [args] - show_usage() { - cat < [args] + Commands: + apply Switch to a new generation + generation list List all generations + generation delete ID... Delete specified generation(s) + generation rollback Rollback to the previous generation + generation switch ID Switch to the specified generation + generation cleanup Delete all but the current generation - Commands: - apply Switch to a new generation - generation list List all generations - generation delete ID... Delete specified generation(s) - generation rollback Rollback to the previous generation - generation switch ID Switch to the specified generation - generation cleanup Delete all but the current generation + Environment Variables: + HM_PATH Override default flake path (~/.config/home-manager) + Currently set to "''${HM_PATH:-}" + HM_USER Override default user output ("$(whoami)@$(hostname)") + Currently set to "''${HM_USER:-}" + EOF + } - Environment Variables: - HM_PATH Override default flake path (~/.config/home-manager) - Currently set to "''${HM_PATH:-}" - HM_USER Override default user output ("$(whoami)@$(hostname)") - Currently set to "''${HM_USER:-}" - EOF - } - - if [[ $# -eq 0 ]]; then - show_usage - exit 1 - fi - - case "$1" in - apply) - "$HM" switch --flake "$FLAKE_PATH#$FLAKE_OUTPUT" -b bkp - ;; - generation) - if [[ $# -lt 2 ]]; then - echo "Error: generation command requires a subcommand" + if [[ $# -eq 0 ]]; then show_usage exit 1 fi - case "$2" in - list) - "$HM" generations + case "$1" in + apply) + "$HM" switch --flake "$FLAKE_PATH#$FLAKE_OUTPUT" -b bkp ;; - delete) - if [[ $# -lt 3 ]]; then - echo "Error: delete requires at least one generation ID" + generation) + if [[ $# -lt 2 ]]; then + echo "Error: generation command requires a subcommand" + show_usage exit 1 fi - shift 2 - "$HM" remove-generations "$@" - ;; - rollback) - PREV_GEN=$("$HM" generations | \ - sed -n 's/^[[:space:]]*id \([0-9]\+\).*/\1/p' | \ - head -n 2 | tail -n 1) - if [[ -z "$PREV_GEN" ]]; then - echo "Error: could not determine previous generation (possibly only one generation exists)" - exit 1 - fi - "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$PREV_GEN" -b bkp - ;; - switch) - if [[ $# -ne 3 ]]; then - echo "Error: switch requires exactly one generation ID" - exit 1 - fi - "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$3" -b bkp - ;; - cleanup) - CURRENT_GEN=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .* (current)$/\1/p') - if [[ -z "$CURRENT_GEN" ]]; then - echo "Error: could not determine current generation" - exit 1 - fi - OLD_GENS=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .*/\1/p' | grep -v "^$CURRENT_GEN$") - if [[ -z "$OLD_GENS" ]]; then - echo "No old generations to delete" - else - echo "Deleting generations: $(echo $OLD_GENS | tr '\n' ' ')" - echo "$OLD_GENS" | xargs "$HM" remove-generations - echo "Cleanup complete. Current generation $CURRENT_GEN preserved." - fi + + case "$2" in + list) + "$HM" generations + ;; + delete) + if [[ $# -lt 3 ]]; then + echo "Error: delete requires at least one generation ID" + exit 1 + fi + shift 2 + "$HM" remove-generations "$@" + ;; + rollback) + PREV_GEN=$("$HM" generations | \ + sed -n 's/^[[:space:]]*id \([0-9]\+\).*/\1/p' | \ + head -n 2 | tail -n 1) + if [[ -z "$PREV_GEN" ]]; then + echo "Error: could not determine previous generation (possibly only one generation exists)" + exit 1 + fi + "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$PREV_GEN" -b bkp + ;; + switch) + if [[ $# -ne 3 ]]; then + echo "Error: switch requires exactly one generation ID" + exit 1 + fi + "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$3" -b bkp + ;; + cleanup) + CURRENT_GEN=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .* (current)$/\1/p') + if [[ -z "$CURRENT_GEN" ]]; then + echo "Error: could not determine current generation" + exit 1 + fi + OLD_GENS=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .*/\1/p' | grep -v "^$CURRENT_GEN$") + if [[ -z "$OLD_GENS" ]]; then + echo "No old generations to delete" + else + echo "Deleting generations: $(echo $OLD_GENS | tr '\n' ' ')" + echo "$OLD_GENS" | xargs "$HM" remove-generations + echo "Cleanup complete. Current generation $CURRENT_GEN preserved." + fi + ;; + *) + echo "Error: unknown generation subcommand '$2'" + show_usage + exit 1 + ;; + esac ;; *) - echo "Error: unknown generation subcommand '$2'" + echo "Error: unknown command '$1'" show_usage exit 1 ;; esac - ;; - *) - echo "Error: unknown command '$1'" - show_usage - exit 1 - ;; - esac -'' + ''; + }; +} diff --git a/packages/kwrite.nix b/packages/kwrite.nix index 14ebce1..67ce69e 100644 --- a/packages/kwrite.nix +++ b/packages/kwrite.nix @@ -1,15 +1,21 @@ -{ pkgs }: +{ ... }: -pkgs.symlinkJoin { - name = "kwrite"; - paths = [ pkgs.kdePackages.kate ]; - postBuild = '' - rm -rf $out/bin/kate \ - $out/bin/.kate-wrapped \ - $out/share/applications/org.kde.kate.desktop \ - $out/share/man \ - $out/share/icons/hicolor/*/apps/kate.png \ - $out/share/icons/hicolor/scalable/apps/kate.svg \ - $out/share/appdata/org.kde.kate.appdata.xml - ''; +{ + perSystem = + { pkgs, ... }: + { + packages.kwrite = pkgs.symlinkJoin { + name = "kwrite"; + paths = [ pkgs.kdePackages.kate ]; + postBuild = '' + rm -rf $out/bin/kate \ + $out/bin/.kate-wrapped \ + $out/share/applications/org.kde.kate.desktop \ + $out/share/man \ + $out/share/icons/hicolor/*/apps/kate.png \ + $out/share/icons/hicolor/scalable/apps/kate.svg \ + $out/share/appdata/org.kde.kate.appdata.xml + ''; + }; + }; } diff --git a/packages/toggleaudiosink.nix b/packages/toggleaudiosink.nix index 623346f..22e0d44 100644 --- a/packages/toggleaudiosink.nix +++ b/packages/toggleaudiosink.nix @@ -1,48 +1,52 @@ +{ ... }: + { - pkgs ? import { }, -}: + perSystem = + { pkgs, ... }: + { + packages.toggleaudiosink = pkgs.writeShellScriptBin "toggleaudiosink" '' + #!/usr/bin/env bash -pkgs.writeShellScriptBin "toggleaudiosink" '' - #!/usr/bin/env bash + sound_server="pipewire" - sound_server="pipewire" + # Grab a count of how many audio sinks we have + sink_count=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -c "Sink #[[:digit:]]") + # Create an array of the actual sink IDs + sinks=() + mapfile -t sinks < <(${pkgs.pulseaudio}/bin/pactl list sinks | grep 'Sink #[[:digit:]]' | sed -n -e 's/.*Sink #\([[:digit:]]\)/\1/p') + # Get the ID of the active sink + active_sink_name=$(${pkgs.pulseaudio}/bin/pactl info | grep 'Default Sink:' | sed -n -e 's/.*Default Sink:[[:space:]]\+\(.*\)/\1/p') + active_sink=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -B 2 "$active_sink_name" | sed -n -e 's/Sink #\([[:digit:]]\)/\1/p' | head -n 1) - # Grab a count of how many audio sinks we have - sink_count=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -c "Sink #[[:digit:]]") - # Create an array of the actual sink IDs - sinks=() - mapfile -t sinks < <(${pkgs.pulseaudio}/bin/pactl list sinks | grep 'Sink #[[:digit:]]' | sed -n -e 's/.*Sink #\([[:digit:]]\)/\1/p') - # Get the ID of the active sink - active_sink_name=$(${pkgs.pulseaudio}/bin/pactl info | grep 'Default Sink:' | sed -n -e 's/.*Default Sink:[[:space:]]\+\(.*\)/\1/p') - active_sink=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -B 2 "$active_sink_name" | sed -n -e 's/Sink #\([[:digit:]]\)/\1/p' | head -n 1) + # Get the ID of the last sink in the array + final_sink=''${sinks[$((sink_count - 1))]} - # Get the ID of the last sink in the array - final_sink=''${sinks[$((sink_count - 1))]} + # Find the index of the active sink + for index in "''${!sinks[@]}"; do + if [[ "''${sinks[$index]}" == "$active_sink" ]]; then + active_sink_index=$index + fi + done - # Find the index of the active sink - for index in "''${!sinks[@]}"; do - if [[ "''${sinks[$index]}" == "$active_sink" ]]; then - active_sink_index=$index - fi - done + # Default to the first sink in the list + next_sink=''${sinks[0]} + next_sink_index=0 - # Default to the first sink in the list - next_sink=''${sinks[0]} - next_sink_index=0 + # If we're not at the end of the list, move up the list + if [[ $active_sink -ne $final_sink ]]; then + next_sink_index=$((active_sink_index + 1)) + next_sink=''${sinks[$next_sink_index]} + fi - # If we're not at the end of the list, move up the list - if [[ $active_sink -ne $final_sink ]]; then - next_sink_index=$((active_sink_index + 1)) - next_sink=''${sinks[$next_sink_index]} - fi + # Change the default sink + # Get the name of the next sink + next_sink_name=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -C 2 "Sink #$next_sink" | sed -n -e 's/.*Name:[[:space:]]\+\(.*\)/\1/p' | head -n 1) + ${pkgs.pulseaudio}/bin/pactl set-default-sink "$next_sink_name" - # Change the default sink - # Get the name of the next sink - next_sink_name=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -C 2 "Sink #$next_sink" | sed -n -e 's/.*Name:[[:space:]]\+\(.*\)/\1/p' | head -n 1) - ${pkgs.pulseaudio}/bin/pactl set-default-sink "$next_sink_name" - - # Move all inputs to the new sink - for app in $(${pkgs.pulseaudio}/bin/pactl list sink-inputs | sed -n -e 's/.*Sink Input #\([[:digit:]]\)/\1/p'); do - ${pkgs.pulseaudio}/bin/pactl "move-sink-input $app $next_sink" - done -'' + # Move all inputs to the new sink + for app in $(${pkgs.pulseaudio}/bin/pactl list sink-inputs | sed -n -e 's/.*Sink Input #\([[:digit:]]\)/\1/p'); do + ${pkgs.pulseaudio}/bin/pactl "move-sink-input $app $next_sink" + done + ''; + }; +} From 29f7621d4275f6460629306df176836f90f92d38 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 07:56:24 -0300 Subject: [PATCH 22/75] flake: use import-tree for packages directory - Move overlays.nix into packages/overlays.nix with dynamic pattern - Update flake.nix to use packagesModule from import-tree - Delete centralized packages.nix (packages are now self-contained) The packages directory is now fully self-contained with each package exporting its own flake output and overlays auto-including all packages. Co-Authored-By: Claude Opus 4.5 --- flake.nix | 15 ++++++++------- overlays.nix | 14 -------------- packages.nix | 22 ---------------------- packages/overlays.nix | 12 ++++++++++++ 4 files changed, 20 insertions(+), 43 deletions(-) delete mode 100644 overlays.nix delete mode 100644 packages.nix create mode 100644 packages/overlays.nix diff --git a/flake.nix b/flake.nix index ca1a349..a4126cb 100644 --- a/flake.nix +++ b/flake.nix @@ -60,6 +60,7 @@ inputs@{ flake-parts, import-tree, ... }: let aspectsModule = import-tree ./aspects; + packagesModule = import-tree ./packages; in flake-parts.lib.mkFlake { inherit inputs; } { systems = [ @@ -69,12 +70,12 @@ imports = [ flake-parts.flakeModules.modules - ] ++ aspectsModule.imports ++ [ - ./deploy.nix - ./devShells.nix - ./overlays.nix - ./packages.nix - ./terranixConfigurations.nix - ]; + ] ++ aspectsModule.imports + ++ packagesModule.imports + ++ [ + ./deploy.nix + ./devShells.nix + ./terranixConfigurations.nix + ]; }; } diff --git a/overlays.nix b/overlays.nix deleted file mode 100644 index b8f807f..0000000 --- a/overlays.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ inputs, ... }: - -{ - flake.overlays = { - default = final: prev: { - base16-schemes = inputs.self.packages.${final.system}.base16-schemes; - claude-desktop = inputs.self.packages.${final.system}.claude-desktop; - fastfetch = inputs.self.packages.${final.system}.fastfetch; - hm-cli = inputs.self.packages.${final.system}.hm-cli; - kwrite = inputs.self.packages.${final.system}.kwrite; - toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; - }; - }; -} diff --git a/packages.nix b/packages.nix deleted file mode 100644 index bf0319e..0000000 --- a/packages.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ inputs, ... }: - -{ - perSystem = - { system, ... }: - let - pkgs = import inputs.nixpkgs { - inherit system; - config.allowUnfree = true; - }; - in - { - packages = { - base16-schemes = pkgs.callPackage ./packages/base16-schemes.nix { }; - claude-desktop = pkgs.callPackage ./packages/claude-desktop.nix { }; - fastfetch = pkgs.callPackage ./packages/fastfetch.nix { }; - hm-cli = pkgs.callPackage ./packages/hm-cli.nix { }; - kwrite = pkgs.callPackage ./packages/kwrite.nix { }; - toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; - }; - }; -} diff --git a/packages/overlays.nix b/packages/overlays.nix new file mode 100644 index 0000000..dde58b6 --- /dev/null +++ b/packages/overlays.nix @@ -0,0 +1,12 @@ +{ inputs, ... }: + +{ + flake.overlays.default = final: prev: { + base16-schemes = inputs.self.packages.${final.system}.base16-schemes; + claude-desktop = inputs.self.packages.${final.system}.claude-desktop; + fastfetch = inputs.self.packages.${final.system}.fastfetch; + hm-cli = inputs.self.packages.${final.system}.hm-cli; + kwrite = inputs.self.packages.${final.system}.kwrite; + toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; + }; +} From 124d414359468f37f4d80190e23dfc789297945f Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 08:08:59 -0300 Subject: [PATCH 23/75] packages/overlays: use builtins.readDir for dynamic package discovery Instead of manually listing packages, the overlay now reads the packages/ directory and automatically includes all .nix files (except overlays.nix itself) as overlay attributes. This makes adding new packages simpler - just add the file and it will automatically be included in the overlay. Co-Authored-By: Claude Opus 4.5 --- packages/overlays.nix | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/packages/overlays.nix b/packages/overlays.nix index dde58b6..a36ed60 100644 --- a/packages/overlays.nix +++ b/packages/overlays.nix @@ -1,12 +1,22 @@ { inputs, ... }: +let + packageDir = builtins.readDir ./.; + + # Filter to .nix files, excluding overlays.nix + isPackageFile = name: + name != "overlays.nix" && builtins.match ".*\\.nix$" name != null; + + # Extract package name from filename (e.g., "foo-bar.nix" -> "foo-bar") + toPackageName = filename: + builtins.head (builtins.match "(.+)\\.nix$" filename); + + packageNames = map toPackageName (builtins.filter isPackageFile (builtins.attrNames packageDir)); +in { - flake.overlays.default = final: prev: { - base16-schemes = inputs.self.packages.${final.system}.base16-schemes; - claude-desktop = inputs.self.packages.${final.system}.claude-desktop; - fastfetch = inputs.self.packages.${final.system}.fastfetch; - hm-cli = inputs.self.packages.${final.system}.hm-cli; - kwrite = inputs.self.packages.${final.system}.kwrite; - toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; - }; + flake.overlays.default = final: prev: + builtins.listToAttrs (map (name: { + inherit name; + value = inputs.self.packages.${final.system}.${name}; + }) packageNames); } From f8478a75ebc2533e67e86a1ce4b0da93ecc69357 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 08:11:55 -0300 Subject: [PATCH 24/75] shells: convert to self-contained flake-parts module Move devShells.nix to shells/default.nix as a flake-parts module and use import-tree for automatic module discovery. Co-Authored-By: Claude Opus 4.5 --- flake.nix | 3 ++- devShells.nix => shells/default.nix | 0 2 files changed, 2 insertions(+), 1 deletion(-) rename devShells.nix => shells/default.nix (100%) diff --git a/flake.nix b/flake.nix index a4126cb..2cbb189 100644 --- a/flake.nix +++ b/flake.nix @@ -61,6 +61,7 @@ let aspectsModule = import-tree ./aspects; packagesModule = import-tree ./packages; + shellsModule = import-tree ./shells; in flake-parts.lib.mkFlake { inherit inputs; } { systems = [ @@ -72,9 +73,9 @@ flake-parts.flakeModules.modules ] ++ aspectsModule.imports ++ packagesModule.imports + ++ shellsModule.imports ++ [ ./deploy.nix - ./devShells.nix ./terranixConfigurations.nix ]; }; diff --git a/devShells.nix b/shells/default.nix similarity index 100% rename from devShells.nix rename to shells/default.nix From c7757c139f7a1f840c88ef5c9725c71fb335e95b Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 08:16:58 -0300 Subject: [PATCH 25/75] terranix: convert to self-contained flake-parts modules Each terranix configuration now exports its own flake output as a self-contained module. Flattened directory structure and removed centralized terranixConfigurations.nix in favor of import-tree. Co-Authored-By: Claude Opus 4.5 --- flake.nix | 3 +- terranix/baduhai.dev.nix | 115 +++++++++ terranix/cloudflare/baduhai.dev.nix | 94 -------- terranix/cloudflare/kernelpanic.space.nix | 0 terranix/kernelpanic.space.nix | 19 ++ terranix/oci/terminus.nix | 0 terranix/oci/trantor.nix | 258 -------------------- terranix/tailnet.nix | 59 +++++ terranix/tailscale/tailnet.nix | 43 ---- terranix/terminus.nix | 19 ++ terranix/trantor.nix | 274 ++++++++++++++++++++++ terranixConfigurations.nix | 27 --- 12 files changed, 488 insertions(+), 423 deletions(-) create mode 100644 terranix/baduhai.dev.nix delete mode 100644 terranix/cloudflare/baduhai.dev.nix delete mode 100644 terranix/cloudflare/kernelpanic.space.nix create mode 100644 terranix/kernelpanic.space.nix delete mode 100644 terranix/oci/terminus.nix delete mode 100644 terranix/oci/trantor.nix create mode 100644 terranix/tailnet.nix delete mode 100644 terranix/tailscale/tailnet.nix create mode 100644 terranix/terminus.nix create mode 100644 terranix/trantor.nix delete mode 100644 terranixConfigurations.nix diff --git a/flake.nix b/flake.nix index 2cbb189..c3fa2f6 100644 --- a/flake.nix +++ b/flake.nix @@ -62,6 +62,7 @@ aspectsModule = import-tree ./aspects; packagesModule = import-tree ./packages; shellsModule = import-tree ./shells; + terranixModule = import-tree ./terranix; in flake-parts.lib.mkFlake { inherit inputs; } { systems = [ @@ -74,9 +75,9 @@ ] ++ aspectsModule.imports ++ packagesModule.imports ++ shellsModule.imports + ++ terranixModule.imports ++ [ ./deploy.nix - ./terranixConfigurations.nix ]; }; } diff --git a/terranix/baduhai.dev.nix b/terranix/baduhai.dev.nix new file mode 100644 index 0000000..396ecf4 --- /dev/null +++ b/terranix/baduhai.dev.nix @@ -0,0 +1,115 @@ +# Required environment variables: +# CLOUDFLARE_API_TOKEN - API token with "Edit zone DNS" permissions +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + +{ inputs, ... }: + +{ + imports = [ inputs.terranix.flakeModule ]; + + perSystem = + { pkgs, ... }: + { + terranix.terranixConfigurations.cloudflare-baduhaidev = { + terraformWrapper.package = pkgs.opentofu; + modules = [ + ( + { config, lib, ... }: + + let + sharedData = import ../data/services.nix; + # Enrich services with host IPs + services = map ( + svc: + let + hostInfo = sharedData.hosts.${svc.host} or { }; + in + svc + // { + lanIP = hostInfo.lanIP or null; + tailscaleIP = hostInfo.tailscaleIP or null; + } + ) sharedData.services; + + # Helper to extract subdomain from full domain (e.g., "git.baduhai.dev" -> "git") + getSubdomain = domain: lib.head (lib.splitString "." domain); + + # Generate DNS records for services + # Public services point to trantor's public IP + # Private services point to their tailscale IP + mkServiceRecords = lib.listToAttrs ( + lib.imap0 ( + i: svc: + let + subdomain = getSubdomain svc.domain; + targetIP = + if svc.public or false then + config.data.terraform_remote_state.trantor "outputs.instance_public_ip" + else + svc.tailscaleIP; + in + { + name = "service_${toString i}"; + value = { + zone_id = config.variable.zone_id.default; + name = subdomain; + type = "A"; + content = targetIP; + proxied = false; + ttl = 3600; + }; + } + ) services + ); + in + + { + terraform.required_providers.cloudflare = { + source = "cloudflare/cloudflare"; + version = "~> 5.0"; + }; + + terraform.backend.s3 = { + bucket = "terraform-state"; + key = "cloudflare/baduhai.dev.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + + variable = { + zone_id = { + default = "c63a8332fdddc4a8e5612ddc54557044"; + type = "string"; + }; + }; + + data = { + terraform_remote_state.trantor = { + backend = "s3"; + config = { + bucket = "terraform-state"; + key = "oci/trantor.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + }; + }; + + resource.cloudflare_dns_record = mkServiceRecords; + } + ) + ]; + }; + }; +} diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix deleted file mode 100644 index 185e5bd..0000000 --- a/terranix/cloudflare/baduhai.dev.nix +++ /dev/null @@ -1,94 +0,0 @@ -# Required environment variables: -# CLOUDFLARE_API_TOKEN - API token with "Edit zone DNS" permissions -# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage -# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage - -{ config, lib, ... }: - -let - sharedData = import ../../data/services.nix; - # Enrich services with host IPs - services = map (svc: - let hostInfo = sharedData.hosts.${svc.host} or {}; - in svc // { - lanIP = hostInfo.lanIP or null; - tailscaleIP = hostInfo.tailscaleIP or null; - } - ) sharedData.services; - - # Helper to extract subdomain from full domain (e.g., "git.baduhai.dev" -> "git") - getSubdomain = domain: lib.head (lib.splitString "." domain); - - # Generate DNS records for services - # Public services point to trantor's public IP - # Private services point to their tailscale IP - mkServiceRecords = lib.listToAttrs ( - lib.imap0 ( - i: svc: - let - subdomain = getSubdomain svc.domain; - targetIP = - if svc.public or false then - config.data.terraform_remote_state.trantor "outputs.instance_public_ip" - else - svc.tailscaleIP; - in - { - name = "service_${toString i}"; - value = { - zone_id = config.variable.zone_id.default; - name = subdomain; - type = "A"; - content = targetIP; - proxied = false; - ttl = 3600; - }; - } - ) services - ); -in - -{ - terraform.required_providers.cloudflare = { - source = "cloudflare/cloudflare"; - version = "~> 5.0"; - }; - - terraform.backend.s3 = { - bucket = "terraform-state"; - key = "cloudflare/baduhai.dev.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - - variable = { - zone_id = { - default = "c63a8332fdddc4a8e5612ddc54557044"; - type = "string"; - }; - }; - - data = { - terraform_remote_state.trantor = { - backend = "s3"; - config = { - bucket = "terraform-state"; - key = "oci/trantor.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - }; - }; - - resource.cloudflare_dns_record = mkServiceRecords; -} diff --git a/terranix/cloudflare/kernelpanic.space.nix b/terranix/cloudflare/kernelpanic.space.nix deleted file mode 100644 index e69de29..0000000 diff --git a/terranix/kernelpanic.space.nix b/terranix/kernelpanic.space.nix new file mode 100644 index 0000000..e3bfe72 --- /dev/null +++ b/terranix/kernelpanic.space.nix @@ -0,0 +1,19 @@ +# Cloudflare kernelpanic.space configuration placeholder +{ inputs, ... }: + +{ + imports = [ inputs.terranix.flakeModule ]; + + perSystem = + { pkgs, ... }: + { + terranix.terranixConfigurations.cloudflare-kernelpanicspace = { + terraformWrapper.package = pkgs.opentofu; + modules = [ + ({ config, ... }: { + # Terraform config goes here + }) + ]; + }; + }; +} diff --git a/terranix/oci/terminus.nix b/terranix/oci/terminus.nix deleted file mode 100644 index e69de29..0000000 diff --git a/terranix/oci/trantor.nix b/terranix/oci/trantor.nix deleted file mode 100644 index 170ad04..0000000 --- a/terranix/oci/trantor.nix +++ /dev/null @@ -1,258 +0,0 @@ -# Required environment variables: -# instead of OCI variables, ~/.oci/config may also be used -# OCI_TENANCY_OCID - Oracle tenancy OCID (or use TF_VAR_* to override variables) -# OCI_USER_OCID - Oracle user OCID -# OCI_FINGERPRINT - API key fingerprint -# OCI_PRIVATE_KEY_PATH - Path to OCI API private key -# AWS variables are required -# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage -# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage - -{ config, ... }: - -{ - terraform.required_providers.oci = { - source = "oracle/oci"; - version = "~> 7.0"; - }; - - provider.oci.region = "sa-saopaulo-1"; - - terraform.backend.s3 = { - bucket = "terraform-state"; - key = "oci/trantor.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - - variable = { - tenancy_ocid = { - default = "ocid1.tenancy.oc1..aaaaaaaap3vfdz4piygqza6e6zqunbcuso43ddqfo3ydmpmnomidyghh7rvq"; - type = "string"; - }; - - compartment_name = { - default = "trantor"; - type = "string"; - }; - - vcn_cidr = { - default = "10.0.0.0/24"; - type = "string"; - }; - - instance_name = { - default = "trantor"; - type = "string"; - }; - - ssh_public_keys = { - default = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" - ]; - type = "list(string)"; - }; - }; - - data = { - oci_identity_availability_domains.ads = { - compartment_id = config.variable.tenancy_ocid.default; - }; - - oci_core_images.ubuntu_arm = { - compartment_id = config.variable.tenancy_ocid.default; - operating_system = "Canonical Ubuntu"; - operating_system_version = "24.04"; - shape = "VM.Standard.A1.Flex"; - sort_by = "TIMECREATED"; - sort_order = "DESC"; - }; - }; - - resource = { - oci_identity_compartment.trantor = { - compartment_id = config.variable.tenancy_ocid.default; - description = "trantor infrastructure compartment"; - name = config.variable.compartment_name.default; - }; - - oci_core_vcn.vcn = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - cidr_blocks = [ config.variable.vcn_cidr.default ]; - display_name = "trantor-vcn"; - dns_label = "trantor"; - }; - - oci_core_internet_gateway.ig = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - vcn_id = config.resource.oci_core_vcn.vcn "id"; - display_name = "trantor-ig"; - enabled = true; - }; - - oci_core_route_table.rt = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - vcn_id = config.resource.oci_core_vcn.vcn "id"; - display_name = "trantor-rt"; - - route_rules = [ - { - network_entity_id = config.resource.oci_core_internet_gateway.ig "id"; - destination = "0.0.0.0/0"; - destination_type = "CIDR_BLOCK"; - } - ]; - }; - - oci_core_security_list.sl = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - vcn_id = config.resource.oci_core_vcn.vcn "id"; - display_name = "trantor-sl"; - - egress_security_rules = [ - { - destination = "0.0.0.0/0"; - protocol = "all"; - stateless = false; - } - ]; - - ingress_security_rules = [ - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 22; - max = 22; - }; - } - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 80; - max = 80; - }; - } - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 443; - max = 443; - }; - } - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 25565; - max = 25565; - }; - } - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 19132; - max = 19133; - }; - } - { - protocol = "17"; # UDP - source = "0.0.0.0/0"; - stateless = false; - udp_options = { - min = 19132; - max = 19133; - }; - } - ]; - }; - - oci_core_subnet.subnet = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - vcn_id = config.resource.oci_core_vcn.vcn "id"; - cidr_block = config.variable.vcn_cidr.default; - display_name = "trantor-subnet"; - dns_label = "subnet"; - route_table_id = config.resource.oci_core_route_table.rt "id"; - security_list_ids = [ (config.resource.oci_core_security_list.sl "id") ]; - prohibit_public_ip_on_vnic = false; - }; - - oci_core_instance.trantor = { - availability_domain = config.data.oci_identity_availability_domains.ads "availability_domains[0].name"; - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - display_name = config.variable.instance_name.default; - shape = "VM.Standard.A1.Flex"; - - shape_config = { - ocpus = 2; - memory_in_gbs = 12; - }; - - source_details = { - source_type = "image"; - source_id = config.data.oci_core_images.ubuntu_arm "images[0].id"; - boot_volume_size_in_gbs = 100; - }; - - create_vnic_details = { - subnet_id = config.resource.oci_core_subnet.subnet "id"; - display_name = "trantor-vnic"; - assign_public_ip = true; - hostname_label = config.variable.instance_name.default; - }; - - metadata = { - ssh_authorized_keys = builtins.concatStringsSep "\n" config.variable.ssh_public_keys.default; - }; - - preserve_boot_volume = false; - }; - - oci_budget_budget.trantor_budget = { - compartment_id = config.variable.tenancy_ocid.default; - targets = [ (config.resource.oci_identity_compartment.trantor "id") ]; - amount = 1; - reset_period = "MONTHLY"; - display_name = "trantor-budget"; - description = "Monthly budget for trantor compartment"; - target_type = "COMPARTMENT"; - }; - - oci_budget_alert_rule.daily_spend_alert = { - budget_id = config.resource.oci_budget_budget.trantor_budget "id"; - type = "ACTUAL"; - threshold = 5; - threshold_type = "PERCENTAGE"; - display_name = "daily-spend-alert"; - recipients = "baduhai@proton.me"; - description = "Alert when daily spending exceeds $0.05"; - message = "Daily spending has exceeded $0.05 in the trantor compartment"; - }; - }; - - output = { - compartment_id = { - value = config.resource.oci_identity_compartment.trantor "id"; - }; - - instance_public_ip = { - value = config.resource.oci_core_instance.trantor "public_ip"; - }; - }; -} diff --git a/terranix/tailnet.nix b/terranix/tailnet.nix new file mode 100644 index 0000000..7bc55f2 --- /dev/null +++ b/terranix/tailnet.nix @@ -0,0 +1,59 @@ +# Required environment variables: +# TAILSCALE_API_KEY - Tailscale API key with appropriate permissions +# TAILSCALE_TAILNET - Your tailnet name (e.g., "user@example.com" or "example.org.github") +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + +{ inputs, ... }: + +{ + imports = [ inputs.terranix.flakeModule ]; + + perSystem = + { pkgs, ... }: + { + terranix.terranixConfigurations.tailscale-tailnet = { + terraformWrapper.package = pkgs.opentofu; + modules = [ + ( + { config, ... }: + { + terraform.required_providers.tailscale = { + source = "tailscale/tailscale"; + version = "~> 0.17"; + }; + + terraform.backend.s3 = { + bucket = "terraform-state"; + key = "tailscale/tailnet.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + + variable = { + trantor_tailscale_ip = { + default = "100.108.5.90"; + type = "string"; + }; + }; + + resource = { + tailscale_dns_nameservers.global = { + nameservers = [ + config.variable.trantor_tailscale_ip.default + "1.1.1.1" + "1.0.0.1" + ]; + }; + }; + } + ) + ]; + }; + }; +} diff --git a/terranix/tailscale/tailnet.nix b/terranix/tailscale/tailnet.nix deleted file mode 100644 index 929e79b..0000000 --- a/terranix/tailscale/tailnet.nix +++ /dev/null @@ -1,43 +0,0 @@ -# Required environment variables: -# TAILSCALE_API_KEY - Tailscale API key with appropriate permissions -# TAILSCALE_TAILNET - Your tailnet name (e.g., "user@example.com" or "example.org.github") -# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage -# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage - -{ config, ... }: - -{ - terraform.required_providers.tailscale = { - source = "tailscale/tailscale"; - version = "~> 0.17"; - }; - - terraform.backend.s3 = { - bucket = "terraform-state"; - key = "tailscale/tailnet.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - - variable = { - trantor_tailscale_ip = { - default = "100.108.5.90"; - type = "string"; - }; - }; - - resource = { - tailscale_dns_nameservers.global = { - nameservers = [ - config.variable.trantor_tailscale_ip.default - "1.1.1.1" - "1.0.0.1" - ]; - }; - }; -} diff --git a/terranix/terminus.nix b/terranix/terminus.nix new file mode 100644 index 0000000..25e227e --- /dev/null +++ b/terranix/terminus.nix @@ -0,0 +1,19 @@ +# OCI Terminus configuration placeholder +{ inputs, ... }: + +{ + imports = [ inputs.terranix.flakeModule ]; + + perSystem = + { pkgs, ... }: + { + terranix.terranixConfigurations.oci-terminus = { + terraformWrapper.package = pkgs.opentofu; + modules = [ + ({ config, ... }: { + # Terraform config goes here + }) + ]; + }; + }; +} diff --git a/terranix/trantor.nix b/terranix/trantor.nix new file mode 100644 index 0000000..0f1f9ba --- /dev/null +++ b/terranix/trantor.nix @@ -0,0 +1,274 @@ +# Required environment variables: +# instead of OCI variables, ~/.oci/config may also be used +# OCI_TENANCY_OCID - Oracle tenancy OCID (or use TF_VAR_* to override variables) +# OCI_USER_OCID - Oracle user OCID +# OCI_FINGERPRINT - API key fingerprint +# OCI_PRIVATE_KEY_PATH - Path to OCI API private key +# AWS variables are required +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + +{ inputs, ... }: + +{ + imports = [ inputs.terranix.flakeModule ]; + + perSystem = + { pkgs, ... }: + { + terranix.terranixConfigurations.oci-trantor = { + terraformWrapper.package = pkgs.opentofu; + modules = [ + ( + { config, ... }: + { + terraform.required_providers.oci = { + source = "oracle/oci"; + version = "~> 7.0"; + }; + + provider.oci.region = "sa-saopaulo-1"; + + terraform.backend.s3 = { + bucket = "terraform-state"; + key = "oci/trantor.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + + variable = { + tenancy_ocid = { + default = "ocid1.tenancy.oc1..aaaaaaaap3vfdz4piygqza6e6zqunbcuso43ddqfo3ydmpmnomidyghh7rvq"; + type = "string"; + }; + + compartment_name = { + default = "trantor"; + type = "string"; + }; + + vcn_cidr = { + default = "10.0.0.0/24"; + type = "string"; + }; + + instance_name = { + default = "trantor"; + type = "string"; + }; + + ssh_public_keys = { + default = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + ]; + type = "list(string)"; + }; + }; + + data = { + oci_identity_availability_domains.ads = { + compartment_id = config.variable.tenancy_ocid.default; + }; + + oci_core_images.ubuntu_arm = { + compartment_id = config.variable.tenancy_ocid.default; + operating_system = "Canonical Ubuntu"; + operating_system_version = "24.04"; + shape = "VM.Standard.A1.Flex"; + sort_by = "TIMECREATED"; + sort_order = "DESC"; + }; + }; + + resource = { + oci_identity_compartment.trantor = { + compartment_id = config.variable.tenancy_ocid.default; + description = "trantor infrastructure compartment"; + name = config.variable.compartment_name.default; + }; + + oci_core_vcn.vcn = { + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + cidr_blocks = [ config.variable.vcn_cidr.default ]; + display_name = "trantor-vcn"; + dns_label = "trantor"; + }; + + oci_core_internet_gateway.ig = { + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + display_name = "trantor-ig"; + enabled = true; + }; + + oci_core_route_table.rt = { + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + display_name = "trantor-rt"; + + route_rules = [ + { + network_entity_id = config.resource.oci_core_internet_gateway.ig "id"; + destination = "0.0.0.0/0"; + destination_type = "CIDR_BLOCK"; + } + ]; + }; + + oci_core_security_list.sl = { + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + display_name = "trantor-sl"; + + egress_security_rules = [ + { + destination = "0.0.0.0/0"; + protocol = "all"; + stateless = false; + } + ]; + + ingress_security_rules = [ + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 22; + max = 22; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 80; + max = 80; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 443; + max = 443; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 25565; + max = 25565; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 19132; + max = 19133; + }; + } + { + protocol = "17"; # UDP + source = "0.0.0.0/0"; + stateless = false; + udp_options = { + min = 19132; + max = 19133; + }; + } + ]; + }; + + oci_core_subnet.subnet = { + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + cidr_block = config.variable.vcn_cidr.default; + display_name = "trantor-subnet"; + dns_label = "subnet"; + route_table_id = config.resource.oci_core_route_table.rt "id"; + security_list_ids = [ (config.resource.oci_core_security_list.sl "id") ]; + prohibit_public_ip_on_vnic = false; + }; + + oci_core_instance.trantor = { + availability_domain = config.data.oci_identity_availability_domains.ads "availability_domains[0].name"; + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + display_name = config.variable.instance_name.default; + shape = "VM.Standard.A1.Flex"; + + shape_config = { + ocpus = 2; + memory_in_gbs = 12; + }; + + source_details = { + source_type = "image"; + source_id = config.data.oci_core_images.ubuntu_arm "images[0].id"; + boot_volume_size_in_gbs = 100; + }; + + create_vnic_details = { + subnet_id = config.resource.oci_core_subnet.subnet "id"; + display_name = "trantor-vnic"; + assign_public_ip = true; + hostname_label = config.variable.instance_name.default; + }; + + metadata = { + ssh_authorized_keys = builtins.concatStringsSep "\n" config.variable.ssh_public_keys.default; + }; + + preserve_boot_volume = false; + }; + + oci_budget_budget.trantor_budget = { + compartment_id = config.variable.tenancy_ocid.default; + targets = [ (config.resource.oci_identity_compartment.trantor "id") ]; + amount = 1; + reset_period = "MONTHLY"; + display_name = "trantor-budget"; + description = "Monthly budget for trantor compartment"; + target_type = "COMPARTMENT"; + }; + + oci_budget_alert_rule.daily_spend_alert = { + budget_id = config.resource.oci_budget_budget.trantor_budget "id"; + type = "ACTUAL"; + threshold = 5; + threshold_type = "PERCENTAGE"; + display_name = "daily-spend-alert"; + recipients = "baduhai@proton.me"; + description = "Alert when daily spending exceeds $0.05"; + message = "Daily spending has exceeded $0.05 in the trantor compartment"; + }; + }; + + output = { + compartment_id = { + value = config.resource.oci_identity_compartment.trantor "id"; + }; + + instance_public_ip = { + value = config.resource.oci_core_instance.trantor "public_ip"; + }; + }; + } + ) + ]; + }; + }; +} diff --git a/terranixConfigurations.nix b/terranixConfigurations.nix deleted file mode 100644 index 12c90d1..0000000 --- a/terranixConfigurations.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ - inputs.terranix.flakeModule - ]; - - perSystem = - { pkgs, ... }: - - { - terranix.terranixConfigurations = { - oci-trantor = { - modules = [ ./terranix/oci/trantor.nix ]; - terraformWrapper.package = pkgs.opentofu; - }; - cloudflare-baduhaidev = { - modules = [ ./terranix/cloudflare/baduhai.dev.nix ]; - terraformWrapper.package = pkgs.opentofu; - }; - tailscale-tailnet = { - modules = [ ./terranix/tailscale/tailnet.nix ]; - terraformWrapper.package = pkgs.opentofu; - }; - }; - }; -} From 4bbf14f7505809fb3029c91cc5d88a07369c8d69 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 08:18:49 -0300 Subject: [PATCH 26/75] terranix: import flakeModule once in flake.nix Fixes duplicate module declaration error by importing terranix flakeModule once at the top level instead of in each config file. Co-Authored-By: Claude Opus 4.5 --- flake.nix | 1 + terranix/baduhai.dev.nix | 4 +--- terranix/kernelpanic.space.nix | 4 +--- terranix/tailnet.nix | 4 +--- terranix/terminus.nix | 4 +--- terranix/trantor.nix | 4 +--- 6 files changed, 6 insertions(+), 15 deletions(-) diff --git a/flake.nix b/flake.nix index c3fa2f6..f995bad 100644 --- a/flake.nix +++ b/flake.nix @@ -72,6 +72,7 @@ imports = [ flake-parts.flakeModules.modules + inputs.terranix.flakeModule ] ++ aspectsModule.imports ++ packagesModule.imports ++ shellsModule.imports diff --git a/terranix/baduhai.dev.nix b/terranix/baduhai.dev.nix index 396ecf4..cea9f22 100644 --- a/terranix/baduhai.dev.nix +++ b/terranix/baduhai.dev.nix @@ -3,11 +3,9 @@ # AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage # AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage -{ inputs, ... }: +{ ... }: { - imports = [ inputs.terranix.flakeModule ]; - perSystem = { pkgs, ... }: { diff --git a/terranix/kernelpanic.space.nix b/terranix/kernelpanic.space.nix index e3bfe72..01e5c08 100644 --- a/terranix/kernelpanic.space.nix +++ b/terranix/kernelpanic.space.nix @@ -1,9 +1,7 @@ # Cloudflare kernelpanic.space configuration placeholder -{ inputs, ... }: +{ ... }: { - imports = [ inputs.terranix.flakeModule ]; - perSystem = { pkgs, ... }: { diff --git a/terranix/tailnet.nix b/terranix/tailnet.nix index 7bc55f2..4e01ab9 100644 --- a/terranix/tailnet.nix +++ b/terranix/tailnet.nix @@ -4,11 +4,9 @@ # AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage # AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage -{ inputs, ... }: +{ ... }: { - imports = [ inputs.terranix.flakeModule ]; - perSystem = { pkgs, ... }: { diff --git a/terranix/terminus.nix b/terranix/terminus.nix index 25e227e..7a0fa5b 100644 --- a/terranix/terminus.nix +++ b/terranix/terminus.nix @@ -1,9 +1,7 @@ # OCI Terminus configuration placeholder -{ inputs, ... }: +{ ... }: { - imports = [ inputs.terranix.flakeModule ]; - perSystem = { pkgs, ... }: { diff --git a/terranix/trantor.nix b/terranix/trantor.nix index 0f1f9ba..5f19e22 100644 --- a/terranix/trantor.nix +++ b/terranix/trantor.nix @@ -8,11 +8,9 @@ # AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage # AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage -{ inputs, ... }: +{ ... }: { - imports = [ inputs.terranix.flakeModule ]; - perSystem = { pkgs, ... }: { From ab69b26b40dbba3345aa3c1ab60df6c468d900ff Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 08:21:02 -0300 Subject: [PATCH 27/75] this shouldn't ever have been commited --- plan.md | 89 --------------------------------------------------------- 1 file changed, 89 deletions(-) delete mode 100644 plan.md diff --git a/plan.md b/plan.md deleted file mode 100644 index af88fb9..0000000 --- a/plan.md +++ /dev/null @@ -1,89 +0,0 @@ -# Current structure: - -``` - hosts -├──  alexandria -│ ├──  hardware-configuration.nix -│ ├──  jellyfin.nix -│ ├──  kanidm.nix -│ ├──  nextcloud.nix -│ ├──  nginx.nix -│ ├──  unbound.nix -│ └──  vaultwarden.nix -├──  io -│ ├──  boot.nix -│ ├──  disko.nix -│ ├──  hardware-configuration.nix -│ ├──  programs.nix -│ └──  services.nix -├──  modules -│ ├──  common -│ │ ├──  boot.nix -│ │ ├──  console.nix -│ │ ├──  firewall.nix -│ │ ├──  locale.nix -│ │ ├──  nix.nix -│ │ ├──  openssh.nix -│ │ ├──  programs.nix -│ │ ├──  security.nix -│ │ ├──  services.nix -│ │ ├──  tailscale.nix -│ │ └──  users.nix -│ ├──  desktop -│ │ ├──  boot.nix -│ │ ├──  desktop.nix -│ │ ├──  nix.nix -│ │ └──  services.nix -│ ├──  server -│ │ ├──  boot.nix -│ │ ├──  nix.nix -│ │ └──  tailscale.nix -│ ├──  ai.nix -│ ├──  bluetooth.nix -│ ├──  dev.nix -│ ├──  ephemeral.nix -│ ├──  fwupd.nix -│ ├──  gaming.nix -│ ├──  libvirtd.nix -│ ├──  networkmanager.nix -│ └──  podman.nix -├──  rotterdam -│ ├──  boot.nix -│ ├──  hardware-configuration.nix -│ ├──  hardware.nix -│ ├──  programs.nix -│ └──  services.nix -└──  trantor - ├──  boot.nix - ├──  disko.nix - ├──  fail2ban.nix - ├──  forgejo.nix - ├──  hardware-configuration.nix - ├──  networking.nix - ├──  nginx.nix - ├──  openssh.nix - └──  unbound.nix - modules -└──  ephemeral.nix - users -├──  modules -│ ├──  common -│ │ ├──  bash.nix -│ │ ├──  fish.nix -│ │ └──  hm-cli.nix -│ ├──  desktop -│ │ ├──  desktop.nix -│ │ └──  niri.nix -│ ├──  btop.nix -│ ├──  comma.nix -│ ├──  direnv.nix -│ ├──  gaming.nix -│ ├──  helix.nix -│ ├──  obs-studio.nix -│ ├──  starship.nix -│ ├──  stylix.nix -│ └──  tmux.nix -└──  user - └──  git.nix -``` - From d83172f48758bb768def8b7d665fd414b8b2359b Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 09:31:14 -0300 Subject: [PATCH 28/75] eza uses --git by default --- aspects/common/programs.nix | 70 +++++++++++++++++++------------------ 1 file changed, 36 insertions(+), 34 deletions(-) diff --git a/aspects/common/programs.nix b/aspects/common/programs.nix index a3233e9..7d12f09 100644 --- a/aspects/common/programs.nix +++ b/aspects/common/programs.nix @@ -1,41 +1,43 @@ { ... }: { - flake.modules.nixos.common-programs = { lib, pkgs, ... }: { - environment = { - systemPackages = with pkgs; [ - ### Dev Tools ### - git - ### System Utilities ### - btop - fastfetch - helix - nixos-firewall-tool - nvd - sysz - tmux - wget - yazi - ]; - shellAliases = { - cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; - ls = "${lib.getExe pkgs.eza} --icons --group-directories-first"; - tree = "ls --tree"; + flake.modules.nixos.common-programs = + { lib, pkgs, ... }: + { + environment = { + systemPackages = with pkgs; [ + ### Dev Tools ### + git + ### System Utilities ### + btop + fastfetch + helix + nixos-firewall-tool + nvd + sysz + tmux + wget + yazi + ]; + shellAliases = { + cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; + ls = "${lib.getExe pkgs.eza} --git --icons --group-directories-first"; + tree = "ls --tree"; + }; }; - }; - programs = { - command-not-found.enable = false; - fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - if set -q SSH_CONNECTION - export TERM=xterm-256color - clear - fastfetch - end - ''; + programs = { + command-not-found.enable = false; + fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + if set -q SSH_CONNECTION + export TERM=xterm-256color + clear + fastfetch + end + ''; + }; }; }; - }; } From c6fbd210097e7adb193b25ea410a058fae583f7b Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 09:33:55 -0300 Subject: [PATCH 29/75] move podmand security options to podman aspect --- aspects/common/security.nix | 9 ++++----- aspects/podman.nix | 29 +++++++++++++++++++---------- 2 files changed, 23 insertions(+), 15 deletions(-) diff --git a/aspects/common/security.nix b/aspects/common/security.nix index b63074b..2ad04a0 100644 --- a/aspects/common/security.nix +++ b/aspects/common/security.nix @@ -1,14 +1,13 @@ { ... }: { - flake.modules.nixos.common-security = { ... }: { - security = { - unprivilegedUsernsClone = true; # Needed for rootless podman - sudo = { + flake.modules.nixos.common-security = + { ... }: + { + security.sudo = { wheelNeedsPassword = false; extraConfig = '' Defaults lecture = never ''; }; }; - }; } diff --git a/aspects/podman.nix b/aspects/podman.nix index 04e7e04..6afa327 100644 --- a/aspects/podman.nix +++ b/aspects/podman.nix @@ -1,15 +1,24 @@ { ... }: { - flake.modules.nixos.podman = { config, lib, pkgs, ... }: { - virtualisation.podman = { - enable = true; - autoPrune.enable = true; - extraPackages = [ pkgs.podman-compose ]; - }; + flake.modules.nixos.podman = + { + config, + lib, + pkgs, + ... + }: + { + virtualisation.podman = { + enable = true; + autoPrune.enable = true; + extraPackages = [ pkgs.podman-compose ]; + }; - systemd = { - services.podman-auto-update.enable = true; - timers.podman-auto-update.enable = true; + security.unprivilegedUsernsClone = true; # Needed for rootless podman + + systemd = { + services.podman-auto-update.enable = true; + timers.podman-auto-update.enable = true; + }; }; - }; } From 0112637288a29a1eb11f5803e0d3ecc68a279374 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 09:49:52 -0300 Subject: [PATCH 30/75] move common/users.nix into users/ --- aspects/common/users.nix | 25 ------ aspects/hosts/alexandria.nix | 12 ++- aspects/hosts/io.nix | 12 ++- aspects/hosts/rotterdam.nix | 12 ++- aspects/hosts/trantor.nix | 12 ++- aspects/users/root.nix | 12 +++ aspects/users/user.nix | 169 ++++++++++++++++++++--------------- 7 files changed, 150 insertions(+), 104 deletions(-) delete mode 100644 aspects/common/users.nix create mode 100644 aspects/users/root.nix diff --git a/aspects/common/users.nix b/aspects/common/users.nix deleted file mode 100644 index e911663..0000000 --- a/aspects/common/users.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ ... }: -{ - flake.modules.nixos.common-users = { pkgs, ... }: { - users.users = { - user = { - isNormalUser = true; - shell = pkgs.fish; - extraGroups = [ - "networkmanager" - "wheel" - ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" - ]; - hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; - }; - root = { - shell = pkgs.fish; - hashedPassword = "!"; - }; - }; - }; -} diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index 28a367d..83304b1 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -6,7 +6,12 @@ modules = [ inputs.agenix.nixosModules.default { networking.hostName = "alexandria"; } - { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } # Common aspects (always included) inputs.self.modules.nixos.common-boot @@ -19,7 +24,10 @@ inputs.self.modules.nixos.common-security inputs.self.modules.nixos.common-services inputs.self.modules.nixos.common-tailscale - inputs.self.modules.nixos.common-users + + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root # Server aspects inputs.self.modules.nixos.server-boot diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix index 1d7f15a..6e5b237 100644 --- a/aspects/hosts/io.nix +++ b/aspects/hosts/io.nix @@ -6,7 +6,12 @@ modules = [ inputs.agenix.nixosModules.default { networking.hostName = "io"; } - { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } # Common aspects (always included) inputs.self.modules.nixos.common-boot @@ -19,7 +24,10 @@ inputs.self.modules.nixos.common-security inputs.self.modules.nixos.common-services inputs.self.modules.nixos.common-tailscale - inputs.self.modules.nixos.common-users + + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root # Desktop aspects inputs.self.modules.nixos.desktop-boot diff --git a/aspects/hosts/rotterdam.nix b/aspects/hosts/rotterdam.nix index e9d3f18..76ffbb0 100644 --- a/aspects/hosts/rotterdam.nix +++ b/aspects/hosts/rotterdam.nix @@ -6,7 +6,12 @@ modules = [ inputs.agenix.nixosModules.default { networking.hostName = "rotterdam"; } - { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } # Common aspects (always included) inputs.self.modules.nixos.common-boot @@ -19,7 +24,10 @@ inputs.self.modules.nixos.common-security inputs.self.modules.nixos.common-services inputs.self.modules.nixos.common-tailscale - inputs.self.modules.nixos.common-users + + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root # Desktop aspects inputs.self.modules.nixos.desktop-boot diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix index 646cc73..c43c6f2 100644 --- a/aspects/hosts/trantor.nix +++ b/aspects/hosts/trantor.nix @@ -6,7 +6,12 @@ modules = [ inputs.agenix.nixosModules.default { networking.hostName = "trantor"; } - { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } # Common aspects (always included) inputs.self.modules.nixos.common-boot @@ -19,7 +24,10 @@ inputs.self.modules.nixos.common-security inputs.self.modules.nixos.common-services inputs.self.modules.nixos.common-tailscale - inputs.self.modules.nixos.common-users + + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root # Server aspects inputs.self.modules.nixos.server-boot diff --git a/aspects/users/root.nix b/aspects/users/root.nix new file mode 100644 index 0000000..18b70eb --- /dev/null +++ b/aspects/users/root.nix @@ -0,0 +1,12 @@ +{ ... }: + +{ + flake.modules.nixos.root = + { pkgs, ... }: + { + users.root = { + shell = pkgs.fish; + hashedPassword = "!"; + }; + }; +} diff --git a/aspects/users/user.nix b/aspects/users/user.nix index 5130abf..050b1a5 100644 --- a/aspects/users/user.nix +++ b/aspects/users/user.nix @@ -1,91 +1,118 @@ -# aspects/users/user.nix { inputs, ... }: + { - flake.homeConfigurations = { - "user@rotterdam" = inputs.home-manager.lib.homeManagerConfiguration { - pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = { inherit inputs; hostname = "rotterdam"; }; - modules = [ - { nixpkgs.overlays = [ inputs.self.overlays.default ]; } + flake = { + modules.nixos.user = + { pkgs, ... }: + { + users.users.user = { + isNormalUser = true; + shell = pkgs.fish; + extraGroups = [ + "networkmanager" + "wheel" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + ]; + hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; + }; + }; - # CLI aspects (common module included) - inputs.self.modules.homeManager.cli-base - inputs.self.modules.homeManager.cli-btop - inputs.self.modules.homeManager.cli-comma - inputs.self.modules.homeManager.cli-direnv - inputs.self.modules.homeManager.cli-helix - inputs.self.modules.homeManager.cli-starship - inputs.self.modules.homeManager.cli-tmux + homeConfigurations = { + "user@rotterdam" = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { + inherit inputs; + hostname = "rotterdam"; + }; + modules = [ + { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - # Shell - inputs.self.modules.homeManager.shell-fish - inputs.self.modules.homeManager.shell-bash + # CLI aspects (common module included) + inputs.self.modules.homeManager.cli-base + inputs.self.modules.homeManager.cli-btop + inputs.self.modules.homeManager.cli-comma + inputs.self.modules.homeManager.cli-direnv + inputs.self.modules.homeManager.cli-helix + inputs.self.modules.homeManager.cli-starship + inputs.self.modules.homeManager.cli-tmux - # Desktop - inputs.self.modules.homeManager.desktop-desktop - inputs.self.modules.homeManager.desktop-niri + # Shell + inputs.self.modules.homeManager.shell-fish + inputs.self.modules.homeManager.shell-bash - # Gaming - inputs.self.modules.homeManager.gaming-mangohud + # Desktop + inputs.self.modules.homeManager.desktop-desktop + inputs.self.modules.homeManager.desktop-niri - # Programs - inputs.self.modules.homeManager.programs-media # for obs-studio + # Gaming + inputs.self.modules.homeManager.gaming-mangohud - # Stylix - inputs.self.modules.homeManager.stylix + # Programs + inputs.self.modules.homeManager.programs-media # for obs-studio - # User-specific (from _user/) - ./_user/git.nix + # Stylix + inputs.self.modules.homeManager.stylix - # Home configuration - { - home = { - username = "user"; - homeDirectory = "/home/user"; - stateVersion = "22.05"; - }; - } - ]; - }; + # User-specific (from _user/) + ./_user/git.nix - "user@io" = inputs.home-manager.lib.homeManagerConfiguration { - pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = { inherit inputs; hostname = "io"; }; - modules = [ - { nixpkgs.overlays = [ inputs.self.overlays.default ]; } + # Home configuration + { + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + }; + } + ]; + }; - # CLI aspects (common module included) - inputs.self.modules.homeManager.cli-base - inputs.self.modules.homeManager.cli-btop - inputs.self.modules.homeManager.cli-comma - inputs.self.modules.homeManager.cli-direnv - inputs.self.modules.homeManager.cli-helix - inputs.self.modules.homeManager.cli-starship - inputs.self.modules.homeManager.cli-tmux + "user@io" = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { + inherit inputs; + hostname = "io"; + }; + modules = [ + { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - # Shell - inputs.self.modules.homeManager.shell-fish - inputs.self.modules.homeManager.shell-bash + # CLI aspects (common module included) + inputs.self.modules.homeManager.cli-base + inputs.self.modules.homeManager.cli-btop + inputs.self.modules.homeManager.cli-comma + inputs.self.modules.homeManager.cli-direnv + inputs.self.modules.homeManager.cli-helix + inputs.self.modules.homeManager.cli-starship + inputs.self.modules.homeManager.cli-tmux - # Desktop - inputs.self.modules.homeManager.desktop-desktop - inputs.self.modules.homeManager.desktop-niri + # Shell + inputs.self.modules.homeManager.shell-fish + inputs.self.modules.homeManager.shell-bash - # Stylix - inputs.self.modules.homeManager.stylix + # Desktop + inputs.self.modules.homeManager.desktop-desktop + inputs.self.modules.homeManager.desktop-niri - # User-specific (from _user/) - ./_user/git.nix + # Stylix + inputs.self.modules.homeManager.stylix - # Home configuration - { - home = { - username = "user"; - homeDirectory = "/home/user"; - stateVersion = "22.05"; - }; - } - ]; + # User-specific (from _user/) + ./_user/git.nix + + # Home configuration + { + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + }; + } + ]; + }; }; }; } From 6d28510dcaa41d4c193e80531152035ed3100e01 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 10:00:06 -0300 Subject: [PATCH 31/75] reformat programs --- aspects/programs/graphics.nix | 42 +++++++------- aspects/programs/media.nix | 42 +++++++------- aspects/programs/office.nix | 37 ++++++------ aspects/programs/utilities.nix | 101 ++++++++++++++++----------------- aspects/programs/web.nix | 31 +++++----- 5 files changed, 124 insertions(+), 129 deletions(-) diff --git a/aspects/programs/graphics.nix b/aspects/programs/graphics.nix index 1488125..4b7a16b 100644 --- a/aspects/programs/graphics.nix +++ b/aspects/programs/graphics.nix @@ -1,27 +1,25 @@ { ... }: { - flake.modules.nixos.programs-graphics = { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - # Image Editing - gimp - inkscape - # CAD & 3D Modeling - plasticity - ]; + flake.modules.nixos.programs-graphics = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + gimp + inkscape + plasticity + ]; - services.flatpak.packages = [ - # Vector Graphics - "com.boxy_svg.BoxySVG" - # 3D Printing / Slicing - rec { - appId = "io.github.softfever.OrcaSlicer"; - sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; - bundle = "${pkgs.fetchurl { - url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; - inherit sha256; - }}"; - } - ]; - }; + services.flatpak.packages = [ + "com.boxy_svg.BoxySVG" + rec { + appId = "io.github.softfever.OrcaSlicer"; + sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; + bundle = "${pkgs.fetchurl { + url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; + inherit sha256; + }}"; + } + ]; + }; } diff --git a/aspects/programs/media.nix b/aspects/programs/media.nix index 8b50b2e..7daaa87 100644 --- a/aspects/programs/media.nix +++ b/aspects/programs/media.nix @@ -2,28 +2,28 @@ { flake.modules = { - nixos.programs-media = { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - # Audio - decibels - # Video - showtime - # Image Viewer - loupe - # Recording & Streaming - obs-studio - ]; - }; - - homeManager.programs-media = { pkgs, ... }: { - programs.obs-studio = { - enable = true; - plugins = with pkgs.obs-studio-plugins; [ - obs-vkcapture - obs-backgroundremoval - obs-pipewire-audio-capture + nixos.programs-media = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + decibels + loupe + obs-studio + showtime ]; }; - }; + + homeManager.programs-media = + { pkgs, ... }: + { + programs.obs-studio = { + enable = true; + plugins = with pkgs.obs-studio-plugins; [ + obs-vkcapture + obs-backgroundremoval + obs-pipewire-audio-capture + ]; + }; + }; }; } diff --git a/aspects/programs/office.nix b/aspects/programs/office.nix index 1fc6817..c3349f3 100644 --- a/aspects/programs/office.nix +++ b/aspects/programs/office.nix @@ -1,25 +1,22 @@ { ... }: { - flake.modules.nixos.programs-office = { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - # Spelling - aspell - aspellDicts.de - aspellDicts.en - aspellDicts.en-computers - aspellDicts.pt_BR - # Document Viewing - papers - # Presentations - presenterm - # Note Taking & Drawing - rnote - ]; + flake.modules.nixos.programs-office = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + aspell + aspellDicts.de + aspellDicts.en + aspellDicts.en-computers + aspellDicts.pt_BR + papers + presenterm + rnote + ]; - services.flatpak.packages = [ - # Office Suite - "com.collabora.Office" - ]; - }; + services.flatpak.packages = [ + "com.collabora.Office" + ]; + }; } diff --git a/aspects/programs/utilities.nix b/aspects/programs/utilities.nix index 15b267f..4a207af 100644 --- a/aspects/programs/utilities.nix +++ b/aspects/programs/utilities.nix @@ -2,64 +2,61 @@ { flake.modules = { - nixos.programs-utilities = { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - # Terminal - ghostty - # File Management - nautilus - gnome-disk-utility - # Archive Tools - p7zip - unrar - # Cloud & Remote - rclone - # System Monitoring - mission-center - # Desktop Integration - adwaita-icon-theme - junction - libfido2 - toggleaudiosink - # Xwayland Support - xwayland-satellite - ]; + nixos.programs-utilities = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + ghostty + gnome-disk-utility + mission-center + nautilus + p7zip + rclone + unrar + # Desktop Integration + adwaita-icon-theme + junction + libfido2 + toggleaudiosink + # Xwayland Support + xwayland-satellite + ]; - services.flatpak.packages = [ - # Flatpak Management - "com.github.tchx84.Flatseal" - # Remote Desktop - "com.rustdesk.RustDesk" - ]; - }; + services.flatpak.packages = [ + "com.github.tchx84.Flatseal" + "com.rustdesk.RustDesk" + ]; + }; - homeManager.programs-utilities = { pkgs, ... }: { - programs = { - ghostty = { - enable = true; - settings = { - cursor-style = "block"; - shell-integration-features = "no-cursor"; - cursor-style-blink = false; - custom-shader = "${builtins.fetchurl { - url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; - sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; - }}"; - bell-features = ""; - gtk-titlebar-style = "tabs"; - keybind = [ "shift+enter=text:\\x1b\\r" ]; + homeManager.programs-utilities = + { pkgs, ... }: + { + programs = { + ghostty = { + enable = true; + settings = { + cursor-style = "block"; + shell-integration-features = "no-cursor"; + cursor-style-blink = false; + custom-shader = "${builtins.fetchurl { + url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; + sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; + }}"; + bell-features = ""; + gtk-titlebar-style = "tabs"; + keybind = [ "shift+enter=text:\\x1b\\r" ]; + }; + }; + + password-store = { + enable = true; + package = pkgs.pass-wayland; }; }; - password-store = { - enable = true; - package = pkgs.pass-wayland; + home.sessionVariables = { + TERMINAL = "ghostty"; }; }; - - home.sessionVariables = { - TERMINAL = "ghostty"; - }; - }; }; } diff --git a/aspects/programs/web.nix b/aspects/programs/web.nix index cc3753b..a11ca57 100644 --- a/aspects/programs/web.nix +++ b/aspects/programs/web.nix @@ -1,18 +1,21 @@ { ... }: { - flake.modules.nixos.programs-web = { inputs, pkgs, system, ... }: { - environment.systemPackages = with pkgs; [ - # Browsers - inputs.zen-browser.packages."${system}".default - tor-browser - # Communication - vesktop - # Cloud & Sync - bitwarden-desktop - nextcloud-client - # Downloads - fragments - ]; - }; + flake.modules.nixos.programs-web = + { + inputs, + pkgs, + system, + ... + }: + { + environment.systemPackages = with pkgs; [ + inputs.zen-browser.packages."${system}".default + bitwarden-desktop + fragments + nextcloud-client + tor-browser + vesktop + ]; + }; } From d482fd06945b6c3422b998552472cff21e6dde0e Mon Sep 17 00:00:00 2001 From: William Date: Sun, 8 Feb 2026 14:02:12 -0300 Subject: [PATCH 32/75] flake file rearranging --- flake.nix | 57 +++++++++++++++++++++++++------------------------------ 1 file changed, 26 insertions(+), 31 deletions(-) diff --git a/flake.nix b/flake.nix index f995bad..482ebea 100644 --- a/flake.nix +++ b/flake.nix @@ -2,58 +2,52 @@ description = "My nix hosts"; inputs = { + # nix tools flake-parts.url = "github:hercules-ci/flake-parts"; import-tree.url = "github:vic/import-tree"; + # nixos/hm nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11"; - home-manager = { url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; }; + # nixos/hm functionality modules agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs-stable"; }; - disko.url = "github:nix-community/disko"; - - noctalia = { - url = "github:noctalia-dev/noctalia-shell"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - + impermanence.url = "github:nix-community/impermanence"; + nixos-cli.url = "github:nix-community/nixos-cli"; + nix-flatpak.url = "github:gmodena/nix-flatpak/main"; stylix.url = "github:danth/stylix"; - nixos-cli.url = "github:nix-community/nixos-cli"; - - nix-flatpak.url = "github:gmodena/nix-flatpak/main"; - - zen-browser.url = "github:0xc000022070/zen-browser-flake"; - - impermanence.url = "github:nix-community/impermanence"; - - deploy-rs.url = "github:serokell/deploy-rs"; - + # nixos/hm program modules niri-flake.url = "github:sodiboo/niri-flake"; - - niri.url = "github:baduhai/niri/auto-center-when-space-available"; - + nix-ai-tools.url = "github:numtide/llm-agents.nix"; nix-index-database = { url = "github:nix-community/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; }; + noctalia = { + url = "github:noctalia-dev/noctalia-shell"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + vicinae.url = "github:vicinaehq/vicinae"; + zen-browser.url = "github:0xc000022070/zen-browser-flake"; + # stand-alone tools + deploy-rs.url = "github:serokell/deploy-rs"; terranix = { url = "github:terranix/terranix"; inputs.nixpkgs.follows = "nixpkgs"; }; - nix-ai-tools.url = "github:numtide/llm-agents.nix"; - - vicinae.url = "github:vicinaehq/vicinae"; + # others + niri.url = "github:baduhai/niri/auto-center-when-space-available"; }; outputs = @@ -73,12 +67,13 @@ imports = [ flake-parts.flakeModules.modules inputs.terranix.flakeModule - ] ++ aspectsModule.imports - ++ packagesModule.imports - ++ shellsModule.imports - ++ terranixModule.imports - ++ [ - ./deploy.nix - ]; + ] + ++ aspectsModule.imports + ++ packagesModule.imports + ++ shellsModule.imports + ++ terranixModule.imports + ++ [ + ./deploy.nix + ]; }; } From aac98fda2e7d555cea374996493f1bac305b9ac9 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 11 Feb 2026 18:07:31 -0300 Subject: [PATCH 33/75] move deploy outputs to self-contained aspects --- aspects/hosts/alexandria.nix | 94 ++++++++++++++++------------- aspects/hosts/io.nix | 111 +++++++++++++++++++---------------- aspects/hosts/trantor.nix | 102 +++++++++++++++++--------------- aspects/users/user.nix | 8 ++- deploy.nix | 48 --------------- flake.nix | 19 +++--- 6 files changed, 184 insertions(+), 198 deletions(-) delete mode 100644 deploy.nix diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index 83304b1..b63c370 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -1,50 +1,60 @@ -{ inputs, ... }: +{ inputs, self, ... }: { - flake.nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "alexandria"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } + flake = { + nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "alexandria"; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root - # Server aspects - inputs.self.modules.nixos.server-boot - inputs.self.modules.nixos.server-nix - inputs.self.modules.nixos.server-tailscale + # Server aspects + inputs.self.modules.nixos.server-boot + inputs.self.modules.nixos.server-nix + inputs.self.modules.nixos.server-tailscale - # Other aspects based on tags - inputs.self.modules.nixos.fwupd + # Other aspects based on tags + inputs.self.modules.nixos.fwupd - # Host-specific files (from _alexandria/) - ./_alexandria/hardware-configuration.nix - ./_alexandria/jellyfin.nix - ./_alexandria/kanidm.nix - ./_alexandria/nextcloud.nix - ./_alexandria/nginx.nix - ./_alexandria/unbound.nix - ./_alexandria/vaultwarden.nix - ]; + # Host-specific files (from _alexandria/) + ./_alexandria/hardware-configuration.nix + ./_alexandria/jellyfin.nix + ./_alexandria/kanidm.nix + ./_alexandria/nextcloud.nix + ./_alexandria/nginx.nix + ./_alexandria/unbound.nix + ./_alexandria/vaultwarden.nix + ]; + }; + deploy.nodes.alexandria = { + hostname = "alexandria"; + profiles.system = { + sshUser = "user"; + path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; + user = "root"; + }; + }; }; } diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix index 6e5b237..2b5f72f 100644 --- a/aspects/hosts/io.nix +++ b/aspects/hosts/io.nix @@ -1,59 +1,70 @@ -{ inputs, ... }: +{ inputs, self, ... }: { - flake.nixosConfigurations.io = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "io"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } + flake = { + nixosConfigurations.io = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "io"; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root - # Desktop aspects - inputs.self.modules.nixos.desktop-boot - inputs.self.modules.nixos.desktop-desktop - inputs.self.modules.nixos.desktop-nix - inputs.self.modules.nixos.desktop-services + # Desktop aspects + inputs.self.modules.nixos.desktop-boot + inputs.self.modules.nixos.desktop-desktop + inputs.self.modules.nixos.desktop-nix + inputs.self.modules.nixos.desktop-services - # Other aspects based on tags - inputs.self.modules.nixos.ai - inputs.self.modules.nixos.bluetooth - inputs.self.modules.nixos.dev - inputs.self.modules.nixos.libvirtd - inputs.self.modules.nixos.networkmanager - inputs.self.modules.nixos.podman + # Other aspects based on tags + inputs.self.modules.nixos.ai + inputs.self.modules.nixos.bluetooth + inputs.self.modules.nixos.dev + inputs.self.modules.nixos.libvirtd + inputs.self.modules.nixos.networkmanager + inputs.self.modules.nixos.podman - # Factory-generated ephemeral module - (inputs.self.factory.ephemeral { - rootDevice = "/dev/mapper/cryptroot"; - }) + # Factory-generated ephemeral module + (inputs.self.factory.ephemeral { + rootDevice = "/dev/mapper/cryptroot"; + }) - # Host-specific files (from _io/) - ./_io/hardware-configuration.nix - ./_io/disko.nix - ./_io/boot.nix - ./_io/programs.nix - ./_io/services.nix - ]; + # Host-specific files (from _io/) + ./_io/hardware-configuration.nix + ./_io/disko.nix + ./_io/boot.nix + ./_io/programs.nix + ./_io/services.nix + ]; + }; + deploy.nodes.io = { + hostname = "io"; + profiles.system = { + sshUser = "user"; + path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.io; + user = "root"; + remoteBuild = false; + }; + }; }; } diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix index c43c6f2..c806987 100644 --- a/aspects/hosts/trantor.nix +++ b/aspects/hosts/trantor.nix @@ -1,54 +1,64 @@ -{ inputs, ... }: +{ inputs, self, ... }: { - flake.nixosConfigurations.trantor = inputs.nixpkgs-stable.lib.nixosSystem { - system = "aarch64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "trantor"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } + flake = { + nixosConfigurations.trantor = inputs.nixpkgs-stable.lib.nixosSystem { + system = "aarch64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "trantor"; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root - # Server aspects - inputs.self.modules.nixos.server-boot - inputs.self.modules.nixos.server-nix - inputs.self.modules.nixos.server-tailscale + # Server aspects + inputs.self.modules.nixos.server-boot + inputs.self.modules.nixos.server-nix + inputs.self.modules.nixos.server-tailscale - # Factory-generated ephemeral module - (inputs.self.factory.ephemeral { - rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; - }) + # Factory-generated ephemeral module + (inputs.self.factory.ephemeral { + rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; + }) - # Host-specific files (from _trantor/) - ./_trantor/hardware-configuration.nix - ./_trantor/disko.nix - ./_trantor/boot.nix - ./_trantor/fail2ban.nix - ./_trantor/forgejo.nix - ./_trantor/networking.nix - ./_trantor/nginx.nix - ./_trantor/openssh.nix - ./_trantor/unbound.nix - ]; + # Host-specific files (from _trantor/) + ./_trantor/hardware-configuration.nix + ./_trantor/disko.nix + ./_trantor/boot.nix + ./_trantor/fail2ban.nix + ./_trantor/forgejo.nix + ./_trantor/networking.nix + ./_trantor/nginx.nix + ./_trantor/openssh.nix + ./_trantor/unbound.nix + ]; + }; + deploy.nodes.trantor = { + hostname = "trantor"; + profiles.system = { + sshUser = "user"; + path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.trantor; + user = "root"; + }; + }; }; } diff --git a/aspects/users/user.nix b/aspects/users/user.nix index 050b1a5..4106ffb 100644 --- a/aspects/users/user.nix +++ b/aspects/users/user.nix @@ -1,4 +1,4 @@ -{ inputs, ... }: +{ inputs, self, ... }: { flake = { @@ -114,5 +114,11 @@ ]; }; }; + deploy.nodes.io.profiles.user = { + sshUser = "user"; + path = inputs.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations."user@io"; + user = "user"; + remoteBuild = false; + }; }; } diff --git a/deploy.nix b/deploy.nix deleted file mode 100644 index 187c92f..0000000 --- a/deploy.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ inputs, self, ... }: -{ - flake.deploy = { - remoteBuild = true; - nodes = { - alexandria = { - hostname = "alexandria"; - profiles.system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; - user = "root"; - }; - }; - - trantor = { - hostname = "trantor"; - profiles.system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.trantor; - user = "root"; - }; - }; - - io = { - hostname = "io"; - profiles = { - system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.io; - user = "root"; - remoteBuild = false; - }; - user = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations."user@io"; - user = "user"; - remoteBuild = false; - }; - }; - }; - }; - }; - perSystem = - { system, ... }: - { - checks = inputs.deploy-rs.lib.${system}.deployChecks self.deploy; - }; -} diff --git a/flake.nix b/flake.nix index 482ebea..35735d0 100644 --- a/flake.nix +++ b/flake.nix @@ -53,10 +53,10 @@ outputs = inputs@{ flake-parts, import-tree, ... }: let - aspectsModule = import-tree ./aspects; - packagesModule = import-tree ./packages; - shellsModule = import-tree ./shells; - terranixModule = import-tree ./terranix; + aspectsModules = import-tree ./aspects; + packagesModules = import-tree ./packages; + shellsModules = import-tree ./shells; + terranixModules = import-tree ./terranix; in flake-parts.lib.mkFlake { inherit inputs; } { systems = [ @@ -68,12 +68,9 @@ flake-parts.flakeModules.modules inputs.terranix.flakeModule ] - ++ aspectsModule.imports - ++ packagesModule.imports - ++ shellsModule.imports - ++ terranixModule.imports - ++ [ - ./deploy.nix - ]; + ++ aspectsModules.imports + ++ packagesModules.imports + ++ shellsModules.imports + ++ terranixModules.imports; }; } From e89cd6e91d68322020f03eee6546464140777078 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 11 Feb 2026 18:13:30 -0300 Subject: [PATCH 34/75] stylix: flake output `homeManagerModules` has been renamed to `homeModules` and will be removed after 26.05. --- aspects/stylix.nix | 135 ++++++++++++++++++++++++--------------------- 1 file changed, 72 insertions(+), 63 deletions(-) diff --git a/aspects/stylix.nix b/aspects/stylix.nix index e64386f..ec3fd42 100644 --- a/aspects/stylix.nix +++ b/aspects/stylix.nix @@ -1,71 +1,80 @@ { ... }: { flake.modules = { - nixos.stylix = { inputs, ... }: { - imports = [ inputs.stylix.nixosModules.stylix ]; - }; - - homeManager.stylix = { config, inputs, pkgs, ... }: { - imports = [ - inputs.stylix.homeManagerModules.stylix - inputs.zen-browser.homeModules.beta - ]; - - stylix = { - enable = true; - polarity = "dark"; - base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyodark.yaml"; - cursor = { - package = pkgs.kdePackages.breeze; - name = "breeze_cursors"; - size = 24; - }; - icons = { - enable = true; - package = pkgs.morewaita-icon-theme; - light = "MoreWaita"; - dark = "MoreWaita"; - }; - opacity = { - applications = 1.0; - desktop = 1.0; - popups = config.stylix.opacity.desktop; - terminal = 1.0; - }; - fonts = { - serif = { - package = pkgs.source-serif; - name = "Source Serif 4 Display"; - }; - sansSerif = { - package = pkgs.inter; - name = "Inter"; - }; - monospace = { - package = pkgs.nerd-fonts.fira-code; - name = "FiraCode Nerd Font"; - }; - emoji = { - package = pkgs.noto-fonts-color-emoji; - name = "Noto Color Emoji"; - }; - sizes = { - applications = 10; - desktop = config.stylix.fonts.sizes.applications; - popups = config.stylix.fonts.sizes.applications; - terminal = 12; - }; - }; - targets.zen-browser = { - enable = true; - profileNames = [ "william" ]; - }; + nixos.stylix = + { inputs, ... }: + { + imports = [ inputs.stylix.nixosModules.stylix ]; }; - programs.zen-browser = { - enable = true; - profiles.william = { }; + homeManager.stylix = + { + config, + inputs, + pkgs, + ... + }: + { + imports = [ + inputs.stylix.homeModules.stylix + inputs.zen-browser.homeModules.beta + ]; + + stylix = { + enable = true; + polarity = "dark"; + base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyodark.yaml"; + cursor = { + package = pkgs.kdePackages.breeze; + name = "breeze_cursors"; + size = 24; + }; + icons = { + enable = true; + package = pkgs.morewaita-icon-theme; + light = "MoreWaita"; + dark = "MoreWaita"; + }; + opacity = { + applications = 1.0; + desktop = 1.0; + popups = config.stylix.opacity.desktop; + terminal = 1.0; + }; + fonts = { + serif = { + package = pkgs.source-serif; + name = "Source Serif 4 Display"; + }; + sansSerif = { + package = pkgs.inter; + name = "Inter"; + }; + monospace = { + package = pkgs.nerd-fonts.fira-code; + name = "FiraCode Nerd Font"; + }; + emoji = { + package = pkgs.noto-fonts-color-emoji; + name = "Noto Color Emoji"; + }; + sizes = { + applications = 10; + desktop = config.stylix.fonts.sizes.applications; + popups = config.stylix.fonts.sizes.applications; + terminal = 12; + }; + }; + targets.zen-browser = { + enable = true; + profileNames = [ "william" ]; + }; + }; + + programs.zen-browser = { + enable = true; + profiles.william = { }; + }; }; - }; }; } From 2998dd81adcab30bb04112eebe48c737675222e4 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 11 Feb 2026 18:14:00 -0300 Subject: [PATCH 35/75] users.root -> users.users.root --- aspects/users/root.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspects/users/root.nix b/aspects/users/root.nix index 18b70eb..ff04c56 100644 --- a/aspects/users/root.nix +++ b/aspects/users/root.nix @@ -4,7 +4,7 @@ flake.modules.nixos.root = { pkgs, ... }: { - users.root = { + users.users.root = { shell = pkgs.fish; hashedPassword = "!"; }; From 06b0c379601d71d9fe9e5c8a1b7b94a6f632d560 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 12 Feb 2026 16:41:53 -0300 Subject: [PATCH 36/75] no more deploy-rs --- aspects/hosts/alexandria.nix | 92 +++++++++--------- aspects/hosts/io.nix | 109 ++++++++++------------ aspects/hosts/trantor.nix | 100 +++++++++----------- aspects/users/user.nix | 6 -- flake.lock | 174 +++++++++-------------------------- flake.nix | 1 - shells/default.nix | 1 - 7 files changed, 179 insertions(+), 304 deletions(-) diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index b63c370..28c333e 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -1,60 +1,50 @@ { inputs, self, ... }: { - flake = { - nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "alexandria"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } + flake.nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "alexandria"; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root - # Server aspects - inputs.self.modules.nixos.server-boot - inputs.self.modules.nixos.server-nix - inputs.self.modules.nixos.server-tailscale + # Server aspects + inputs.self.modules.nixos.server-boot + inputs.self.modules.nixos.server-nix + inputs.self.modules.nixos.server-tailscale - # Other aspects based on tags - inputs.self.modules.nixos.fwupd + # Other aspects based on tags + inputs.self.modules.nixos.fwupd - # Host-specific files (from _alexandria/) - ./_alexandria/hardware-configuration.nix - ./_alexandria/jellyfin.nix - ./_alexandria/kanidm.nix - ./_alexandria/nextcloud.nix - ./_alexandria/nginx.nix - ./_alexandria/unbound.nix - ./_alexandria/vaultwarden.nix - ]; - }; - deploy.nodes.alexandria = { - hostname = "alexandria"; - profiles.system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; - user = "root"; - }; - }; + # Host-specific files (from _alexandria/) + ./_alexandria/hardware-configuration.nix + ./_alexandria/jellyfin.nix + ./_alexandria/kanidm.nix + ./_alexandria/nextcloud.nix + ./_alexandria/nginx.nix + ./_alexandria/unbound.nix + ./_alexandria/vaultwarden.nix + ]; }; } diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix index 2b5f72f..c6c3dbf 100644 --- a/aspects/hosts/io.nix +++ b/aspects/hosts/io.nix @@ -1,70 +1,59 @@ { inputs, self, ... }: { - flake = { - nixosConfigurations.io = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "io"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } + flake.nixosConfigurations.io = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "io"; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root - # Desktop aspects - inputs.self.modules.nixos.desktop-boot - inputs.self.modules.nixos.desktop-desktop - inputs.self.modules.nixos.desktop-nix - inputs.self.modules.nixos.desktop-services + # Desktop aspects + inputs.self.modules.nixos.desktop-boot + inputs.self.modules.nixos.desktop-desktop + inputs.self.modules.nixos.desktop-nix + inputs.self.modules.nixos.desktop-services - # Other aspects based on tags - inputs.self.modules.nixos.ai - inputs.self.modules.nixos.bluetooth - inputs.self.modules.nixos.dev - inputs.self.modules.nixos.libvirtd - inputs.self.modules.nixos.networkmanager - inputs.self.modules.nixos.podman + # Other aspects based on tags + inputs.self.modules.nixos.ai + inputs.self.modules.nixos.bluetooth + inputs.self.modules.nixos.dev + inputs.self.modules.nixos.libvirtd + inputs.self.modules.nixos.networkmanager + inputs.self.modules.nixos.podman - # Factory-generated ephemeral module - (inputs.self.factory.ephemeral { - rootDevice = "/dev/mapper/cryptroot"; - }) + # Factory-generated ephemeral module + (inputs.self.factory.ephemeral { + rootDevice = "/dev/mapper/cryptroot"; + }) - # Host-specific files (from _io/) - ./_io/hardware-configuration.nix - ./_io/disko.nix - ./_io/boot.nix - ./_io/programs.nix - ./_io/services.nix - ]; - }; - deploy.nodes.io = { - hostname = "io"; - profiles.system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.io; - user = "root"; - remoteBuild = false; - }; - }; + # Host-specific files (from _io/) + ./_io/hardware-configuration.nix + ./_io/disko.nix + ./_io/boot.nix + ./_io/programs.nix + ./_io/services.nix + ]; }; } diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix index c806987..3de68a9 100644 --- a/aspects/hosts/trantor.nix +++ b/aspects/hosts/trantor.nix @@ -1,64 +1,54 @@ { inputs, self, ... }: { - flake = { - nixosConfigurations.trantor = inputs.nixpkgs-stable.lib.nixosSystem { - system = "aarch64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "trantor"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } + flake.nixosConfigurations.trantor = inputs.nixpkgs-stable.lib.nixosSystem { + system = "aarch64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "trantor"; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root - # Server aspects - inputs.self.modules.nixos.server-boot - inputs.self.modules.nixos.server-nix - inputs.self.modules.nixos.server-tailscale + # Server aspects + inputs.self.modules.nixos.server-boot + inputs.self.modules.nixos.server-nix + inputs.self.modules.nixos.server-tailscale - # Factory-generated ephemeral module - (inputs.self.factory.ephemeral { - rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; - }) + # Factory-generated ephemeral module + (inputs.self.factory.ephemeral { + rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; + }) - # Host-specific files (from _trantor/) - ./_trantor/hardware-configuration.nix - ./_trantor/disko.nix - ./_trantor/boot.nix - ./_trantor/fail2ban.nix - ./_trantor/forgejo.nix - ./_trantor/networking.nix - ./_trantor/nginx.nix - ./_trantor/openssh.nix - ./_trantor/unbound.nix - ]; - }; - deploy.nodes.trantor = { - hostname = "trantor"; - profiles.system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.trantor; - user = "root"; - }; - }; + # Host-specific files (from _trantor/) + ./_trantor/hardware-configuration.nix + ./_trantor/disko.nix + ./_trantor/boot.nix + ./_trantor/fail2ban.nix + ./_trantor/forgejo.nix + ./_trantor/networking.nix + ./_trantor/nginx.nix + ./_trantor/openssh.nix + ./_trantor/unbound.nix + ]; }; } diff --git a/aspects/users/user.nix b/aspects/users/user.nix index 4106ffb..ad1b8ca 100644 --- a/aspects/users/user.nix +++ b/aspects/users/user.nix @@ -114,11 +114,5 @@ ]; }; }; - deploy.nodes.io.profiles.user = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations."user@io"; - user = "user"; - remoteBuild = false; - }; }; } diff --git a/flake.lock b/flake.lock index c7b2e16..05b233b 100644 --- a/flake.lock +++ b/flake.lock @@ -97,7 +97,7 @@ "nix-ai-tools", "nixpkgs" ], - "systems": "systems_3" + "systems": "systems_2" }, "locked": { "lastModified": 1767386128, @@ -135,29 +135,9 @@ "type": "github" } }, - "deploy-rs": { - "inputs": { - "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs", - "utils": "utils" - }, - "locked": { - "lastModified": 1766051518, - "narHash": "sha256-znKOwPXQnt3o7lDb3hdf19oDo0BLP4MfBOYiWkEHoik=", - "owner": "serokell", - "repo": "deploy-rs", - "rev": "d5eff7f948535b9c723d60cd8239f8f11ddc90fa", - "type": "github" - }, - "original": { - "owner": "serokell", - "repo": "deploy-rs", - "type": "github" - } - }, "disko": { "inputs": { - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs" }, "locked": { "lastModified": 1768923567, @@ -190,22 +170,6 @@ } }, "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { "flake": false, "locked": { "lastModified": 1767039857, @@ -221,7 +185,7 @@ "type": "github" } }, - "flake-compat_3": { + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1747046372, @@ -437,7 +401,7 @@ "impermanence": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1768835187, @@ -470,7 +434,7 @@ }, "niri": { "inputs": { - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_3", "rust-overlay": "rust-overlay" }, "locked": { @@ -492,7 +456,7 @@ "inputs": { "niri-stable": "niri-stable", "niri-unstable": "niri-unstable", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "nixpkgs-stable": "nixpkgs-stable", "xwayland-satellite-stable": "xwayland-satellite-stable", "xwayland-satellite-unstable": "xwayland-satellite-unstable" @@ -547,7 +511,7 @@ "nix-ai-tools": { "inputs": { "blueprint": "blueprint", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_5", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -602,9 +566,9 @@ }, "nixos-cli": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat", "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_6", "optnix": "optnix" }, "locked": { @@ -623,11 +587,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743014863, - "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=", + "lastModified": 1768661221, + "narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f", + "rev": "3327b113f2ef698d380df83fbccefad7e83d7769", "type": "github" }, "original": { @@ -700,22 +664,6 @@ } }, "nixpkgs_10": { - "locked": { - "lastModified": 1767767207, - "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { "locked": { "lastModified": 1762111121, "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", @@ -731,7 +679,7 @@ "type": "github" } }, - "nixpkgs_12": { + "nixpkgs_11": { "locked": { "lastModified": 1768127708, "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", @@ -748,22 +696,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1768661221, - "narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "3327b113f2ef698d380df83fbccefad7e83d7769", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1768564909, "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", @@ -779,7 +711,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1757967192, "narHash": "sha256-/aA9A/OBmnuOMgwfzdsXRusqzUpd8rQnQY8jtrHK+To=", @@ -795,7 +727,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { "lastModified": 1768564909, "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", @@ -811,7 +743,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { "lastModified": 1768783163, "narHash": "sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo+w8KsY4=", @@ -827,7 +759,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_6": { "locked": { "lastModified": 1767151656, "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", @@ -843,7 +775,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_7": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -859,7 +791,7 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_8": { "locked": { "lastModified": 1768564909, "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", @@ -875,6 +807,22 @@ "type": "github" } }, + "nixpkgs_9": { + "locked": { + "lastModified": 1767767207, + "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "noctalia": { "inputs": { "nixpkgs": [ @@ -922,8 +870,8 @@ }, "optnix": { "inputs": { - "flake-compat": "flake-compat_3", - "nixpkgs": "nixpkgs_8" + "flake-compat": "flake-compat_2", + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1765418479, @@ -942,7 +890,6 @@ "root": { "inputs": { "agenix": "agenix", - "deploy-rs": "deploy-rs", "disko": "disko", "flake-parts": "flake-parts", "home-manager": "home-manager_2", @@ -954,7 +901,7 @@ "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_8", "nixpkgs-stable": "nixpkgs-stable_2", "noctalia": "noctalia", "stylix": "stylix", @@ -993,9 +940,9 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_3", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_9", "nur": "nur", - "systems": "systems_4", + "systems": "systems_3", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -1091,28 +1038,13 @@ "type": "github" } }, - "systems_6": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "terranix": { "inputs": { "flake-parts": "flake-parts_4", "nixpkgs": [ "nixpkgs" ], - "systems": "systems_5" + "systems": "systems_4" }, "locked": { "lastModified": 1762472226, @@ -1230,28 +1162,10 @@ "type": "github" } }, - "utils": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "vicinae": { "inputs": { - "nixpkgs": "nixpkgs_11", - "systems": "systems_6" + "nixpkgs": "nixpkgs_10", + "systems": "systems_5" }, "locked": { "lastModified": 1768856963, @@ -1303,7 +1217,7 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_4", - "nixpkgs": "nixpkgs_12" + "nixpkgs": "nixpkgs_11" }, "locked": { "lastModified": 1768919538, diff --git a/flake.nix b/flake.nix index 35735d0..6026fa3 100644 --- a/flake.nix +++ b/flake.nix @@ -40,7 +40,6 @@ zen-browser.url = "github:0xc000022070/zen-browser-flake"; # stand-alone tools - deploy-rs.url = "github:serokell/deploy-rs"; terranix = { url = "github:terranix/terranix"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/shells/default.nix b/shells/default.nix index 1c93cf3..a7cda20 100644 --- a/shells/default.nix +++ b/shells/default.nix @@ -7,7 +7,6 @@ devShells.default = pkgs.mkShell { packages = with pkgs; [ inputs.agenix.packages.${system}.default - deploy-rs nil nixfmt ]; From 7309074f25a641007e38bdbca3bca2e9d342a44b Mon Sep 17 00:00:00 2001 From: William Date: Thu, 12 Feb 2026 17:16:01 -0300 Subject: [PATCH 37/75] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/fcdea223397448d35d9b31f798479227e80183f6?narHash=sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L%2BVSybPfiIgzU8lbQ%3D' (2025-11-08) → 'github:ryantm/agenix/b027ee29d959fda4b60b57566d64c98a202e0feb?narHash=sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I%3D' (2026-02-04) • Updated input 'disko': 'github:nix-community/disko/00395d188e3594a1507f214a2f15d4ce5c07cb28?narHash=sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q%3D' (2026-01-20) → 'github:nix-community/disko/71a3fc97d80881e91710fe721f1158d3b96ae14d?narHash=sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE%3D' (2026-01-27) • Updated input 'disko/nixpkgs': 'github:NixOS/nixpkgs/3327b113f2ef698d380df83fbccefad7e83d7769?narHash=sha256-MJwOjrIISfOpdI9x4C%2B5WFQXvHtOuj5mqLZ4TMEtk1M%3D' (2026-01-17) → 'github:NixOS/nixpkgs/48698d12cc10555a4f3e3222d9c669b884a49dfe?narHash=sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv%2B6jcvA212M%3D' (2026-01-25) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/80daad04eddbbf5a4d883996a73f3f542fa437ac?narHash=sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY%3D' (2026-01-11) → 'github:hercules-ci/flake-parts/57928607ea566b5db3ad13af0e57e921e6b12381?narHash=sha256-AnYjnFWgS49RlqX7LrC4uA%2BsCCDBj0Ry/WOJ5XWAsa0%3D' (2026-02-02) • Updated input 'flake-parts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/2075416fcb47225d9b68ac469a5c4801a9c4dd85?narHash=sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo%3D' (2025-12-14) → 'github:nix-community/nixpkgs.lib/72716169fe93074c333e8d0173151350670b824c?narHash=sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ%2BQDT/KDuyHXVJOpM%3D' (2026-02-01) • Updated input 'home-manager': 'github:nix-community/home-manager/63a87808f5f9b6e4195a1d33f6ea25d23f4aa0df?narHash=sha256-zyMpWHqcpKVmRc1W2NEK7DAuyVJZV62Jdjqudg70b1k%3D' (2026-01-20) → 'github:nix-community/home-manager/6a1f7101d2c3ee87d485a87880d73b4665c6a4bd?narHash=sha256-ZwU5wXKNqpOQvjNz6aBp1j5peiBZow1%2B%2B6pLnk5VAhs%3D' (2026-02-12) • Updated input 'impermanence': 'github:nix-community/impermanence/0d633a69480bb3a3e2f18c080d34a8fa81da6395?narHash=sha256-6nY0ixjGjPQCL%2B/sUC1B1MRiO1LOI3AkRSIywm3i3bE%3D' (2026-01-19) → 'github:nix-community/impermanence/7b1d382faf603b6d264f58627330f9faa5cba149?narHash=sha256-03%2BJxvzmfwRu%2B5JafM0DLbxgHttOQZkUtDWBmeUkN8Y%3D' (2026-01-27) • Updated input 'niri-flake': 'github:sodiboo/niri-flake/6581f5458309233622c1b73c8902dcaea7be16eb?narHash=sha256-ct4qxmFJeJbaJKiOnXOZmRmVmk7TpT%2BlohuTgTr%2BkYQ%3D' (2026-01-20) → 'github:sodiboo/niri-flake/7634add8bf2dd225d04f535de4bd0ee60982f367?narHash=sha256-QgJZ%2BW6YE6nAzO/m7ezamAzr9DTflIEXRozMivL0%2Bhc%3D' (2026-02-11) • Updated input 'niri-flake/niri-unstable': 'github:YaLTeR/niri/d7184a04b904e07113f4623610775ae78d32394c?narHash=sha256-Ub8eed4DsfIDWyg30xEe%2B8bSxL/z5Af/gCjmvJ0V/Hs%3D' (2026-01-17) → 'github:YaLTeR/niri/41b5de87692b8262fbdbff7faab93f04ff0be453?narHash=sha256-8GzUa8bCyQ688jYW2waXrOqetTr7oV8UPTO2He%2B5Hsg%3D' (2026-02-10) • Updated input 'niri-flake/nixpkgs': 'github:NixOS/nixpkgs/e4bae1bd10c9c57b2cf517953ab70060a828ee6f?narHash=sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc%3D' (2026-01-16) → 'github:NixOS/nixpkgs/d6c71932130818840fc8fe9509cf50be8c64634f?narHash=sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84%3D' (2026-02-08) • Updated input 'niri-flake/nixpkgs-stable': 'github:NixOS/nixpkgs/77ef7a29d276c6d8303aece3444d61118ef71ac2?narHash=sha256-XsM7GP3jHlephymxhDE%2B/TKKO1Q16phz/vQiLBGhpF4%3D' (2026-01-18) → 'github:NixOS/nixpkgs/6c5e707c6b5339359a9a9e215c5e66d6d802fd7a?narHash=sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs%3D' (2026-02-11) • Updated input 'niri-flake/xwayland-satellite-unstable': 'github:Supreeeme/xwayland-satellite/ed1cef792b4def3321ff9ab5479df09609f17a69?narHash=sha256-C1JbyJ3ftogmN3vmLNfyPtnJw2wY64TiUTIhFtk1Leg%3D' (2026-01-18) → 'github:Supreeeme/xwayland-satellite/86f5bd5d867ad6e120935dfe825f6b903ebbeddd?narHash=sha256-Q75S8cEqJoZ92s1y4zArvk2U1ayAy2E4SaF7gbNXkYQ%3D' (2026-02-08) • Updated input 'nix-ai-tools': 'github:numtide/llm-agents.nix/78f3fdc13ef903475aa5bfc0f85eeefaa36af837?narHash=sha256-gFoGvnW2YDWsxKD56kdiXbhh9vBPAU3yusssbXF0UMo%3D' (2026-01-20) → 'github:numtide/llm-agents.nix/266d4d8a55eef6dd23cd0adced301053d8fc23c9?narHash=sha256-HQXK2CXAhBuTBw99Ip018Vp9MMAPfJVywgRrkwMUgMc%3D' (2026-02-12) • Updated input 'nix-ai-tools/blueprint': 'github:numtide/blueprint/0ed984d51a3031065925ab08812a5434f40b93d4?narHash=sha256-BJDu7dIMauO2nYRSL4aI8wDNtEm2KOb7lDKP3hxdrpo%3D' (2026-01-02) → 'github:numtide/blueprint/c7da5c70ad1c9b60b6f5d4f674fbe205d48d8f6c?narHash=sha256-zI%2B7cbMI4wMIR57jMjDSEsVb3grapTnURDxxJPYFIW0%3D' (2026-01-25) • Updated input 'nix-ai-tools/nixpkgs': 'github:NixOS/nixpkgs/bde09022887110deb780067364a0818e89258968?narHash=sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo%2Bw8KsY4%3D' (2026-01-19) → 'github:NixOS/nixpkgs/2343bbb58f99267223bc2aac4fc9ea301a155a16?narHash=sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8%3D' (2026-02-11) • Updated input 'nix-ai-tools/treefmt-nix': 'github:numtide/treefmt-nix/e96d59dff5c0d7fddb9d113ba108f03c3ef99eca?narHash=sha256-67vyT1%2BxClLldnumAzCTBvU0jLZ1YBcf4vANRWP3%2BAk%3D' (2026-01-11) → 'github:numtide/treefmt-nix/337a4fe074be1042a35086f15481d763b8ddc0e7?narHash=sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD%2BFyxk%3D' (2026-02-04) • Updated input 'nix-index-database': 'github:nix-community/nix-index-database/82befcf7dc77c909b0f2a09f5da910ec95c5b78f?narHash=sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws%3D' (2025-12-09) → 'github:nix-community/nix-index-database/2684bb8080a6f2ca5f9d494de5ef875bc1c4ecdb?narHash=sha256-hy0gcAgAcxrnSWKGuNO%2BOb0x6jQ2xkR6hoaR0qJBHYs%3D' (2026-02-05) • Updated input 'nixos-cli': 'github:nix-community/nixos-cli/5e79001c7a8b556c3c61d4ef38f0f0fa1187ee90?narHash=sha256-6w1Mhg6%2B46LlaheCa1O/jIk02ukerZ7DdUf9GlQVGxc%3D' (2026-01-18) → 'github:nix-community/nixos-cli/9a2e97e8832b211df22c5cb21a55ebf1c3eb2be1?narHash=sha256-TFRhwVzPg3ly388J3CYYvjrma/dWjsBVpNE437bWeHk%3D' (2026-02-12) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/e4bae1bd10c9c57b2cf517953ab70060a828ee6f?narHash=sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc%3D' (2026-01-16) → 'github:nixos/nixpkgs/d6c71932130818840fc8fe9509cf50be8c64634f?narHash=sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84%3D' (2026-02-08) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/77ef7a29d276c6d8303aece3444d61118ef71ac2?narHash=sha256-XsM7GP3jHlephymxhDE%2B/TKKO1Q16phz/vQiLBGhpF4%3D' (2026-01-18) → 'github:nixos/nixpkgs/6c5e707c6b5339359a9a9e215c5e66d6d802fd7a?narHash=sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs%3D' (2026-02-11) • Updated input 'noctalia': 'github:noctalia-dev/noctalia-shell/1ef5c0eb307e8a4f30dfa6bcc75cf90ae8c6af46?narHash=sha256-T4H/VMjGwBuHEIrPYWfXQ73XV0foCuFGgH7k3SNSJDo%3D' (2026-01-20) → 'github:noctalia-dev/noctalia-shell/d87364964948b9d691f8363f85a5e23bee154df9?narHash=sha256-xg40mnp5KKBepACmvlPzmn5iPyUBxktfv50saSVUn0M%3D' (2026-02-12) • Updated input 'stylix': 'github:danth/stylix/06684f00cfbee14da96fd4307b966884de272d3a?narHash=sha256-3%2Bh7OxqfrPIB/tRsiZXWE9sCbTm7NQN5Ie428p%2BS6BA%3D' (2026-01-18) → 'github:danth/stylix/db03fed72e5ca02be34e1d24789345a943329738?narHash=sha256-QHFYyngohNhih4w%2B3IqQty5DV%2Bp1txsx1kkk6XJWar8%3D' (2026-02-12) • Updated input 'vicinae': 'github:vicinaehq/vicinae/934bc0ad47be6dbd6498a0dac655c4613fd0ab27?narHash=sha256-u5bWDuwk6oieTnvm1YjNotcYK8iJSddH5%2BS68%2BX4TSc%3D' (2026-01-19) → 'github:vicinaehq/vicinae/0c70267ab7e07d7972012fcf8ae58808a32a2e86?narHash=sha256-21lurBRyHgJbVD3E0/i7Fhxi4rBUxyznGfKpdGVtEdc%3D' (2026-02-12) • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/37149a5b77e8fd2b5332e8cec9edf39ca5b8e8bc?narHash=sha256-w10iy/aqd5LtD78NDWWG%2BeKGzkb%2BcGhAAo7PVciLbWE%3D' (2026-01-20) → 'github:0xc000022070/zen-browser-flake/0078cf2d5e81eb56a9356d51f2738f7141194de1?narHash=sha256-iJ9c0ZewfRRYUflaEOj43n5TWaB6Ezygn2UA/ZHGQJA%3D' (2026-02-12) • Updated input 'zen-browser/home-manager': 'github:nix-community/home-manager/b4d88c9ac42ae1a745283f6547701da43b6e9f9b?narHash=sha256-cJbFn17oyg6qAraLr%2BNVeNJrXsrzJdrudkzI4H2iTcg%3D' (2026-01-14) → 'github:nix-community/home-manager/f4ad5068ee8e89e4a7c2e963e10dd35cd77b37b7?narHash=sha256-07HMIGQ/WJeAQJooA7Kkg1SDKxhAiV6eodvOwTX6WKI%3D' (2026-01-31) • Updated input 'zen-browser/nixpkgs': 'github:nixos/nixpkgs/ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38?narHash=sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs%3D' (2026-01-11) → 'github:nixos/nixpkgs/bfc1b8a4574108ceef22f02bafcf6611380c100d?narHash=sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI%3D' (2026-01-26) --- flake.lock | 156 ++++++++++++++++++++++++++--------------------------- 1 file changed, 78 insertions(+), 78 deletions(-) diff --git a/flake.lock b/flake.lock index 05b233b..806550a 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1762618334, - "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "lastModified": 1770165109, + "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", "owner": "ryantm", "repo": "agenix", - "rev": "fcdea223397448d35d9b31f798479227e80183f6", + "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", "type": "github" }, "original": { @@ -100,11 +100,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1767386128, - "narHash": "sha256-BJDu7dIMauO2nYRSL4aI8wDNtEm2KOb7lDKP3hxdrpo=", + "lastModified": 1769353768, + "narHash": "sha256-zI+7cbMI4wMIR57jMjDSEsVb3grapTnURDxxJPYFIW0=", "owner": "numtide", "repo": "blueprint", - "rev": "0ed984d51a3031065925ab08812a5434f40b93d4", + "rev": "c7da5c70ad1c9b60b6f5d4f674fbe205d48d8f6c", "type": "github" }, "original": { @@ -140,11 +140,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1768923567, - "narHash": "sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q=", + "lastModified": 1769524058, + "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=", "owner": "nix-community", "repo": "disko", - "rev": "00395d188e3594a1507f214a2f15d4ce5c07cb28", + "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d", "type": "github" }, "original": { @@ -206,11 +206,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1768135262, - "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "type": "github" }, "original": { @@ -342,11 +342,11 @@ ] }, "locked": { - "lastModified": 1768927746, - "narHash": "sha256-zyMpWHqcpKVmRc1W2NEK7DAuyVJZV62Jdjqudg70b1k=", + "lastModified": 1770915843, + "narHash": "sha256-ZwU5wXKNqpOQvjNz6aBp1j5peiBZow1++6pLnk5VAhs=", "owner": "nix-community", "repo": "home-manager", - "rev": "63a87808f5f9b6e4195a1d33f6ea25d23f4aa0df", + "rev": "6a1f7101d2c3ee87d485a87880d73b4665c6a4bd", "type": "github" }, "original": { @@ -385,11 +385,11 @@ ] }, "locked": { - "lastModified": 1768434960, - "narHash": "sha256-cJbFn17oyg6qAraLr+NVeNJrXsrzJdrudkzI4H2iTcg=", + "lastModified": 1769872935, + "narHash": "sha256-07HMIGQ/WJeAQJooA7Kkg1SDKxhAiV6eodvOwTX6WKI=", "owner": "nix-community", "repo": "home-manager", - "rev": "b4d88c9ac42ae1a745283f6547701da43b6e9f9b", + "rev": "f4ad5068ee8e89e4a7c2e963e10dd35cd77b37b7", "type": "github" }, "original": { @@ -404,11 +404,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1768835187, - "narHash": "sha256-6nY0ixjGjPQCL+/sUC1B1MRiO1LOI3AkRSIywm3i3bE=", + "lastModified": 1769548169, + "narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=", "owner": "nix-community", "repo": "impermanence", - "rev": "0d633a69480bb3a3e2f18c080d34a8fa81da6395", + "rev": "7b1d382faf603b6d264f58627330f9faa5cba149", "type": "github" }, "original": { @@ -462,11 +462,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1768877436, - "narHash": "sha256-ct4qxmFJeJbaJKiOnXOZmRmVmk7TpT+lohuTgTr+kYQ=", + "lastModified": 1770844822, + "narHash": "sha256-QgJZ+W6YE6nAzO/m7ezamAzr9DTflIEXRozMivL0+hc=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "6581f5458309233622c1b73c8902dcaea7be16eb", + "rev": "7634add8bf2dd225d04f535de4bd0ee60982f367", "type": "github" }, "original": { @@ -495,11 +495,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1768678265, - "narHash": "sha256-Ub8eed4DsfIDWyg30xEe+8bSxL/z5Af/gCjmvJ0V/Hs=", + "lastModified": 1770735554, + "narHash": "sha256-8GzUa8bCyQ688jYW2waXrOqetTr7oV8UPTO2He+5Hsg=", "owner": "YaLTeR", "repo": "niri", - "rev": "d7184a04b904e07113f4623610775ae78d32394c", + "rev": "41b5de87692b8262fbdbff7faab93f04ff0be453", "type": "github" }, "original": { @@ -515,11 +515,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1768922080, - "narHash": "sha256-gFoGvnW2YDWsxKD56kdiXbhh9vBPAU3yusssbXF0UMo=", + "lastModified": 1770907059, + "narHash": "sha256-HQXK2CXAhBuTBw99Ip018Vp9MMAPfJVywgRrkwMUgMc=", "owner": "numtide", "repo": "llm-agents.nix", - "rev": "78f3fdc13ef903475aa5bfc0f85eeefaa36af837", + "rev": "266d4d8a55eef6dd23cd0adced301053d8fc23c9", "type": "github" }, "original": { @@ -551,11 +551,11 @@ ] }, "locked": { - "lastModified": 1765267181, - "narHash": "sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws=", + "lastModified": 1770315571, + "narHash": "sha256-hy0gcAgAcxrnSWKGuNO+Ob0x6jQ2xkR6hoaR0qJBHYs=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "82befcf7dc77c909b0f2a09f5da910ec95c5b78f", + "rev": "2684bb8080a6f2ca5f9d494de5ef875bc1c4ecdb", "type": "github" }, "original": { @@ -572,11 +572,11 @@ "optnix": "optnix" }, "locked": { - "lastModified": 1768778579, - "narHash": "sha256-6w1Mhg6+46LlaheCa1O/jIk02ukerZ7DdUf9GlQVGxc=", + "lastModified": 1770862985, + "narHash": "sha256-TFRhwVzPg3ly388J3CYYvjrma/dWjsBVpNE437bWeHk=", "owner": "nix-community", "repo": "nixos-cli", - "rev": "5e79001c7a8b556c3c61d4ef38f0f0fa1187ee90", + "rev": "9a2e97e8832b211df22c5cb21a55ebf1c3eb2be1", "type": "github" }, "original": { @@ -587,11 +587,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1768661221, - "narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=", + "lastModified": 1769330179, + "narHash": "sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv+6jcvA212M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3327b113f2ef698d380df83fbccefad7e83d7769", + "rev": "48698d12cc10555a4f3e3222d9c669b884a49dfe", "type": "github" }, "original": { @@ -603,11 +603,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1765674936, - "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", + "lastModified": 1769909678, + "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", + "rev": "72716169fe93074c333e8d0173151350670b824c", "type": "github" }, "original": { @@ -633,11 +633,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1768773494, - "narHash": "sha256-XsM7GP3jHlephymxhDE+/TKKO1Q16phz/vQiLBGhpF4=", + "lastModified": 1770770419, + "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "77ef7a29d276c6d8303aece3444d61118ef71ac2", + "rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a", "type": "github" }, "original": { @@ -649,11 +649,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1768773494, - "narHash": "sha256-XsM7GP3jHlephymxhDE+/TKKO1Q16phz/vQiLBGhpF4=", + "lastModified": 1770770419, + "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "77ef7a29d276c6d8303aece3444d61118ef71ac2", + "rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a", "type": "github" }, "original": { @@ -681,11 +681,11 @@ }, "nixpkgs_11": { "locked": { - "lastModified": 1768127708, - "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", + "lastModified": 1769461804, + "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38", + "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", "type": "github" }, "original": { @@ -729,11 +729,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1768564909, - "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", + "lastModified": 1770562336, + "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", + "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", "type": "github" }, "original": { @@ -745,11 +745,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1768783163, - "narHash": "sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo+w8KsY4=", + "lastModified": 1770843696, + "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bde09022887110deb780067364a0818e89258968", + "rev": "2343bbb58f99267223bc2aac4fc9ea301a155a16", "type": "github" }, "original": { @@ -793,11 +793,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1768564909, - "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", + "lastModified": 1770562336, + "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", + "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", "type": "github" }, "original": { @@ -830,11 +830,11 @@ ] }, "locked": { - "lastModified": 1768924718, - "narHash": "sha256-T4H/VMjGwBuHEIrPYWfXQ73XV0foCuFGgH7k3SNSJDo=", + "lastModified": 1770922006, + "narHash": "sha256-xg40mnp5KKBepACmvlPzmn5iPyUBxktfv50saSVUn0M=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "1ef5c0eb307e8a4f30dfa6bcc75cf90ae8c6af46", + "rev": "d87364964948b9d691f8363f85a5e23bee154df9", "type": "github" }, "original": { @@ -950,11 +950,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1768744881, - "narHash": "sha256-3+h7OxqfrPIB/tRsiZXWE9sCbTm7NQN5Ie428p+S6BA=", + "lastModified": 1770914701, + "narHash": "sha256-QHFYyngohNhih4w+3IqQty5DV+p1txsx1kkk6XJWar8=", "owner": "danth", "repo": "stylix", - "rev": "06684f00cfbee14da96fd4307b966884de272d3a", + "rev": "db03fed72e5ca02be34e1d24789345a943329738", "type": "github" }, "original": { @@ -1149,11 +1149,11 @@ ] }, "locked": { - "lastModified": 1768158989, - "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=", + "lastModified": 1770228511, + "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca", + "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7", "type": "github" }, "original": { @@ -1168,11 +1168,11 @@ "systems": "systems_5" }, "locked": { - "lastModified": 1768856963, - "narHash": "sha256-u5bWDuwk6oieTnvm1YjNotcYK8iJSddH5+S68+X4TSc=", + "lastModified": 1770912475, + "narHash": "sha256-21lurBRyHgJbVD3E0/i7Fhxi4rBUxyznGfKpdGVtEdc=", "owner": "vicinaehq", "repo": "vicinae", - "rev": "934bc0ad47be6dbd6498a0dac655c4613fd0ab27", + "rev": "0c70267ab7e07d7972012fcf8ae58808a32a2e86", "type": "github" }, "original": { @@ -1201,11 +1201,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1768765571, - "narHash": "sha256-C1JbyJ3ftogmN3vmLNfyPtnJw2wY64TiUTIhFtk1Leg=", + "lastModified": 1770583271, + "narHash": "sha256-Q75S8cEqJoZ92s1y4zArvk2U1ayAy2E4SaF7gbNXkYQ=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "ed1cef792b4def3321ff9ab5479df09609f17a69", + "rev": "86f5bd5d867ad6e120935dfe825f6b903ebbeddd", "type": "github" }, "original": { @@ -1220,11 +1220,11 @@ "nixpkgs": "nixpkgs_11" }, "locked": { - "lastModified": 1768919538, - "narHash": "sha256-w10iy/aqd5LtD78NDWWG+eKGzkb+cGhAAo7PVciLbWE=", + "lastModified": 1770919290, + "narHash": "sha256-iJ9c0ZewfRRYUflaEOj43n5TWaB6Ezygn2UA/ZHGQJA=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "37149a5b77e8fd2b5332e8cec9edf39ca5b8e8bc", + "rev": "0078cf2d5e81eb56a9356d51f2738f7141194de1", "type": "github" }, "original": { From 8f98f7d420f4ee6747d839160b8275d1581c2626 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 12 Feb 2026 18:50:38 -0300 Subject: [PATCH 38/75] nixfmt --- aspects/ai.nix | 20 +- aspects/bluetooth.nix | 13 +- aspects/cli/btop.nix | 23 +- aspects/cli/comma.nix | 16 +- aspects/cli/direnv.nix | 17 +- aspects/cli/helix.nix | 89 +++-- aspects/cli/hm-cli.nix | 19 +- aspects/cli/starship.nix | 77 ++-- aspects/cli/tmux.nix | 23 +- aspects/common/boot.nix | 28 +- aspects/common/console.nix | 12 +- aspects/common/firewall.nix | 12 +- aspects/common/locale.nix | 34 +- aspects/common/nix.nix | 62 +-- aspects/common/openssh.nix | 18 +- aspects/common/services.nix | 14 +- aspects/common/tailscale.nix | 12 +- aspects/constants.nix | 26 +- aspects/desktop/boot.nix | 51 +-- aspects/desktop/desktop.nix | 541 +++++++++++++------------- aspects/desktop/niri.nix | 10 +- aspects/desktop/nix.nix | 25 +- aspects/desktop/services.nix | 27 +- aspects/dev.nix | 37 +- aspects/ephemeral.nix | 23 +- aspects/fwupd.nix | 13 +- aspects/gaming/flatpak.nix | 40 +- aspects/gaming/hardware.nix | 14 +- aspects/gaming/launchers.nix | 16 +- aspects/gaming/mangohud.nix | 72 ++-- aspects/gaming/steam.nix | 22 +- aspects/hosts/_alexandria/unbound.nix | 3 +- aspects/hosts/_trantor/nginx.nix | 4 +- aspects/hosts/alexandria.nix | 1 + aspects/libvirtd.nix | 35 +- aspects/networkmanager.nix | 21 +- aspects/server/boot.nix | 13 +- aspects/server/nix.nix | 25 +- aspects/server/tailscale.nix | 25 +- aspects/shell/bash.nix | 17 +- aspects/shell/fish.nix | 65 ++-- packages/claude-desktop.nix | 3 +- packages/overlays.nix | 19 +- terranix/kernelpanic.space.nix | 9 +- terranix/terminus.nix | 9 +- 45 files changed, 932 insertions(+), 723 deletions(-) diff --git a/aspects/ai.nix b/aspects/ai.nix index 6befeae..f67bbbc 100644 --- a/aspects/ai.nix +++ b/aspects/ai.nix @@ -1,12 +1,14 @@ { ... }: { - flake.modules.nixos.ai = { inputs, pkgs, ... }: { - environment.systemPackages = - (with pkgs; [claude-desktop]) ++ - (with inputs.nix-ai-tools.packages.${pkgs.system}; [ - claude-code - claudebox - opencode - ]); - }; + flake.modules.nixos.ai = + { inputs, pkgs, ... }: + { + environment.systemPackages = + (with pkgs; [ claude-desktop ]) + ++ (with inputs.nix-ai-tools.packages.${pkgs.system}; [ + claude-code + claudebox + opencode + ]); + }; } diff --git a/aspects/bluetooth.nix b/aspects/bluetooth.nix index 222bdf2..2027ac1 100644 --- a/aspects/bluetooth.nix +++ b/aspects/bluetooth.nix @@ -1,6 +1,13 @@ { ... }: { - flake.modules.nixos.bluetooth = { config, lib, pkgs, ... }: { - hardware.bluetooth.enable = true; - }; + flake.modules.nixos.bluetooth = + { + config, + lib, + pkgs, + ... + }: + { + hardware.bluetooth.enable = true; + }; } diff --git a/aspects/cli/btop.nix b/aspects/cli/btop.nix index 09a815e..2b9c3fc 100644 --- a/aspects/cli/btop.nix +++ b/aspects/cli/btop.nix @@ -1,13 +1,20 @@ { ... }: { - flake.modules.homeManager.cli-btop = { config, lib, pkgs, ... }: { - programs.btop = { - enable = true; - settings = { - theme_background = false; - proc_sorting = "cpu direct"; - update_ms = 500; + flake.modules.homeManager.cli-btop = + { + config, + lib, + pkgs, + ... + }: + { + programs.btop = { + enable = true; + settings = { + theme_background = false; + proc_sorting = "cpu direct"; + update_ms = 500; + }; }; }; - }; } diff --git a/aspects/cli/comma.nix b/aspects/cli/comma.nix index b8e6c2a..71ddb9c 100644 --- a/aspects/cli/comma.nix +++ b/aspects/cli/comma.nix @@ -1,8 +1,16 @@ { ... }: { - flake.modules.homeManager.cli-comma = { config, lib, pkgs, inputs, ... }: { - imports = [ inputs.nix-index-database.homeModules.nix-index ]; + flake.modules.homeManager.cli-comma = + { + config, + lib, + pkgs, + inputs, + ... + }: + { + imports = [ inputs.nix-index-database.homeModules.nix-index ]; - programs.nix-index-database.comma.enable = true; - }; + programs.nix-index-database.comma.enable = true; + }; } diff --git a/aspects/cli/direnv.nix b/aspects/cli/direnv.nix index 4399283..60ea7ad 100644 --- a/aspects/cli/direnv.nix +++ b/aspects/cli/direnv.nix @@ -1,9 +1,16 @@ { ... }: { - flake.modules.homeManager.cli-direnv = { config, lib, pkgs, ... }: { - programs.direnv = { - enable = true; - nix-direnv.enable = true; + flake.modules.homeManager.cli-direnv = + { + config, + lib, + pkgs, + ... + }: + { + programs.direnv = { + enable = true; + nix-direnv.enable = true; + }; }; - }; } diff --git a/aspects/cli/helix.nix b/aspects/cli/helix.nix index 1fa2baf..fe0cf74 100644 --- a/aspects/cli/helix.nix +++ b/aspects/cli/helix.nix @@ -1,50 +1,57 @@ { ... }: { - flake.modules.homeManager.cli-helix = { config, lib, pkgs, ... }: { - home.sessionVariables = { - EDITOR = "hx"; - }; + flake.modules.homeManager.cli-helix = + { + config, + lib, + pkgs, + ... + }: + { + home.sessionVariables = { + EDITOR = "hx"; + }; - programs.helix = { - enable = true; - settings = { - editor = { - file-picker.hidden = false; - idle-timeout = 0; - line-number = "relative"; - cursor-shape = { - normal = "underline"; - insert = "bar"; - select = "underline"; + programs.helix = { + enable = true; + settings = { + editor = { + file-picker.hidden = false; + idle-timeout = 0; + line-number = "relative"; + cursor-shape = { + normal = "underline"; + insert = "bar"; + select = "underline"; + }; + soft-wrap.enable = true; + auto-format = true; + indent-guides.render = true; }; - soft-wrap.enable = true; - auto-format = true; - indent-guides.render = true; - }; - keys.normal = { - space = { - o = "file_picker_in_current_buffer_directory"; - esc = [ - "collapse_selection" - "keep_primary_selection" - ]; + keys.normal = { + space = { + o = "file_picker_in_current_buffer_directory"; + esc = [ + "collapse_selection" + "keep_primary_selection" + ]; + }; }; }; - }; - languages = { - language = [ - { - name = "nix"; - auto-format = true; - formatter.command = "nixfmt"; - } - { - name = "typst"; - auto-format = true; - formatter.command = "typstyle -c 1000 -i"; - } - ]; + languages = { + language = [ + { + name = "nix"; + auto-format = true; + formatter.command = "nixfmt"; + } + { + name = "typst"; + auto-format = true; + formatter.command = "typstyle -c 1000 -i"; + } + ]; + }; }; }; - }; } diff --git a/aspects/cli/hm-cli.nix b/aspects/cli/hm-cli.nix index acee59d..7064a3f 100644 --- a/aspects/cli/hm-cli.nix +++ b/aspects/cli/hm-cli.nix @@ -1,11 +1,18 @@ { ... }: { - flake.modules.homeManager.cli-base = { config, lib, pkgs, ... }: { - home = { - packages = with pkgs; [ hm-cli ]; - sessionVariables = { - HM_PATH = "/etc/nixos"; + flake.modules.homeManager.cli-base = + { + config, + lib, + pkgs, + ... + }: + { + home = { + packages = with pkgs; [ hm-cli ]; + sessionVariables = { + HM_PATH = "/etc/nixos"; + }; }; }; - }; } diff --git a/aspects/cli/starship.nix b/aspects/cli/starship.nix index e9884a7..7ba3a54 100644 --- a/aspects/cli/starship.nix +++ b/aspects/cli/starship.nix @@ -1,41 +1,48 @@ { ... }: { - flake.modules.homeManager.cli-starship = { config, lib, pkgs, ... }: { - programs.starship = { - enable = true; - enableBashIntegration = true; - enableFishIntegration = true; - settings = { - add_newline = false; - format = '' - $hostname$directory$git_branch$git_status$nix_shell - [ ❯ ](bold green) - ''; - right_format = "$cmd_duration$character"; - hostname = { - ssh_symbol = "󰖟 "; - }; - character = { - error_symbol = "[](red)"; - success_symbol = "[󱐋](green)"; - }; - cmd_duration = { - format = "[󰄉 $duration ]($style)"; - style = "yellow"; - min_time = 500; - }; - git_branch = { - symbol = " "; - style = "purple"; - }; - git_status.style = "red"; - nix_shell = { - format = "via [$symbol$state]($style)"; - heuristic = true; - style = "blue"; - symbol = "󱄅 "; + flake.modules.homeManager.cli-starship = + { + config, + lib, + pkgs, + ... + }: + { + programs.starship = { + enable = true; + enableBashIntegration = true; + enableFishIntegration = true; + settings = { + add_newline = false; + format = '' + $hostname$directory$git_branch$git_status$nix_shell + [ ❯ ](bold green) + ''; + right_format = "$cmd_duration$character"; + hostname = { + ssh_symbol = "󰖟 "; + }; + character = { + error_symbol = "[](red)"; + success_symbol = "[󱐋](green)"; + }; + cmd_duration = { + format = "[󰄉 $duration ]($style)"; + style = "yellow"; + min_time = 500; + }; + git_branch = { + symbol = " "; + style = "purple"; + }; + git_status.style = "red"; + nix_shell = { + format = "via [$symbol$state]($style)"; + heuristic = true; + style = "blue"; + symbol = "󱄅 "; + }; }; }; }; - }; } diff --git a/aspects/cli/tmux.nix b/aspects/cli/tmux.nix index 078a6aa..1238501 100644 --- a/aspects/cli/tmux.nix +++ b/aspects/cli/tmux.nix @@ -1,12 +1,19 @@ { ... }: { - flake.modules.homeManager.cli-tmux = { config, lib, pkgs, ... }: { - programs.tmux = { - enable = true; - clock24 = true; - terminal = "xterm-256color"; - mouse = true; - keyMode = "vi"; + flake.modules.homeManager.cli-tmux = + { + config, + lib, + pkgs, + ... + }: + { + programs.tmux = { + enable = true; + clock24 = true; + terminal = "xterm-256color"; + mouse = true; + keyMode = "vi"; + }; }; - }; } diff --git a/aspects/common/boot.nix b/aspects/common/boot.nix index 109d6f2..b74b68c 100644 --- a/aspects/common/boot.nix +++ b/aspects/common/boot.nix @@ -1,21 +1,23 @@ { ... }: { - flake.modules.nixos.common-boot = { pkgs, ... }: { - boot = { - loader = { - timeout = 1; - efi.canTouchEfiVariables = true; - systemd-boot = { - enable = true; - editor = false; - consoleMode = "max"; - sortKey = "aa"; - netbootxyz = { + flake.modules.nixos.common-boot = + { pkgs, ... }: + { + boot = { + loader = { + timeout = 1; + efi.canTouchEfiVariables = true; + systemd-boot = { enable = true; - sortKey = "zz"; + editor = false; + consoleMode = "max"; + sortKey = "aa"; + netbootxyz = { + enable = true; + sortKey = "zz"; + }; }; }; }; }; - }; } diff --git a/aspects/common/console.nix b/aspects/common/console.nix index 6f6be9f..128b914 100644 --- a/aspects/common/console.nix +++ b/aspects/common/console.nix @@ -1,9 +1,11 @@ { ... }: { - flake.modules.nixos.common-console = { ... }: { - console = { - useXkbConfig = true; - earlySetup = true; + flake.modules.nixos.common-console = + { ... }: + { + console = { + useXkbConfig = true; + earlySetup = true; + }; }; - }; } diff --git a/aspects/common/firewall.nix b/aspects/common/firewall.nix index af1a8f7..0e5297d 100644 --- a/aspects/common/firewall.nix +++ b/aspects/common/firewall.nix @@ -1,9 +1,11 @@ { ... }: { - flake.modules.nixos.common-firewall = { ... }: { - networking = { - firewall.enable = true; - nftables.enable = true; + flake.modules.nixos.common-firewall = + { ... }: + { + networking = { + firewall.enable = true; + nftables.enable = true; + }; }; - }; } diff --git a/aspects/common/locale.nix b/aspects/common/locale.nix index 2b91759..a6b5754 100644 --- a/aspects/common/locale.nix +++ b/aspects/common/locale.nix @@ -1,22 +1,24 @@ { ... }: { - flake.modules.nixos.common-locale = { ... }: { - time.timeZone = "America/Bahia"; + flake.modules.nixos.common-locale = + { ... }: + { + time.timeZone = "America/Bahia"; - i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocaleSettings = { - LC_ADDRESS = "pt_BR.utf8"; - LC_COLLATE = "pt_BR.utf8"; - LC_IDENTIFICATION = "pt_BR.utf8"; - LC_MEASUREMENT = "pt_BR.utf8"; - LC_MONETARY = "pt_BR.utf8"; - LC_NAME = "pt_BR.utf8"; - LC_NUMERIC = "pt_BR.utf8"; - LC_PAPER = "pt_BR.utf8"; - LC_TELEPHONE = "pt_BR.utf8"; - LC_TIME = "en_IE.utf8"; + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocaleSettings = { + LC_ADDRESS = "pt_BR.utf8"; + LC_COLLATE = "pt_BR.utf8"; + LC_IDENTIFICATION = "pt_BR.utf8"; + LC_MEASUREMENT = "pt_BR.utf8"; + LC_MONETARY = "pt_BR.utf8"; + LC_NAME = "pt_BR.utf8"; + LC_NUMERIC = "pt_BR.utf8"; + LC_PAPER = "pt_BR.utf8"; + LC_TELEPHONE = "pt_BR.utf8"; + LC_TIME = "en_IE.utf8"; + }; }; }; - }; } diff --git a/aspects/common/nix.nix b/aspects/common/nix.nix index 414c315..cd76f62 100644 --- a/aspects/common/nix.nix +++ b/aspects/common/nix.nix @@ -1,39 +1,41 @@ { ... }: { - flake.modules.nixos.common-nix = { inputs, ... }: { - imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; + flake.modules.nixos.common-nix = + { inputs, ... }: + { + imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; - nix = { - settings = { - auto-optimise-store = true; - connect-timeout = 10; - log-lines = 25; - min-free = 128000000; - max-free = 1000000000; - trusted-users = [ "@wheel" ]; + nix = { + settings = { + auto-optimise-store = true; + connect-timeout = 10; + log-lines = 25; + min-free = 128000000; + max-free = 1000000000; + trusted-users = [ "@wheel" ]; + }; + extraOptions = "experimental-features = nix-command flakes"; + gc = { + automatic = true; + options = "--delete-older-than 8d"; + }; }; - extraOptions = "experimental-features = nix-command flakes"; - gc = { - automatic = true; - options = "--delete-older-than 8d"; + + nixpkgs.config = { + allowUnfree = true; + enableParallelBuilding = true; + buildManPages = false; + buildDocs = false; }; - }; - nixpkgs.config = { - allowUnfree = true; - enableParallelBuilding = true; - buildManPages = false; - buildDocs = false; - }; - - services.nixos-cli = { - enable = true; - config = { - use_nvd = true; - ignore_dirty_tree = true; + services.nixos-cli = { + enable = true; + config = { + use_nvd = true; + ignore_dirty_tree = true; + }; }; - }; - system.stateVersion = "22.11"; - }; + system.stateVersion = "22.11"; + }; } diff --git a/aspects/common/openssh.nix b/aspects/common/openssh.nix index c515d81..b8179f2 100644 --- a/aspects/common/openssh.nix +++ b/aspects/common/openssh.nix @@ -1,12 +1,14 @@ { ... }: { - flake.modules.nixos.common-openssh = { ... }: { - services.openssh = { - enable = true; - settings.PermitRootLogin = "no"; - extraConfig = '' - PrintLastLog no - ''; + flake.modules.nixos.common-openssh = + { ... }: + { + services.openssh = { + enable = true; + settings.PermitRootLogin = "no"; + extraConfig = '' + PrintLastLog no + ''; + }; }; - }; } diff --git a/aspects/common/services.nix b/aspects/common/services.nix index befdbb9..e05dcf0 100644 --- a/aspects/common/services.nix +++ b/aspects/common/services.nix @@ -1,10 +1,12 @@ { ... }: { - flake.modules.nixos.common-services = { ... }: { - services = { - dbus.implementation = "broker"; - irqbalance.enable = true; - fstrim.enable = true; + flake.modules.nixos.common-services = + { ... }: + { + services = { + dbus.implementation = "broker"; + irqbalance.enable = true; + fstrim.enable = true; + }; }; - }; } diff --git a/aspects/common/tailscale.nix b/aspects/common/tailscale.nix index 13eb82a..74381ac 100644 --- a/aspects/common/tailscale.nix +++ b/aspects/common/tailscale.nix @@ -1,9 +1,11 @@ { ... }: { - flake.modules.nixos.common-tailscale = { ... }: { - services.tailscale = { - enable = true; - extraUpFlags = [ "--operator=user" ]; + flake.modules.nixos.common-tailscale = + { ... }: + { + services.tailscale = { + enable = true; + extraUpFlags = [ "--operator=user" ]; + }; }; - }; } diff --git a/aspects/constants.nix b/aspects/constants.nix index 2d980e1..7d77098 100644 --- a/aspects/constants.nix +++ b/aspects/constants.nix @@ -54,12 +54,15 @@ let sharedData = import ../data/services.nix; # Enrich services with host IP information - enrichServices = hosts: services: - map (svc: + enrichServices = + hosts: services: + map ( + svc: let - hostInfo = hosts.${svc.host} or {}; + hostInfo = hosts.${svc.host} or { }; in - svc // { + svc + // { lanIP = hostInfo.lanIP or null; tailscaleIP = hostInfo.tailscaleIP or null; } @@ -70,19 +73,19 @@ in options.flake = { hosts = lib.mkOption { type = lib.types.attrsOf hostType; - default = {}; + default = { }; description = "Host definitions with IP addresses"; }; services = lib.mkOption { type = lib.types.listOf serviceType; - default = []; + default = [ ]; description = "Service definitions with enriched host information"; }; lib = lib.mkOption { type = lib.types.attrsOf lib.types.raw; - default = {}; + default = { }; description = "Utility functions for flake configuration"; }; }; @@ -94,9 +97,11 @@ in lib = { # Nginx virtual host utilities - mkNginxVHosts = { domains }: + mkNginxVHosts = + { domains }: let - mkVHostConfig = domain: vhostConfig: + mkVHostConfig = + domain: vhostConfig: lib.recursiveUpdate { useACMEHost = domain; forceSSL = true; @@ -107,7 +112,8 @@ in # Split DNS utilities for unbound # Generates unbound view config from a list of DNS entries - mkSplitDNS = entries: + mkSplitDNS = + entries: let tailscaleData = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') entries; lanData = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') entries; diff --git a/aspects/desktop/boot.nix b/aspects/desktop/boot.nix index 48f879d..cd0fa9c 100644 --- a/aspects/desktop/boot.nix +++ b/aspects/desktop/boot.nix @@ -1,27 +1,34 @@ { ... }: { - flake.modules.nixos.desktop-boot = { config, lib, pkgs, ... }: { - boot = { - plymouth.enable = true; - initrd.systemd.enable = true; - loader.efi.efiSysMountPoint = "/boot/efi"; - kernelPackages = pkgs.linuxPackages_xanmod_latest; - extraModprobeConfig = '' - options bluetooth disable_ertm=1 - ''; - kernel.sysctl = { - "net.ipv4.tcp_mtu_probing" = 1; + flake.modules.nixos.desktop-boot = + { + config, + lib, + pkgs, + ... + }: + { + boot = { + plymouth.enable = true; + initrd.systemd.enable = true; + loader.efi.efiSysMountPoint = "/boot/efi"; + kernelPackages = pkgs.linuxPackages_xanmod_latest; + extraModprobeConfig = '' + options bluetooth disable_ertm=1 + ''; + kernel.sysctl = { + "net.ipv4.tcp_mtu_probing" = 1; + }; + kernelParams = [ + "quiet" + "splash" + "i2c-dev" + "i2c-piix4" + "loglevel=3" + "udev.log_priority=3" + "rd.udev.log_level=3" + "rd.systemd.show_status=false" + ]; }; - kernelParams = [ - "quiet" - "splash" - "i2c-dev" - "i2c-piix4" - "loglevel=3" - "udev.log_priority=3" - "rd.udev.log_level=3" - "rd.systemd.show_status=false" - ]; }; - }; } diff --git a/aspects/desktop/desktop.nix b/aspects/desktop/desktop.nix index f2298e7..fb54f55 100644 --- a/aspects/desktop/desktop.nix +++ b/aspects/desktop/desktop.nix @@ -4,289 +4,304 @@ }: { flake.modules = { - nixos.desktop-desktop = { config, lib, pkgs, ... }: { - imports = [ - inputs.niri-flake.nixosModules.niri - inputs.nix-flatpak.nixosModules.nix-flatpak - ]; - - environment = { - sessionVariables = { - KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir - NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland - }; - systemPackages = with pkgs; [ - ### Web ### - bitwarden-desktop - fragments - nextcloud-client - tor-browser - vesktop - inputs.zen-browser.packages."${system}".default - ### Office & Productivity ### - aspell - aspellDicts.de - aspellDicts.en - aspellDicts.en-computers - aspellDicts.pt_BR - papers - presenterm - rnote - ### Graphics & Design ### - gimp - inkscape - plasticity - ### System Utilities ### - adwaita-icon-theme - ghostty - gnome-disk-utility - junction - libfido2 - mission-center - nautilus - p7zip - rclone - toggleaudiosink - unrar - ### Media ### - decibels - loupe - obs-studio - showtime + nixos.desktop-desktop = + { + config, + lib, + pkgs, + ... + }: + { + imports = [ + inputs.niri-flake.nixosModules.niri + inputs.nix-flatpak.nixosModules.nix-flatpak ]; - }; - services = { - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - wireplumber.enable = true; - }; - greetd = { - enable = true; - settings = { - default_session = { - command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; - user = "greeter"; - }; - } - // lib.optionalAttrs (config.networking.hostName == "io") { - initial_session = { - command = "${config.programs.niri.package}/bin/niri-session"; - user = "user"; - }; + environment = { + sessionVariables = { + KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir + NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland }; - }; - flatpak = { - enable = true; - packages = [ + systemPackages = with pkgs; [ + ### Web ### + bitwarden-desktop + fragments + nextcloud-client + tor-browser + vesktop + inputs.zen-browser.packages."${system}".default ### Office & Productivity ### - "com.collabora.Office" + aspell + aspellDicts.de + aspellDicts.en + aspellDicts.en-computers + aspellDicts.pt_BR + papers + presenterm + rnote ### Graphics & Design ### - "com.boxy_svg.BoxySVG" - rec { - appId = "io.github.softfever.OrcaSlicer"; - sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; - bundle = "${pkgs.fetchurl { - url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; - inherit sha256; - }}"; - } + gimp + inkscape + plasticity ### System Utilities ### - "com.github.tchx84.Flatseal" - "com.rustdesk.RustDesk" - ]; - uninstallUnmanaged = true; - update.auto.enable = true; - }; - gvfs.enable = true; - }; - - security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority - - users = { - users.greeter = { - isSystemUser = true; - group = "greeter"; - }; - groups.greeter = { }; - }; - - programs = { - niri = { - enable = true; - package = inputs.niri.packages.${pkgs.system}.niri; - }; - kdeconnect = { - enable = true; - package = pkgs.valent; - }; - dconf.enable = true; - appimage = { - enable = true; - binfmt = true; - }; - }; - - niri-flake.cache.enable = false; - - fonts = { - fontDir.enable = true; - packages = with pkgs; [ - corefonts - inter - nerd-fonts.fira-code - noto-fonts-cjk-sans - noto-fonts-color-emoji - roboto - ]; - }; - - xdg.portal = { - extraPortals = with pkgs; [ - xdg-desktop-portal-gnome - xdg-desktop-portal-gtk - ]; - config = { - common.default = "*"; - niri.default = [ - "gtk" - "gnome" + adwaita-icon-theme + ghostty + gnome-disk-utility + junction + libfido2 + mission-center + nautilus + p7zip + rclone + toggleaudiosink + unrar + ### Media ### + decibels + loupe + obs-studio + showtime ]; }; - }; - }; - homeManager.desktop-desktop = { config, lib, pkgs, inputs, ... }: { - imports = [ inputs.vicinae.homeManagerModules.default ]; - - fonts.fontconfig.enable = true; - - home.packages = with pkgs; [ xwayland-satellite ]; - - services.vicinae = { - enable = true; - systemd = { - enable = true; - autoStart = true; + services = { + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + wireplumber.enable = true; + }; + greetd = { + enable = true; + settings = { + default_session = { + command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; + user = "greeter"; + }; + } + // lib.optionalAttrs (config.networking.hostName == "io") { + initial_session = { + command = "${config.programs.niri.package}/bin/niri-session"; + user = "user"; + }; + }; + }; + flatpak = { + enable = true; + packages = [ + ### Office & Productivity ### + "com.collabora.Office" + ### Graphics & Design ### + "com.boxy_svg.BoxySVG" + rec { + appId = "io.github.softfever.OrcaSlicer"; + sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; + bundle = "${pkgs.fetchurl { + url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; + inherit sha256; + }}"; + } + ### System Utilities ### + "com.github.tchx84.Flatseal" + "com.rustdesk.RustDesk" + ]; + uninstallUnmanaged = true; + update.auto.enable = true; + }; + gvfs.enable = true; }; - }; - programs = { - ghostty = { - enable = true; - settings = { - cursor-style = "block"; - shell-integration-features = "no-cursor"; - cursor-style-blink = false; - custom-shader = "${builtins.fetchurl { - url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; - sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; - }}"; - bell-features = ""; - gtk-titlebar-style = "tabs"; - keybind = [ "shift+enter=text:\\x1b\\r" ]; + security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority + + users = { + users.greeter = { + isSystemUser = true; + group = "greeter"; + }; + groups.greeter = { }; + }; + + programs = { + niri = { + enable = true; + package = inputs.niri.packages.${pkgs.system}.niri; + }; + kdeconnect = { + enable = true; + package = pkgs.valent; + }; + dconf.enable = true; + appimage = { + enable = true; + binfmt = true; }; }; - password-store = { - enable = true; - package = pkgs.pass-wayland; - }; - }; + niri-flake.cache.enable = false; - xdg = { - enable = true; - userDirs.enable = true; - mimeApps = { - enable = true; - defaultApplications = { - "text/html" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" + fonts = { + fontDir.enable = true; + packages = with pkgs; [ + corefonts + inter + nerd-fonts.fira-code + noto-fonts-cjk-sans + noto-fonts-color-emoji + roboto + ]; + }; + + xdg.portal = { + extraPortals = with pkgs; [ + xdg-desktop-portal-gnome + xdg-desktop-portal-gtk + ]; + config = { + common.default = "*"; + niri.default = [ + "gtk" + "gnome" ]; - "x-scheme-handler/http" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/https" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/about" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/unknown" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "image/jpeg" = "org.gnome.Loupe.desktop"; - "image/png" = "org.gnome.Loupe.desktop"; - "image/gif" = "org.gnome.Loupe.desktop"; - "image/webp" = "org.gnome.Loupe.desktop"; - "image/bmp" = "org.gnome.Loupe.desktop"; - "image/svg+xml" = "org.gnome.Loupe.desktop"; - "image/tiff" = "org.gnome.Loupe.desktop"; - "video/mp4" = "io.bassi.Showtime.desktop"; - "video/x-matroska" = "io.bassi.Showtime.desktop"; - "video/webm" = "io.bassi.Showtime.desktop"; - "video/mpeg" = "io.bassi.Showtime.desktop"; - "video/x-msvideo" = "io.bassi.Showtime.desktop"; - "video/quicktime" = "io.bassi.Showtime.desktop"; - "video/x-flv" = "io.bassi.Showtime.desktop"; - "audio/mpeg" = "io.bassi.Showtime.desktop"; - "audio/flac" = "io.bassi.Showtime.desktop"; - "audio/ogg" = "io.bassi.Showtime.desktop"; - "audio/wav" = "io.bassi.Showtime.desktop"; - "audio/mp4" = "io.bassi.Showtime.desktop"; - "audio/x-opus+ogg" = "io.bassi.Showtime.desktop"; - "application/pdf" = [ - "org.gnome.Papers.desktop" - "zen-browser.desktop" - ]; - "text/plain" = "Helix.desktop"; - "text/markdown" = "Helix.desktop"; - "text/x-log" = "Helix.desktop"; - "application/x-shellscript" = "Helix.desktop"; - "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = - "com.collabora.Office.desktop"; # DOCX - "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = - "com.collabora.Office.desktop"; # XLSX - "application/vnd.openxmlformats-officedocument.presentationml.presentation" = - "com.collabora.Office.desktop"; # PPTX - "application/vnd.oasis.opendocument.text" = "com.collabora.Office.desktop"; # ODT - "application/vnd.oasis.opendocument.spreadsheet" = "com.collabora.Office.desktop"; # ODS - "application/vnd.oasis.opendocument.presentation" = "com.collabora.Office.desktop"; # ODP - "application/msword" = "com.collabora.Office.desktop"; # DOC - "application/vnd.ms-excel" = "com.collabora.Office.desktop"; # XLS - "application/vnd.ms-powerpoint" = "com.collabora.Office.desktop"; # PPT - "application/zip" = "org.gnome.FileRoller.desktop"; - "application/x-tar" = "org.gnome.FileRoller.desktop"; - "application/x-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-bzip-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-xz-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-7z-compressed" = "org.gnome.FileRoller.desktop"; - "application/x-rar" = "org.gnome.FileRoller.desktop"; - "application/gzip" = "org.gnome.FileRoller.desktop"; - "application/x-bzip" = "org.gnome.FileRoller.desktop"; - "inode/directory" = "org.gnome.Nautilus.desktop"; }; }; }; - # Set Ghostty as default terminal - home.sessionVariables = { - TERMINAL = "ghostty"; + homeManager.desktop-desktop = + { + config, + lib, + pkgs, + inputs, + ... + }: + { + imports = [ inputs.vicinae.homeManagerModules.default ]; + + fonts.fontconfig.enable = true; + + home.packages = with pkgs; [ xwayland-satellite ]; + + services.vicinae = { + enable = true; + systemd = { + enable = true; + autoStart = true; + }; + }; + + programs = { + ghostty = { + enable = true; + settings = { + cursor-style = "block"; + shell-integration-features = "no-cursor"; + cursor-style-blink = false; + custom-shader = "${builtins.fetchurl { + url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; + sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; + }}"; + bell-features = ""; + gtk-titlebar-style = "tabs"; + keybind = [ "shift+enter=text:\\x1b\\r" ]; + }; + }; + + password-store = { + enable = true; + package = pkgs.pass-wayland; + }; + }; + + xdg = { + enable = true; + userDirs.enable = true; + mimeApps = { + enable = true; + defaultApplications = { + "text/html" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/http" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/https" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/about" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/unknown" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "image/jpeg" = "org.gnome.Loupe.desktop"; + "image/png" = "org.gnome.Loupe.desktop"; + "image/gif" = "org.gnome.Loupe.desktop"; + "image/webp" = "org.gnome.Loupe.desktop"; + "image/bmp" = "org.gnome.Loupe.desktop"; + "image/svg+xml" = "org.gnome.Loupe.desktop"; + "image/tiff" = "org.gnome.Loupe.desktop"; + "video/mp4" = "io.bassi.Showtime.desktop"; + "video/x-matroska" = "io.bassi.Showtime.desktop"; + "video/webm" = "io.bassi.Showtime.desktop"; + "video/mpeg" = "io.bassi.Showtime.desktop"; + "video/x-msvideo" = "io.bassi.Showtime.desktop"; + "video/quicktime" = "io.bassi.Showtime.desktop"; + "video/x-flv" = "io.bassi.Showtime.desktop"; + "audio/mpeg" = "io.bassi.Showtime.desktop"; + "audio/flac" = "io.bassi.Showtime.desktop"; + "audio/ogg" = "io.bassi.Showtime.desktop"; + "audio/wav" = "io.bassi.Showtime.desktop"; + "audio/mp4" = "io.bassi.Showtime.desktop"; + "audio/x-opus+ogg" = "io.bassi.Showtime.desktop"; + "application/pdf" = [ + "org.gnome.Papers.desktop" + "zen-browser.desktop" + ]; + "text/plain" = "Helix.desktop"; + "text/markdown" = "Helix.desktop"; + "text/x-log" = "Helix.desktop"; + "application/x-shellscript" = "Helix.desktop"; + "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = + "com.collabora.Office.desktop"; # DOCX + "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = + "com.collabora.Office.desktop"; # XLSX + "application/vnd.openxmlformats-officedocument.presentationml.presentation" = + "com.collabora.Office.desktop"; # PPTX + "application/vnd.oasis.opendocument.text" = "com.collabora.Office.desktop"; # ODT + "application/vnd.oasis.opendocument.spreadsheet" = "com.collabora.Office.desktop"; # ODS + "application/vnd.oasis.opendocument.presentation" = "com.collabora.Office.desktop"; # ODP + "application/msword" = "com.collabora.Office.desktop"; # DOC + "application/vnd.ms-excel" = "com.collabora.Office.desktop"; # XLS + "application/vnd.ms-powerpoint" = "com.collabora.Office.desktop"; # PPT + "application/zip" = "org.gnome.FileRoller.desktop"; + "application/x-tar" = "org.gnome.FileRoller.desktop"; + "application/x-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-bzip-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-xz-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-7z-compressed" = "org.gnome.FileRoller.desktop"; + "application/x-rar" = "org.gnome.FileRoller.desktop"; + "application/gzip" = "org.gnome.FileRoller.desktop"; + "application/x-bzip" = "org.gnome.FileRoller.desktop"; + "inode/directory" = "org.gnome.Nautilus.desktop"; + }; + }; + }; + + # Set Ghostty as default terminal + home.sessionVariables = { + TERMINAL = "ghostty"; + }; }; - }; }; } diff --git a/aspects/desktop/niri.nix b/aspects/desktop/niri.nix index 6458ab0..cdd02ac 100644 --- a/aspects/desktop/niri.nix +++ b/aspects/desktop/niri.nix @@ -1,6 +1,14 @@ { ... }: { - flake.modules.homeManager.desktop-niri = { config, lib, pkgs, inputs, hostname ? null, ... }: + flake.modules.homeManager.desktop-niri = + { + config, + lib, + pkgs, + inputs, + hostname ? null, + ... + }: let isRotterdam = hostname == "rotterdam"; in diff --git a/aspects/desktop/nix.nix b/aspects/desktop/nix.nix index a3aa421..3a9e71e 100644 --- a/aspects/desktop/nix.nix +++ b/aspects/desktop/nix.nix @@ -1,14 +1,21 @@ { inputs, ... }: { - flake.modules.nixos.desktop-nix = { config, lib, pkgs, ... }: { - environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; + flake.modules.nixos.desktop-nix = + { + config, + lib, + pkgs, + ... + }: + { + environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; - nix = { - registry.nixpkgs.flake = inputs.nixpkgs; - nixPath = [ - "nixpkgs=${inputs.nixpkgs}" - "/nix/var/nix/profiles/per-user/root/channels" - ]; + nix = { + registry.nixpkgs.flake = inputs.nixpkgs; + nixPath = [ + "nixpkgs=${inputs.nixpkgs}" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; }; - }; } diff --git a/aspects/desktop/services.nix b/aspects/desktop/services.nix index 8ebbb6b..eb9482a 100644 --- a/aspects/desktop/services.nix +++ b/aspects/desktop/services.nix @@ -1,16 +1,23 @@ { ... }: { - flake.modules.nixos.desktop-services = { config, lib, pkgs, ... }: { - services = { - printing.enable = true; - udev.packages = with pkgs; [ yubikey-personalization ]; - keyd = { - enable = true; - keyboards.all = { - ids = [ "*" ]; - settings.main.capslock = "overload(meta, esc)"; + flake.modules.nixos.desktop-services = + { + config, + lib, + pkgs, + ... + }: + { + services = { + printing.enable = true; + udev.packages = with pkgs; [ yubikey-personalization ]; + keyd = { + enable = true; + keyboards.all = { + ids = [ "*" ]; + settings.main.capslock = "overload(meta, esc)"; + }; }; }; }; - }; } diff --git a/aspects/dev.nix b/aspects/dev.nix index cc84646..89a1026 100644 --- a/aspects/dev.nix +++ b/aspects/dev.nix @@ -1,19 +1,26 @@ { ... }: { - flake.modules.nixos.dev = { config, lib, pkgs, ... }: { - environment.systemPackages = with pkgs; [ - android-tools - bat - lazygit - fd - fzf - glow - nixfmt - nix-init - nix-output-monitor - ripgrep - ]; + flake.modules.nixos.dev = + { + config, + lib, + pkgs, + ... + }: + { + environment.systemPackages = with pkgs; [ + android-tools + bat + lazygit + fd + fzf + glow + nixfmt + nix-init + nix-output-monitor + ripgrep + ]; - users.users.user.extraGroups = [ "adbusers" ]; - }; + users.users.user.extraGroups = [ "adbusers" ]; + }; } diff --git a/aspects/ephemeral.nix b/aspects/ephemeral.nix index 724f931..90c03c6 100644 --- a/aspects/ephemeral.nix +++ b/aspects/ephemeral.nix @@ -3,7 +3,8 @@ { inputs, ... }: { # Base module with options (for external flakes or direct use) - flake.modules.nixos.ephemeral = { lib, config, ... }: + flake.modules.nixos.ephemeral = + { lib, config, ... }: let cfg = config.ephemeral; in @@ -89,18 +90,19 @@ # Factory function that generates configured modules flake.factory.ephemeral = - { rootDevice - , rootSubvolume ? "@root" - , retentionDays ? 30 - , persistentStoragePath ? "/persistent" - , persistentFiles ? [ + { + rootDevice, + rootSubvolume ? "@root", + retentionDays ? 30, + persistentStoragePath ? "/persistent", + persistentFiles ? [ "/etc/machine-id" "/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_ed25519_key.pub" "/etc/ssh/ssh_host_rsa_key" "/etc/ssh/ssh_host_rsa_key.pub" - ] - , persistentDirectories ? [ + ], + persistentDirectories ? [ "/etc/NetworkManager/system-connections" "/etc/nixos" "/var/lib/bluetooth" @@ -111,9 +113,10 @@ "/var/lib/systemd/timers" "/var/lib/tailscale" "/var/log" - ] + ], }: - { ... }: { + { ... }: + { imports = [ inputs.impermanence.nixosModules.impermanence inputs.self.modules.nixos.ephemeral diff --git a/aspects/fwupd.nix b/aspects/fwupd.nix index 746f1d0..217f1eb 100644 --- a/aspects/fwupd.nix +++ b/aspects/fwupd.nix @@ -1,6 +1,13 @@ { ... }: { - flake.modules.nixos.fwupd = { config, lib, pkgs, ... }: { - services.fwupd.enable = true; - }; + flake.modules.nixos.fwupd = + { + config, + lib, + pkgs, + ... + }: + { + services.fwupd.enable = true; + }; } diff --git a/aspects/gaming/flatpak.nix b/aspects/gaming/flatpak.nix index ad50c7c..cc4d0ee 100644 --- a/aspects/gaming/flatpak.nix +++ b/aspects/gaming/flatpak.nix @@ -1,23 +1,25 @@ { ... }: { - flake.modules.nixos.gaming-flatpak = { pkgs, ... }: { - services.flatpak.packages = [ - "com.github.k4zmu2a.spacecadetpinball" - "com.steamgriddb.SGDBoop" - "io.github.Foldex.AdwSteamGtk" - "io.itch.itch" - "io.mrarm.mcpelauncher" - "net.retrodeck.retrodeck" - "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08" - rec { - appId = "com.hypixel.HytaleLauncher"; - sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv"; - bundle = "${pkgs.fetchurl { - url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak"; - inherit sha256; - }}"; - } - ]; - }; + flake.modules.nixos.gaming-flatpak = + { pkgs, ... }: + { + services.flatpak.packages = [ + "com.github.k4zmu2a.spacecadetpinball" + "com.steamgriddb.SGDBoop" + "io.github.Foldex.AdwSteamGtk" + "io.itch.itch" + "io.mrarm.mcpelauncher" + "net.retrodeck.retrodeck" + "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08" + rec { + appId = "com.hypixel.HytaleLauncher"; + sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv"; + bundle = "${pkgs.fetchurl { + url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak"; + inherit sha256; + }}"; + } + ]; + }; } diff --git a/aspects/gaming/hardware.nix b/aspects/gaming/hardware.nix index f1bd75b..e3b5c4b 100644 --- a/aspects/gaming/hardware.nix +++ b/aspects/gaming/hardware.nix @@ -1,11 +1,13 @@ { ... }: { - flake.modules.nixos.gaming-hardware = { ... }: { - hardware = { - xpadneo.enable = true; - steam-hardware.enable = true; # Allow steam client to manage controllers - graphics.enable32Bit = true; # For OpenGL games + flake.modules.nixos.gaming-hardware = + { ... }: + { + hardware = { + xpadneo.enable = true; + steam-hardware.enable = true; # Allow steam client to manage controllers + graphics.enable32Bit = true; # For OpenGL games + }; }; - }; } diff --git a/aspects/gaming/launchers.nix b/aspects/gaming/launchers.nix index 5684f9f..1fd3bb4 100644 --- a/aspects/gaming/launchers.nix +++ b/aspects/gaming/launchers.nix @@ -1,11 +1,13 @@ { ... }: { - flake.modules.nixos.gaming-launchers = { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - clonehero - heroic - prismlauncher - ]; - }; + flake.modules.nixos.gaming-launchers = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + clonehero + heroic + prismlauncher + ]; + }; } diff --git a/aspects/gaming/mangohud.nix b/aspects/gaming/mangohud.nix index 7f83644..2856b8f 100644 --- a/aspects/gaming/mangohud.nix +++ b/aspects/gaming/mangohud.nix @@ -2,42 +2,46 @@ { flake.modules = { - nixos.gaming-mangohud = { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - mangohud - ]; - }; + nixos.gaming-mangohud = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + mangohud + ]; + }; - homeManager.gaming-mangohud = { config, ... }: { - programs.mangohud = { - enable = true; - enableSessionWide = true; - settings = { - position = "top-left"; - fps = true; - frametime = false; - frame_timing = false; - gpu_stats = true; - gpu_temp = true; - gpu_power = true; - cpu_stats = true; - cpu_temp = true; - cpu_power = true; - ram = true; - vram = true; - gamemode = false; - vkbasalt = false; - version = false; - engine_version = false; - vulkan_driver = false; - wine = false; - time = false; - fps_sampling_period = 500; - toggle_hud = "Shift_L+F12"; - toggle_logging = "Ctrl_L+F2"; - output_folder = "${config.home.homeDirectory}/.local/share/mangohud"; + homeManager.gaming-mangohud = + { config, ... }: + { + programs.mangohud = { + enable = true; + enableSessionWide = true; + settings = { + position = "top-left"; + fps = true; + frametime = false; + frame_timing = false; + gpu_stats = true; + gpu_temp = true; + gpu_power = true; + cpu_stats = true; + cpu_temp = true; + cpu_power = true; + ram = true; + vram = true; + gamemode = false; + vkbasalt = false; + version = false; + engine_version = false; + vulkan_driver = false; + wine = false; + time = false; + fps_sampling_period = 500; + toggle_hud = "Shift_L+F12"; + toggle_logging = "Ctrl_L+F2"; + output_folder = "${config.home.homeDirectory}/.local/share/mangohud"; + }; }; }; - }; }; } diff --git a/aspects/gaming/steam.nix b/aspects/gaming/steam.nix index e0ab9a8..530c99b 100644 --- a/aspects/gaming/steam.nix +++ b/aspects/gaming/steam.nix @@ -1,17 +1,19 @@ { ... }: { - flake.modules.nixos.gaming-steam = { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - steam-run - ]; + flake.modules.nixos.gaming-steam = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + steam-run + ]; - programs = { - steam = { - enable = true; - extraCompatPackages = [ pkgs.proton-ge-bin ]; + programs = { + steam = { + enable = true; + extraCompatPackages = [ pkgs.proton-ge-bin ]; + }; + gamemode.enable = true; }; - gamemode.enable = true; }; - }; } diff --git a/aspects/hosts/_alexandria/unbound.nix b/aspects/hosts/_alexandria/unbound.nix index 07c8850..8aedc37 100644 --- a/aspects/hosts/_alexandria/unbound.nix +++ b/aspects/hosts/_alexandria/unbound.nix @@ -34,8 +34,7 @@ in # LAN-only DNS records local-zone = ''"baduhai.dev." transparent''; - local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') - (lib.filter (e: e.lanIP != null) services); + local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') (lib.filter (e: e.lanIP != null) services); }; forward-zone = [ diff --git a/aspects/hosts/_trantor/nginx.nix b/aspects/hosts/_trantor/nginx.nix index 5522e24..899666e 100644 --- a/aspects/hosts/_trantor/nginx.nix +++ b/aspects/hosts/_trantor/nginx.nix @@ -9,9 +9,7 @@ let services = inputs.self.services; # Get all unique domains from shared services on trantor (host = "trantor") - localDomains = lib.unique ( - map (s: s.domain) (lib.filter (s: s.host == "trantor") services) - ); + localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "trantor") services)); # Generate ACME cert configs for all local domains acmeCerts = lib.genAttrs localDomains (domain: { diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index 28c333e..aacf3b0 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -1,4 +1,5 @@ { inputs, self, ... }: + { flake.nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { system = "x86_64-linux"; diff --git a/aspects/libvirtd.nix b/aspects/libvirtd.nix index 6487999..1135306 100644 --- a/aspects/libvirtd.nix +++ b/aspects/libvirtd.nix @@ -1,18 +1,25 @@ { ... }: { - flake.modules.nixos.libvirtd = { config, lib, pkgs, ... }: { - virtualisation = { - libvirtd.enable = true; - spiceUSBRedirection.enable = true; + flake.modules.nixos.libvirtd = + { + config, + lib, + pkgs, + ... + }: + { + virtualisation = { + libvirtd.enable = true; + spiceUSBRedirection.enable = true; + }; + + programs.virt-manager.enable = true; + + networking.firewall.trustedInterfaces = [ "virbr0" ]; + + users.users.user.extraGroups = [ + "libvirt" + "libvirtd" + ]; }; - - programs.virt-manager.enable = true; - - networking.firewall.trustedInterfaces = [ "virbr0" ]; - - users.users.user.extraGroups = [ - "libvirt" - "libvirtd" - ]; - }; } diff --git a/aspects/networkmanager.nix b/aspects/networkmanager.nix index 74c9260..8bcb1f2 100644 --- a/aspects/networkmanager.nix +++ b/aspects/networkmanager.nix @@ -1,11 +1,18 @@ { ... }: { - flake.modules.nixos.networkmanager = { config, lib, pkgs, ... }: { - networking.networkmanager = { - enable = true; - wifi.backend = "iwd"; - }; + flake.modules.nixos.networkmanager = + { + config, + lib, + pkgs, + ... + }: + { + networking.networkmanager = { + enable = true; + wifi.backend = "iwd"; + }; - users.users.user.extraGroups = [ "networkmanager" ]; - }; + users.users.user.extraGroups = [ "networkmanager" ]; + }; } diff --git a/aspects/server/boot.nix b/aspects/server/boot.nix index ff5ef25..38634d1 100644 --- a/aspects/server/boot.nix +++ b/aspects/server/boot.nix @@ -1,7 +1,14 @@ # aspects/server/boot.nix { ... }: { - flake.modules.nixos.server-boot = { config, lib, pkgs, ... }: { - boot.kernelPackages = pkgs.linuxPackages_hardened; - }; + flake.modules.nixos.server-boot = + { + config, + lib, + pkgs, + ... + }: + { + boot.kernelPackages = pkgs.linuxPackages_hardened; + }; } diff --git a/aspects/server/nix.nix b/aspects/server/nix.nix index 84bec67..1cb8e8b 100644 --- a/aspects/server/nix.nix +++ b/aspects/server/nix.nix @@ -1,15 +1,22 @@ # aspects/server/nix.nix { inputs, ... }: { - flake.modules.nixos.server-nix = { config, lib, pkgs, ... }: { - environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; + flake.modules.nixos.server-nix = + { + config, + lib, + pkgs, + ... + }: + { + environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; - nix = { - registry.nixpkgs.flake = inputs.nixpkgs-stable; - nixPath = [ - "nixpkgs=/etc/channels/nixpkgs" - "/nix/var/nix/profiles/per-user/root/channels" - ]; + nix = { + registry.nixpkgs.flake = inputs.nixpkgs-stable; + nixPath = [ + "nixpkgs=/etc/channels/nixpkgs" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; }; - }; } diff --git a/aspects/server/tailscale.nix b/aspects/server/tailscale.nix index 5a48799..cf2fa4b 100644 --- a/aspects/server/tailscale.nix +++ b/aspects/server/tailscale.nix @@ -1,15 +1,22 @@ # aspects/server/tailscale.nix { ... }: { - flake.modules.nixos.server-tailscale = { config, lib, pkgs, ... }: { - services.tailscale = { - extraSetFlags = [ "--advertise-exit-node" ]; - useRoutingFeatures = "server"; - }; + flake.modules.nixos.server-tailscale = + { + config, + lib, + pkgs, + ... + }: + { + services.tailscale = { + extraSetFlags = [ "--advertise-exit-node" ]; + useRoutingFeatures = "server"; + }; - boot.kernel.sysctl = { - "net.ipv4.ip_forward" = 1; - "net.ipv6.conf.all.forwarding" = 1; + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + }; }; - }; } diff --git a/aspects/shell/bash.nix b/aspects/shell/bash.nix index 3ec7237..e451148 100644 --- a/aspects/shell/bash.nix +++ b/aspects/shell/bash.nix @@ -1,9 +1,16 @@ { ... }: { - flake.modules.homeManager.shell-bash = { config, lib, pkgs, ... }: { - programs.bash = { - enable = true; - historyFile = "~/.cache/bash_history"; + flake.modules.homeManager.shell-bash = + { + config, + lib, + pkgs, + ... + }: + { + programs.bash = { + enable = true; + historyFile = "~/.cache/bash_history"; + }; }; - }; } diff --git a/aspects/shell/fish.nix b/aspects/shell/fish.nix index e2ae9cf..22c0f5c 100644 --- a/aspects/shell/fish.nix +++ b/aspects/shell/fish.nix @@ -1,33 +1,40 @@ { ... }: { - flake.modules.homeManager.shell-fish = { config, lib, pkgs, ... }: { - programs.fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - ${lib.getExe pkgs.nix-your-shell} fish | source - ''; - loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; - plugins = [ - { - name = "bang-bang"; - src = pkgs.fetchFromGitHub { - owner = "oh-my-fish"; - repo = "plugin-bang-bang"; - rev = "f969c618301163273d0a03d002614d9a81952c1e"; - sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; - }; - } - { - name = "z"; - src = pkgs.fetchFromGitHub { - owner = "jethrokuan"; - repo = "z"; - rev = "067e867debee59aee231e789fc4631f80fa5788e"; - sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU="; - }; - } - ]; + flake.modules.homeManager.shell-fish = + { + config, + lib, + pkgs, + ... + }: + { + programs.fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + ${lib.getExe pkgs.nix-your-shell} fish | source + ''; + loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; + plugins = [ + { + name = "bang-bang"; + src = pkgs.fetchFromGitHub { + owner = "oh-my-fish"; + repo = "plugin-bang-bang"; + rev = "f969c618301163273d0a03d002614d9a81952c1e"; + sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; + }; + } + { + name = "z"; + src = pkgs.fetchFromGitHub { + owner = "jethrokuan"; + repo = "z"; + rev = "067e867debee59aee231e789fc4631f80fa5788e"; + sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU="; + }; + } + ]; + }; }; - }; } diff --git a/packages/claude-desktop.nix b/packages/claude-desktop.nix index e93f3af..c21ec8e 100644 --- a/packages/claude-desktop.nix +++ b/packages/claude-desktop.nix @@ -18,7 +18,8 @@ }; src = - srcs.${pkgs.stdenv.hostPlatform.system} or (throw "Unsupported system: ${pkgs.stdenv.hostPlatform.system}"); + srcs.${pkgs.stdenv.hostPlatform.system} + or (throw "Unsupported system: ${pkgs.stdenv.hostPlatform.system}"); claudeNativeStub = '' // Stub implementation of claude-native using KeyboardKey enum values diff --git a/packages/overlays.nix b/packages/overlays.nix index a36ed60..169a67b 100644 --- a/packages/overlays.nix +++ b/packages/overlays.nix @@ -4,19 +4,20 @@ let packageDir = builtins.readDir ./.; # Filter to .nix files, excluding overlays.nix - isPackageFile = name: - name != "overlays.nix" && builtins.match ".*\\.nix$" name != null; + isPackageFile = name: name != "overlays.nix" && builtins.match ".*\\.nix$" name != null; # Extract package name from filename (e.g., "foo-bar.nix" -> "foo-bar") - toPackageName = filename: - builtins.head (builtins.match "(.+)\\.nix$" filename); + toPackageName = filename: builtins.head (builtins.match "(.+)\\.nix$" filename); packageNames = map toPackageName (builtins.filter isPackageFile (builtins.attrNames packageDir)); in { - flake.overlays.default = final: prev: - builtins.listToAttrs (map (name: { - inherit name; - value = inputs.self.packages.${final.system}.${name}; - }) packageNames); + flake.overlays.default = + final: prev: + builtins.listToAttrs ( + map (name: { + inherit name; + value = inputs.self.packages.${final.system}.${name}; + }) packageNames + ); } diff --git a/terranix/kernelpanic.space.nix b/terranix/kernelpanic.space.nix index 01e5c08..91b615e 100644 --- a/terranix/kernelpanic.space.nix +++ b/terranix/kernelpanic.space.nix @@ -8,9 +8,12 @@ terranix.terranixConfigurations.cloudflare-kernelpanicspace = { terraformWrapper.package = pkgs.opentofu; modules = [ - ({ config, ... }: { - # Terraform config goes here - }) + ( + { config, ... }: + { + # Terraform config goes here + } + ) ]; }; }; diff --git a/terranix/terminus.nix b/terranix/terminus.nix index 7a0fa5b..d7689f9 100644 --- a/terranix/terminus.nix +++ b/terranix/terminus.nix @@ -8,9 +8,12 @@ terranix.terranixConfigurations.oci-terminus = { terraformWrapper.package = pkgs.opentofu; modules = [ - ({ config, ... }: { - # Terraform config goes here - }) + ( + { config, ... }: + { + # Terraform config goes here + } + ) ]; }; }; From c1dcb7e31636ecd730710f1349e825c5bc5d768b Mon Sep 17 00:00:00 2001 From: William Date: Thu, 12 Feb 2026 19:04:34 -0300 Subject: [PATCH 39/75] kanidm upgrade process is a pain I currenty have two other possible oauth providers running: forgejo & nextcloud --- aspects/hosts/_alexandria/kanidm.nix | 82 ---------------------------- aspects/hosts/alexandria.nix | 1 - 2 files changed, 83 deletions(-) delete mode 100644 aspects/hosts/_alexandria/kanidm.nix diff --git a/aspects/hosts/_alexandria/kanidm.nix b/aspects/hosts/_alexandria/kanidm.nix deleted file mode 100644 index 35e08c8..0000000 --- a/aspects/hosts/_alexandria/kanidm.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ - config, - lib, - inputs, - pkgs, - ... -}: - -let - mkNginxVHosts = inputs.self.lib.mkNginxVHosts; - kanidmCertDir = "/var/lib/kanidm/certs"; -in - -{ - services.kanidm = { - enableServer = true; - enableClient = true; - package = pkgs.kanidm; - - serverSettings = { - domain = "auth.baduhai.dev"; - origin = "https://auth.baduhai.dev"; - bindaddress = "127.0.0.1:8443"; - ldapbindaddress = "127.0.0.1:636"; - trust_x_forward_for = true; - # Use self-signed certificates for internal TLS - tls_chain = "${kanidmCertDir}/cert.pem"; - tls_key = "${kanidmCertDir}/key.pem"; - }; - - clientSettings = { - uri = "https://auth.baduhai.dev"; - }; - }; - - services.nginx.virtualHosts = mkNginxVHosts { - domains."auth.baduhai.dev" = { - locations."/" = { - proxyPass = "https://127.0.0.1:8443"; - extraConfig = '' - proxy_ssl_verify off; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $host; - ''; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ 636 ]; - - # Generate self-signed certificates for kanidm's internal TLS - systemd.services.kanidm-generate-certs = { - description = "Generate self-signed TLS certificates for Kanidm"; - wantedBy = [ "multi-user.target" ]; - before = [ "kanidm.service" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - mkdir -p ${kanidmCertDir} - if [ ! -f ${kanidmCertDir}/key.pem ]; then - ${pkgs.openssl}/bin/openssl req -x509 -newkey rsa:4096 \ - -keyout ${kanidmCertDir}/key.pem \ - -out ${kanidmCertDir}/cert.pem \ - -days 3650 -nodes \ - -subj "/CN=localhost" \ - -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" - chown -R kanidm:kanidm ${kanidmCertDir} - chmod 600 ${kanidmCertDir}/key.pem - chmod 644 ${kanidmCertDir}/cert.pem - fi - ''; - }; - - # Ensure certificate generation runs before kanidm starts - systemd.services.kanidm = { - after = [ "kanidm-generate-certs.service" ]; - wants = [ "kanidm-generate-certs.service" ]; - }; -} diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index aacf3b0..03a02b9 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -41,7 +41,6 @@ # Host-specific files (from _alexandria/) ./_alexandria/hardware-configuration.nix ./_alexandria/jellyfin.nix - ./_alexandria/kanidm.nix ./_alexandria/nextcloud.nix ./_alexandria/nginx.nix ./_alexandria/unbound.nix From b2747359901c1a7482035a44b2105f121ea92de6 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 12 Feb 2026 19:22:40 -0300 Subject: [PATCH 40/75] podmand for alexandria --- aspects/hosts/alexandria.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index 03a02b9..7da2c39 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -1,4 +1,4 @@ -{ inputs, self, ... }: +{ inputs, ... }: { flake.nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { @@ -35,8 +35,9 @@ inputs.self.modules.nixos.server-nix inputs.self.modules.nixos.server-tailscale - # Other aspects based on tags + # Other aspects inputs.self.modules.nixos.fwupd + inputs.self.modules.nixos.podman # Host-specific files (from _alexandria/) ./_alexandria/hardware-configuration.nix From 66b72be5b8564c5226ed096b7e2963806994a610 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 13 Feb 2026 16:38:05 -0300 Subject: [PATCH 41/75] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/0078cf2d5e81eb56a9356d51f2738f7141194de1?narHash=sha256-iJ9c0ZewfRRYUflaEOj43n5TWaB6Ezygn2UA/ZHGQJA%3D' (2026-02-12) → 'github:0xc000022070/zen-browser-flake/80ce62fd26af1934454f405bcb2510ceeea8d3a2?narHash=sha256-5UDaXr770MaDac9HcFvGlUjsqyOoNbFdHArmjmtHcVk%3D' (2026-02-13) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 806550a..8587eb2 100644 --- a/flake.lock +++ b/flake.lock @@ -1220,11 +1220,11 @@ "nixpkgs": "nixpkgs_11" }, "locked": { - "lastModified": 1770919290, - "narHash": "sha256-iJ9c0ZewfRRYUflaEOj43n5TWaB6Ezygn2UA/ZHGQJA=", + "lastModified": 1771000521, + "narHash": "sha256-5UDaXr770MaDac9HcFvGlUjsqyOoNbFdHArmjmtHcVk=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "0078cf2d5e81eb56a9356d51f2738f7141194de1", + "rev": "80ce62fd26af1934454f405bcb2510ceeea8d3a2", "type": "github" }, "original": { From d184f75f5d393de07ac9549e8b27cfea4b67eff0 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 11:08:21 -0300 Subject: [PATCH 42/75] nixos-cli: retry as root, auto yes --- aspects/common/nix.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/aspects/common/nix.nix b/aspects/common/nix.nix index cd76f62..7fa6e49 100644 --- a/aspects/common/nix.nix +++ b/aspects/common/nix.nix @@ -33,6 +33,8 @@ config = { use_nvd = true; ignore_dirty_tree = true; + apply.reexec_as_root = true; + confirmation.empty = "default-yes"; }; }; From 5f1c05f090bdf4b4034bbbe68a7fe054ec2b9faf Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 11:54:34 -0300 Subject: [PATCH 43/75] ssh: only run fastfetch on initial ssh session --- aspects/common/programs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspects/common/programs.nix b/aspects/common/programs.nix index 7d12f09..b53b293 100644 --- a/aspects/common/programs.nix +++ b/aspects/common/programs.nix @@ -31,7 +31,7 @@ enable = true; interactiveShellInit = '' set fish_greeting - if set -q SSH_CONNECTION + if set -q SSH_CONNECTION; and not set -q IN_NIX_SHELL; or not set -q TMUX export TERM=xterm-256color clear fastfetch From bfa2521ed09c33f32b4f0405c3117e3a0381c2f6 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 12:53:05 -0300 Subject: [PATCH 44/75] re-work cli aspect for nixos and homeModules --- aspects/cli/btop.nix | 38 ++++++++----- aspects/cli/cli.nix | 28 +++++++++ aspects/cli/comma.nix | 2 +- aspects/cli/direnv.nix | 2 +- aspects/cli/helix.nix | 106 +++++++++++++++++++---------------- aspects/cli/hm-cli.nix | 2 +- aspects/cli/starship.nix | 2 +- aspects/cli/tmux.nix | 40 ++++++++----- aspects/common/programs.nix | 3 - aspects/hosts/alexandria.nix | 49 ++++++++-------- aspects/hosts/io.nix | 76 ++++++++++++------------- aspects/hosts/rotterdam.nix | 86 ++++++++++++++-------------- aspects/hosts/trantor.nix | 60 +++++++++----------- 13 files changed, 264 insertions(+), 230 deletions(-) create mode 100644 aspects/cli/cli.nix diff --git a/aspects/cli/btop.nix b/aspects/cli/btop.nix index 2b9c3fc..220a462 100644 --- a/aspects/cli/btop.nix +++ b/aspects/cli/btop.nix @@ -1,20 +1,28 @@ { ... }: { - flake.modules.homeManager.cli-btop = - { - config, - lib, - pkgs, - ... - }: - { - programs.btop = { - enable = true; - settings = { - theme_background = false; - proc_sorting = "cpu direct"; - update_ms = 500; + flake.modules = { + nixos.btop = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ btop ]; + }; + + homeManager.btop = + { + config, + lib, + pkgs, + ... + }: + { + programs.btop = { + enable = true; + settings = { + theme_background = false; + proc_sorting = "cpu direct"; + update_ms = 500; + }; }; }; - }; + }; } diff --git a/aspects/cli/cli.nix b/aspects/cli/cli.nix new file mode 100644 index 0000000..8a11616 --- /dev/null +++ b/aspects/cli/cli.nix @@ -0,0 +1,28 @@ +{ inputs, ... }: + +{ + flake.modules = { + nixos.cli = + { ... }: + { + imports = with inputs.self.modules.nixos; [ + btop + helix + tmux + ]; + }; + homeManager.cli = + { ... }: + { + imports = with inputs.self.modules.nixos; [ + btop + comma + direnv + helix + hm-cli + starship + tmux + ]; + }; + }; +} diff --git a/aspects/cli/comma.nix b/aspects/cli/comma.nix index 71ddb9c..169144f 100644 --- a/aspects/cli/comma.nix +++ b/aspects/cli/comma.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.homeManager.cli-comma = + flake.modules.homeManager.comma = { config, lib, diff --git a/aspects/cli/direnv.nix b/aspects/cli/direnv.nix index 60ea7ad..2cfb2ef 100644 --- a/aspects/cli/direnv.nix +++ b/aspects/cli/direnv.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.homeManager.cli-direnv = + flake.modules.homeManager.direnv = { config, lib, diff --git a/aspects/cli/helix.nix b/aspects/cli/helix.nix index fe0cf74..a21641a 100644 --- a/aspects/cli/helix.nix +++ b/aspects/cli/helix.nix @@ -1,57 +1,67 @@ { ... }: { - flake.modules.homeManager.cli-helix = - { - config, - lib, - pkgs, - ... - }: - { - home.sessionVariables = { - EDITOR = "hx"; + flake.modules = { + nixos.helix = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + helix + ]; }; - programs.helix = { - enable = true; - settings = { - editor = { - file-picker.hidden = false; - idle-timeout = 0; - line-number = "relative"; - cursor-shape = { - normal = "underline"; - insert = "bar"; - select = "underline"; - }; - soft-wrap.enable = true; - auto-format = true; - indent-guides.render = true; - }; - keys.normal = { - space = { - o = "file_picker_in_current_buffer_directory"; - esc = [ - "collapse_selection" - "keep_primary_selection" - ]; - }; - }; + homeManager.helix = + { + config, + lib, + pkgs, + ... + }: + { + home.sessionVariables = { + EDITOR = "hx"; }; - languages = { - language = [ - { - name = "nix"; + + programs.helix = { + enable = true; + settings = { + editor = { + file-picker.hidden = false; + idle-timeout = 0; + line-number = "relative"; + cursor-shape = { + normal = "underline"; + insert = "bar"; + select = "underline"; + }; + soft-wrap.enable = true; auto-format = true; - formatter.command = "nixfmt"; - } - { - name = "typst"; - auto-format = true; - formatter.command = "typstyle -c 1000 -i"; - } - ]; + indent-guides.render = true; + }; + keys.normal = { + space = { + o = "file_picker_in_current_buffer_directory"; + esc = [ + "collapse_selection" + "keep_primary_selection" + ]; + }; + }; + }; + languages = { + language = [ + { + name = "nix"; + auto-format = true; + formatter.command = "nixfmt"; + } + { + name = "typst"; + auto-format = true; + formatter.command = "typstyle -c 1000 -i"; + } + ]; + }; }; }; - }; + }; } diff --git a/aspects/cli/hm-cli.nix b/aspects/cli/hm-cli.nix index 7064a3f..97d79e4 100644 --- a/aspects/cli/hm-cli.nix +++ b/aspects/cli/hm-cli.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.homeManager.cli-base = + flake.modules.homeManager.hm-cli = { config, lib, diff --git a/aspects/cli/starship.nix b/aspects/cli/starship.nix index 7ba3a54..3ac5e4f 100644 --- a/aspects/cli/starship.nix +++ b/aspects/cli/starship.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.homeManager.cli-starship = + flake.modules.homeManager.starship = { config, lib, diff --git a/aspects/cli/tmux.nix b/aspects/cli/tmux.nix index 1238501..4937574 100644 --- a/aspects/cli/tmux.nix +++ b/aspects/cli/tmux.nix @@ -1,19 +1,29 @@ { ... }: { - flake.modules.homeManager.cli-tmux = - { - config, - lib, - pkgs, - ... - }: - { - programs.tmux = { - enable = true; - clock24 = true; - terminal = "xterm-256color"; - mouse = true; - keyMode = "vi"; + flake.modules = { + nixos.tmux = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + tmux + ]; }; - }; + + homeManager.tmux = + { + config, + lib, + pkgs, + ... + }: + { + programs.tmux = { + enable = true; + clock24 = true; + terminal = "xterm-256color"; + mouse = true; + keyMode = "vi"; + }; + }; + }; } diff --git a/aspects/common/programs.nix b/aspects/common/programs.nix index b53b293..ccdf185 100644 --- a/aspects/common/programs.nix +++ b/aspects/common/programs.nix @@ -8,13 +8,10 @@ ### Dev Tools ### git ### System Utilities ### - btop fastfetch - helix nixos-firewall-tool nvd sysz - tmux wget yazi ]; diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index 7da2c39..dedbed9 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -1,4 +1,4 @@ -{ inputs, ... }: +{ inputs, lib, ... }: { flake.nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { @@ -13,39 +13,34 @@ inputs.self.overlays.default ]; } + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_alexandria) + ] + ++ (with inputs.self.modules.nixos; [ + cli # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale + common-boot + common-console + common-firewall + common-locale + common-nix + common-openssh + common-programs + common-security + common-services + common-tailscale # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root + user + root # Server aspects - inputs.self.modules.nixos.server-boot - inputs.self.modules.nixos.server-nix - inputs.self.modules.nixos.server-tailscale + server-boot + server-nix + server-tailscale # Other aspects - inputs.self.modules.nixos.fwupd - inputs.self.modules.nixos.podman - - # Host-specific files (from _alexandria/) - ./_alexandria/hardware-configuration.nix - ./_alexandria/jellyfin.nix - ./_alexandria/nextcloud.nix - ./_alexandria/nginx.nix - ./_alexandria/unbound.nix - ./_alexandria/vaultwarden.nix - ]; + fwupd + ]); }; } diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix index c6c3dbf..ee610fa 100644 --- a/aspects/hosts/io.nix +++ b/aspects/hosts/io.nix @@ -1,4 +1,5 @@ -{ inputs, self, ... }: +{ inputs, lib, ... }: + { flake.nixosConfigurations.io = inputs.nixpkgs.lib.nixosSystem { system = "x86_64-linux"; @@ -12,48 +13,43 @@ inputs.self.overlays.default ]; } - - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale - - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root - - # Desktop aspects - inputs.self.modules.nixos.desktop-boot - inputs.self.modules.nixos.desktop-desktop - inputs.self.modules.nixos.desktop-nix - inputs.self.modules.nixos.desktop-services - - # Other aspects based on tags - inputs.self.modules.nixos.ai - inputs.self.modules.nixos.bluetooth - inputs.self.modules.nixos.dev - inputs.self.modules.nixos.libvirtd - inputs.self.modules.nixos.networkmanager - inputs.self.modules.nixos.podman - - # Factory-generated ephemeral module + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_io) (inputs.self.factory.ephemeral { rootDevice = "/dev/mapper/cryptroot"; }) + ] + ++ (with inputs.self.modules.nixos; [ + cli - # Host-specific files (from _io/) - ./_io/hardware-configuration.nix - ./_io/disko.nix - ./_io/boot.nix - ./_io/programs.nix - ./_io/services.nix - ]; + # Common aspects (always included) + common-boot + common-console + common-firewall + common-locale + common-nix + common-openssh + common-programs + common-security + common-services + common-tailscale + + # User aspects + user + root + + # Desktop aspects + desktop-boot + desktop-desktop + desktop-nix + desktop-services + + # Other aspects + ai + bluetooth + dev + libvirtd + networkmanager + podman + ]); }; } diff --git a/aspects/hosts/rotterdam.nix b/aspects/hosts/rotterdam.nix index 76ffbb0..4a91769 100644 --- a/aspects/hosts/rotterdam.nix +++ b/aspects/hosts/rotterdam.nix @@ -1,4 +1,5 @@ -{ inputs, ... }: +{ inputs, lib, ... }: + { flake.nixosConfigurations.rotterdam = inputs.nixpkgs.lib.nixosSystem { system = "x86_64-linux"; @@ -12,53 +13,48 @@ inputs.self.overlays.default ]; } - - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale - - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root - - # Desktop aspects - inputs.self.modules.nixos.desktop-boot - inputs.self.modules.nixos.desktop-desktop - inputs.self.modules.nixos.desktop-nix - inputs.self.modules.nixos.desktop-services - - # Other aspects based on tags - inputs.self.modules.nixos.ai - inputs.self.modules.nixos.bluetooth - inputs.self.modules.nixos.dev - inputs.self.modules.nixos.fwupd - inputs.self.modules.nixos.gaming-steam - inputs.self.modules.nixos.gaming-hardware - inputs.self.modules.nixos.gaming-flatpak - inputs.self.modules.nixos.gaming-launchers - inputs.self.modules.nixos.libvirtd - inputs.self.modules.nixos.networkmanager - inputs.self.modules.nixos.podman - - # Factory-generated ephemeral module + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_rotterdam) (inputs.self.factory.ephemeral { rootDevice = "/dev/mapper/cryptroot"; }) + ] + ++ (with inputs.self.modules.nixos; [ + cli - # Host-specific files (from _rotterdam/) - ./_rotterdam/hardware-configuration.nix - ./_rotterdam/boot.nix - ./_rotterdam/hardware.nix - ./_rotterdam/programs.nix - ./_rotterdam/services.nix - ]; + # Common aspects (always included) + common-boot + common-console + common-firewall + common-locale + common-nix + common-openssh + common-programs + common-security + common-services + common-tailscale + + # User aspects + user + root + + # Desktop aspects + desktop-boot + desktop-desktop + desktop-nix + desktop-services + + # Other aspects based on tags + ai + bluetooth + dev + fwupd + gaming-steam + gaming-hardware + gaming-flatpak + gaming-launchers + libvirtd + networkmanager + podman + ]); }; } diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix index 3de68a9..4b8b4b2 100644 --- a/aspects/hosts/trantor.nix +++ b/aspects/hosts/trantor.nix @@ -1,4 +1,4 @@ -{ inputs, self, ... }: +{ inputs, lib, ... }: { flake.nixosConfigurations.trantor = inputs.nixpkgs-stable.lib.nixosSystem { system = "aarch64-linux"; @@ -13,42 +13,36 @@ ]; } - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale - - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root - - # Server aspects - inputs.self.modules.nixos.server-boot - inputs.self.modules.nixos.server-nix - inputs.self.modules.nixos.server-tailscale - # Factory-generated ephemeral module (inputs.self.factory.ephemeral { rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; }) - # Host-specific files (from _trantor/) - ./_trantor/hardware-configuration.nix - ./_trantor/disko.nix - ./_trantor/boot.nix - ./_trantor/fail2ban.nix - ./_trantor/forgejo.nix - ./_trantor/networking.nix - ./_trantor/nginx.nix - ./_trantor/openssh.nix - ./_trantor/unbound.nix - ]; + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_trantor) + ] + ++ (with inputs.self.modules.nixos; [ + cli + + # Common aspects (always included) + common-boot + common-console + common-firewall + common-locale + common-nix + common-openssh + common-programs + common-security + common-services + common-tailscale + + # User aspects + user + root + + # Server aspects + server-boot + server-nix + server-tailscale + ]); }; } From 5d1b54c8bfc6bb2a0a82de70b20c5c2c64476f49 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 14:20:57 -0300 Subject: [PATCH 45/75] common aspects reworked into base aspect --- .../{common/programs.nix => base/base.nix} | 34 ++++++++++++------- aspects/{common => base}/boot.nix | 2 +- aspects/{common => base}/console.nix | 2 +- aspects/{common => base}/firewall.nix | 2 +- aspects/{common => base}/locale.nix | 2 +- aspects/{common => base}/nix.nix | 2 +- aspects/{common => base}/security.nix | 2 +- aspects/base/ssh.nix | 32 +++++++++++++++++ aspects/common/openssh.nix | 14 -------- aspects/common/services.nix | 12 ------- aspects/common/tailscale.nix | 11 ------ aspects/hosts/alexandria.nix | 16 ++------- aspects/hosts/io.nix | 16 ++------- aspects/hosts/rotterdam.nix | 16 ++------- aspects/hosts/trantor.nix | 21 +++--------- 15 files changed, 72 insertions(+), 112 deletions(-) rename aspects/{common/programs.nix => base/base.nix} (56%) rename aspects/{common => base}/boot.nix (92%) rename aspects/{common => base}/console.nix (75%) rename aspects/{common => base}/firewall.nix (76%) rename aspects/{common => base}/locale.nix (93%) rename aspects/{common => base}/nix.nix (96%) rename aspects/{common => base}/security.nix (81%) create mode 100644 aspects/base/ssh.nix delete mode 100644 aspects/common/openssh.nix delete mode 100644 aspects/common/services.nix delete mode 100644 aspects/common/tailscale.nix diff --git a/aspects/common/programs.nix b/aspects/base/base.nix similarity index 56% rename from aspects/common/programs.nix rename to aspects/base/base.nix index ccdf185..08841b2 100644 --- a/aspects/common/programs.nix +++ b/aspects/base/base.nix @@ -1,16 +1,22 @@ -{ ... }: +{ inputs, ... }: { - flake.modules.nixos.common-programs = + flake.modules.nixos.base = { lib, pkgs, ... }: { + imports = with inputs.self.modules.nixos; [ + boot + console + firewall + locale + nix + security + ssh + ]; environment = { systemPackages = with pkgs; [ - ### Dev Tools ### git - ### System Utilities ### fastfetch nixos-firewall-tool - nvd sysz wget yazi @@ -26,14 +32,16 @@ command-not-found.enable = false; fish = { enable = true; - interactiveShellInit = '' - set fish_greeting - if set -q SSH_CONNECTION; and not set -q IN_NIX_SHELL; or not set -q TMUX - export TERM=xterm-256color - clear - fastfetch - end - ''; + }; + }; + + services = { + dbus.implementation = "broker"; + irqbalance.enable = true; + fstrim.enable = true; + tailscale = { + enable = true; + extraUpFlags = [ "--operator=user" ]; }; }; }; diff --git a/aspects/common/boot.nix b/aspects/base/boot.nix similarity index 92% rename from aspects/common/boot.nix rename to aspects/base/boot.nix index b74b68c..ec8593d 100644 --- a/aspects/common/boot.nix +++ b/aspects/base/boot.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.nixos.common-boot = + flake.modules.nixos.boot = { pkgs, ... }: { boot = { diff --git a/aspects/common/console.nix b/aspects/base/console.nix similarity index 75% rename from aspects/common/console.nix rename to aspects/base/console.nix index 128b914..6bb7be4 100644 --- a/aspects/common/console.nix +++ b/aspects/base/console.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.nixos.common-console = + flake.modules.nixos.console = { ... }: { console = { diff --git a/aspects/common/firewall.nix b/aspects/base/firewall.nix similarity index 76% rename from aspects/common/firewall.nix rename to aspects/base/firewall.nix index 0e5297d..68ffa6e 100644 --- a/aspects/common/firewall.nix +++ b/aspects/base/firewall.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.nixos.common-firewall = + flake.modules.nixos.firewall = { ... }: { networking = { diff --git a/aspects/common/locale.nix b/aspects/base/locale.nix similarity index 93% rename from aspects/common/locale.nix rename to aspects/base/locale.nix index a6b5754..4d0c716 100644 --- a/aspects/common/locale.nix +++ b/aspects/base/locale.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.nixos.common-locale = + flake.modules.nixos.locale = { ... }: { time.timeZone = "America/Bahia"; diff --git a/aspects/common/nix.nix b/aspects/base/nix.nix similarity index 96% rename from aspects/common/nix.nix rename to aspects/base/nix.nix index 7fa6e49..16397a9 100644 --- a/aspects/common/nix.nix +++ b/aspects/base/nix.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.nixos.common-nix = + flake.modules.nixos.nix = { inputs, ... }: { imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; diff --git a/aspects/common/security.nix b/aspects/base/security.nix similarity index 81% rename from aspects/common/security.nix rename to aspects/base/security.nix index 2ad04a0..310e345 100644 --- a/aspects/common/security.nix +++ b/aspects/base/security.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.nixos.common-security = + flake.modules.nixos.security = { ... }: { security.sudo = { diff --git a/aspects/base/ssh.nix b/aspects/base/ssh.nix new file mode 100644 index 0000000..03fa556 --- /dev/null +++ b/aspects/base/ssh.nix @@ -0,0 +1,32 @@ +{ ... }: + +{ + flake.modules.nixos.ssh = + { ... }: + { + services.openssh = { + enable = true; + settings.PermitRootLogin = "no"; + extraConfig = '' + PrintLastLog no + ''; + }; + programs = { + bash.interactiveShellInit = '' + if { [ -n "$SSH_CONNECTION" ] && [ -z "$IN_NIX_SHELL" ]; } || [ -z "$TMUX" ]; then + export TERM=xterm-256color + clear + fastfetch + fi + ''; + fish.interactiveShellInit = '' + set fish_greeting + if set -q SSH_CONNECTION; and not set -q IN_NIX_SHELL; or not set -q TMUX + export TERM=xterm-256color + clear + fastfetch + end + ''; + }; + }; +} diff --git a/aspects/common/openssh.nix b/aspects/common/openssh.nix deleted file mode 100644 index b8179f2..0000000 --- a/aspects/common/openssh.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ ... }: -{ - flake.modules.nixos.common-openssh = - { ... }: - { - services.openssh = { - enable = true; - settings.PermitRootLogin = "no"; - extraConfig = '' - PrintLastLog no - ''; - }; - }; -} diff --git a/aspects/common/services.nix b/aspects/common/services.nix deleted file mode 100644 index e05dcf0..0000000 --- a/aspects/common/services.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ ... }: -{ - flake.modules.nixos.common-services = - { ... }: - { - services = { - dbus.implementation = "broker"; - irqbalance.enable = true; - fstrim.enable = true; - }; - }; -} diff --git a/aspects/common/tailscale.nix b/aspects/common/tailscale.nix deleted file mode 100644 index 74381ac..0000000 --- a/aspects/common/tailscale.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: -{ - flake.modules.nixos.common-tailscale = - { ... }: - { - services.tailscale = { - enable = true; - extraUpFlags = [ "--operator=user" ]; - }; - }; -} diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index dedbed9..d05639d 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -16,21 +16,11 @@ ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_alexandria) ] ++ (with inputs.self.modules.nixos; [ + # system aspects + base cli - # Common aspects (always included) - common-boot - common-console - common-firewall - common-locale - common-nix - common-openssh - common-programs - common-security - common-services - common-tailscale - - # User aspects + # user aspects user root diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix index ee610fa..6163244 100644 --- a/aspects/hosts/io.nix +++ b/aspects/hosts/io.nix @@ -19,21 +19,11 @@ }) ] ++ (with inputs.self.modules.nixos; [ + # system aspects + base cli - # Common aspects (always included) - common-boot - common-console - common-firewall - common-locale - common-nix - common-openssh - common-programs - common-security - common-services - common-tailscale - - # User aspects + # user aspects user root diff --git a/aspects/hosts/rotterdam.nix b/aspects/hosts/rotterdam.nix index 4a91769..77ffe54 100644 --- a/aspects/hosts/rotterdam.nix +++ b/aspects/hosts/rotterdam.nix @@ -19,21 +19,11 @@ }) ] ++ (with inputs.self.modules.nixos; [ + # system aspects + base cli - # Common aspects (always included) - common-boot - common-console - common-firewall - common-locale - common-nix - common-openssh - common-programs - common-security - common-services - common-tailscale - - # User aspects + # user aspects user root diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix index 4b8b4b2..e7934ab 100644 --- a/aspects/hosts/trantor.nix +++ b/aspects/hosts/trantor.nix @@ -12,30 +12,17 @@ inputs.self.overlays.default ]; } - - # Factory-generated ephemeral module + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_trantor) (inputs.self.factory.ephemeral { rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; }) - - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_trantor) ] ++ (with inputs.self.modules.nixos; [ + # system aspects + base cli - # Common aspects (always included) - common-boot - common-console - common-firewall - common-locale - common-nix - common-openssh - common-programs - common-security - common-services - common-tailscale - - # User aspects + # user aspects user root From 4e78805bdaad9f031287ec07fd525aa0ab79eb17 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 14:58:37 -0300 Subject: [PATCH 46/75] rework desktop and programs aspects --- aspects/cli/cli.nix | 7 +- aspects/desktop/boot.nix | 34 --- aspects/desktop/desktop.nix | 212 +++++----------- aspects/desktop/niri.nix | 445 +++++++++++++++++---------------- aspects/desktop/nix.nix | 21 -- aspects/desktop/services.nix | 23 -- aspects/hosts/io.nix | 8 +- aspects/hosts/rotterdam.nix | 12 +- aspects/programs/graphics.nix | 2 +- aspects/programs/media.nix | 2 +- aspects/programs/office.nix | 2 +- aspects/programs/utilities.nix | 62 ----- aspects/programs/web.nix | 2 +- aspects/users/_user/git.nix | 2 +- 14 files changed, 307 insertions(+), 527 deletions(-) delete mode 100644 aspects/desktop/boot.nix delete mode 100644 aspects/desktop/nix.nix delete mode 100644 aspects/desktop/services.nix delete mode 100644 aspects/programs/utilities.nix diff --git a/aspects/cli/cli.nix b/aspects/cli/cli.nix index 8a11616..1d379e8 100644 --- a/aspects/cli/cli.nix +++ b/aspects/cli/cli.nix @@ -3,13 +3,18 @@ { flake.modules = { nixos.cli = - { ... }: + { pkgs, ... }: { imports = with inputs.self.modules.nixos; [ btop helix tmux ]; + + environment.systemPackages = with pkgs; [ + p7zip + rclone + ]; }; homeManager.cli = { ... }: diff --git a/aspects/desktop/boot.nix b/aspects/desktop/boot.nix deleted file mode 100644 index cd0fa9c..0000000 --- a/aspects/desktop/boot.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ ... }: -{ - flake.modules.nixos.desktop-boot = - { - config, - lib, - pkgs, - ... - }: - { - boot = { - plymouth.enable = true; - initrd.systemd.enable = true; - loader.efi.efiSysMountPoint = "/boot/efi"; - kernelPackages = pkgs.linuxPackages_xanmod_latest; - extraModprobeConfig = '' - options bluetooth disable_ertm=1 - ''; - kernel.sysctl = { - "net.ipv4.tcp_mtu_probing" = 1; - }; - kernelParams = [ - "quiet" - "splash" - "i2c-dev" - "i2c-piix4" - "loglevel=3" - "udev.log_priority=3" - "rd.udev.log_level=3" - "rd.systemd.show_status=false" - ]; - }; - }; -} diff --git a/aspects/desktop/desktop.nix b/aspects/desktop/desktop.nix index fb54f55..39fd0e0 100644 --- a/aspects/desktop/desktop.nix +++ b/aspects/desktop/desktop.nix @@ -4,7 +4,7 @@ }: { flake.modules = { - nixos.desktop-desktop = + nixos.desktop = { config, lib, @@ -13,37 +13,53 @@ }: { imports = [ - inputs.niri-flake.nixosModules.niri inputs.nix-flatpak.nixosModules.nix-flatpak - ]; + ] + ++ (with inputs.self.modules.nixos; [ + graphics + media + office + web + ]); + + boot = { + plymouth.enable = true; + initrd.systemd.enable = true; + loader.efi.efiSysMountPoint = "/boot/efi"; + kernelPackages = pkgs.linuxPackages_xanmod_latest; + extraModprobeConfig = '' + options bluetooth disable_ertm=1 + ''; + kernel.sysctl = { + "net.ipv4.tcp_mtu_probing" = 1; + }; + kernelParams = [ + "quiet" + "splash" + "i2c-dev" + "i2c-piix4" + "loglevel=3" + "udev.log_priority=3" + "rd.udev.log_level=3" + "rd.systemd.show_status=false" + ]; + }; + + nix = { + registry.nixpkgs.flake = inputs.nixpkgs; + nixPath = [ + "nixpkgs=${inputs.nixpkgs}" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; environment = { + etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; sessionVariables = { KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland }; systemPackages = with pkgs; [ - ### Web ### - bitwarden-desktop - fragments - nextcloud-client - tor-browser - vesktop - inputs.zen-browser.packages."${system}".default - ### Office & Productivity ### - aspell - aspellDicts.de - aspellDicts.en - aspellDicts.en-computers - aspellDicts.pt_BR - papers - presenterm - rnote - ### Graphics & Design ### - gimp - inkscape - plasticity - ### System Utilities ### adwaita-icon-theme ghostty gnome-disk-utility @@ -51,19 +67,21 @@ libfido2 mission-center nautilus - p7zip - rclone toggleaudiosink unrar - ### Media ### - decibels - loupe - obs-studio - showtime ]; }; services = { + printing.enable = true; + udev.packages = with pkgs; [ yubikey-personalization ]; + keyd = { + enable = true; + keyboards.all = { + ids = [ "*" ]; + settings.main.capslock = "overload(meta, esc)"; + }; + }; pipewire = { enable = true; alsa.enable = true; @@ -74,35 +92,11 @@ }; greetd = { enable = true; - settings = { - default_session = { - command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; - user = "greeter"; - }; - } - // lib.optionalAttrs (config.networking.hostName == "io") { - initial_session = { - command = "${config.programs.niri.package}/bin/niri-session"; - user = "user"; - }; - }; + settings.default_session.user = "greeter"; }; flatpak = { enable = true; packages = [ - ### Office & Productivity ### - "com.collabora.Office" - ### Graphics & Design ### - "com.boxy_svg.BoxySVG" - rec { - appId = "io.github.softfever.OrcaSlicer"; - sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; - bundle = "${pkgs.fetchurl { - url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; - inherit sha256; - }}"; - } - ### System Utilities ### "com.github.tchx84.Flatseal" "com.rustdesk.RustDesk" ]; @@ -123,10 +117,6 @@ }; programs = { - niri = { - enable = true; - package = inputs.niri.packages.${pkgs.system}.niri; - }; kdeconnect = { enable = true; package = pkgs.valent; @@ -138,8 +128,6 @@ }; }; - niri-flake.cache.enable = false; - fonts = { fontDir.enable = true; packages = with pkgs; [ @@ -157,17 +145,11 @@ xdg-desktop-portal-gnome xdg-desktop-portal-gtk ]; - config = { - common.default = "*"; - niri.default = [ - "gtk" - "gnome" - ]; - }; + config.common.default = "*"; }; }; - homeManager.desktop-desktop = + homeManager.desktop = { config, lib, @@ -180,7 +162,10 @@ fonts.fontconfig.enable = true; - home.packages = with pkgs; [ xwayland-satellite ]; + home = { + packages = with pkgs; [ xwayland-satellite ]; + sessionVariables.TERMINAL = "ghostty"; + }; services.vicinae = { enable = true; @@ -216,91 +201,6 @@ xdg = { enable = true; userDirs.enable = true; - mimeApps = { - enable = true; - defaultApplications = { - "text/html" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/http" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/https" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/about" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/unknown" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "image/jpeg" = "org.gnome.Loupe.desktop"; - "image/png" = "org.gnome.Loupe.desktop"; - "image/gif" = "org.gnome.Loupe.desktop"; - "image/webp" = "org.gnome.Loupe.desktop"; - "image/bmp" = "org.gnome.Loupe.desktop"; - "image/svg+xml" = "org.gnome.Loupe.desktop"; - "image/tiff" = "org.gnome.Loupe.desktop"; - "video/mp4" = "io.bassi.Showtime.desktop"; - "video/x-matroska" = "io.bassi.Showtime.desktop"; - "video/webm" = "io.bassi.Showtime.desktop"; - "video/mpeg" = "io.bassi.Showtime.desktop"; - "video/x-msvideo" = "io.bassi.Showtime.desktop"; - "video/quicktime" = "io.bassi.Showtime.desktop"; - "video/x-flv" = "io.bassi.Showtime.desktop"; - "audio/mpeg" = "io.bassi.Showtime.desktop"; - "audio/flac" = "io.bassi.Showtime.desktop"; - "audio/ogg" = "io.bassi.Showtime.desktop"; - "audio/wav" = "io.bassi.Showtime.desktop"; - "audio/mp4" = "io.bassi.Showtime.desktop"; - "audio/x-opus+ogg" = "io.bassi.Showtime.desktop"; - "application/pdf" = [ - "org.gnome.Papers.desktop" - "zen-browser.desktop" - ]; - "text/plain" = "Helix.desktop"; - "text/markdown" = "Helix.desktop"; - "text/x-log" = "Helix.desktop"; - "application/x-shellscript" = "Helix.desktop"; - "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = - "com.collabora.Office.desktop"; # DOCX - "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = - "com.collabora.Office.desktop"; # XLSX - "application/vnd.openxmlformats-officedocument.presentationml.presentation" = - "com.collabora.Office.desktop"; # PPTX - "application/vnd.oasis.opendocument.text" = "com.collabora.Office.desktop"; # ODT - "application/vnd.oasis.opendocument.spreadsheet" = "com.collabora.Office.desktop"; # ODS - "application/vnd.oasis.opendocument.presentation" = "com.collabora.Office.desktop"; # ODP - "application/msword" = "com.collabora.Office.desktop"; # DOC - "application/vnd.ms-excel" = "com.collabora.Office.desktop"; # XLS - "application/vnd.ms-powerpoint" = "com.collabora.Office.desktop"; # PPT - "application/zip" = "org.gnome.FileRoller.desktop"; - "application/x-tar" = "org.gnome.FileRoller.desktop"; - "application/x-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-bzip-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-xz-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-7z-compressed" = "org.gnome.FileRoller.desktop"; - "application/x-rar" = "org.gnome.FileRoller.desktop"; - "application/gzip" = "org.gnome.FileRoller.desktop"; - "application/x-bzip" = "org.gnome.FileRoller.desktop"; - "inode/directory" = "org.gnome.Nautilus.desktop"; - }; - }; - }; - - # Set Ghostty as default terminal - home.sessionVariables = { - TERMINAL = "ghostty"; }; }; }; diff --git a/aspects/desktop/niri.nix b/aspects/desktop/niri.nix index cdd02ac..adb3f80 100644 --- a/aspects/desktop/niri.nix +++ b/aspects/desktop/niri.nix @@ -1,228 +1,251 @@ -{ ... }: +{ inputs, ... }: { - flake.modules.homeManager.desktop-niri = - { - config, - lib, - pkgs, - inputs, - hostname ? null, - ... - }: - let - isRotterdam = hostname == "rotterdam"; - in - { - imports = [ inputs.noctalia.homeModules.default ]; + flake.modules = { + nixos.niri = + { + config, + lib, + pkgs, + ... + }: + { + imports = [ inputs.niri-flake.nixosModules.niri ]; - services.kanshi = { - enable = true; - settings = [ - { - profile.name = "default"; - profile.outputs = [ - { - criteria = "*"; - scale = 1.0; + services.greetd.settings = { + default_session.command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; + }; + + programs.niri.enable = true; + + xdg.portal.config.niri.default = [ + "gtk" + "gnome" + ]; + }; + homeManager.niri = + { + config, + lib, + pkgs, + inputs, + hostname ? null, + ... + }: + let + isRotterdam = hostname == "rotterdam"; + in + { + imports = [ inputs.noctalia.homeModules.default ]; + + services.kanshi = { + enable = true; + settings = [ + { + profile.name = "default"; + profile.outputs = [ + { + criteria = "*"; + scale = 1.0; + } + ]; + } + ]; + }; + + home = { + packages = with pkgs; [ + xwayland-satellite + inputs.noctalia.packages.${pkgs.system}.default + ]; + sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; + }; + + xdg.configFile."niri/config.kdl".text = '' + input { + keyboard { + xkb { + layout "us" + variant "altgr-intl" } - ]; + } + touchpad { + tap + dwt + drag true + drag-lock + natural-scroll + accel-speed 0.2 + accel-profile "flat" + scroll-method "two-finger" + middle-emulation + } + mouse { + natural-scroll + accel-speed 0.2 + accel-profile "flat" + } + warp-mouse-to-focus mode="center-xy" + focus-follows-mouse } - ]; - }; - home = { - packages = with pkgs; [ - xwayland-satellite - inputs.noctalia.packages.${pkgs.system}.default - ]; - sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; - }; - - xdg.configFile."niri/config.kdl".text = '' - input { - keyboard { - xkb { - layout "us" - variant "altgr-intl" + layout { + gaps 8 + center-focused-column "never" + auto-center-when-space-available + preset-column-widths { + ${ + if isRotterdam then + '' + proportion 0.33333 + proportion 0.5 + proportion 0.66667 + '' + else + '' + proportion 0.5 + proportion 1.0 + '' + } + } + default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } + focus-ring { + off + } + border { + width 4 + active-color "#ffc87f" + inactive-color "#505050" + urgent-color "#9b0000" + } + tab-indicator { + width 4 + gap 4 + place-within-column } } - touchpad { - tap - dwt - drag true - drag-lock - natural-scroll - accel-speed 0.2 - accel-profile "flat" - scroll-method "two-finger" - middle-emulation + + overview { + zoom 0.65 } - mouse { - natural-scroll - accel-speed 0.2 - accel-profile "flat" + + spawn-at-startup "noctalia-shell" "-d" + layer-rule { + match namespace="^noctalia-overview*" + place-within-backdrop true } - warp-mouse-to-focus mode="center-xy" - focus-follows-mouse - } - layout { - gaps 8 - center-focused-column "never" - auto-center-when-space-available - preset-column-widths { - ${ - if isRotterdam then - '' - proportion 0.33333 - proportion 0.5 - proportion 0.66667 - '' - else - '' - proportion 0.5 - proportion 1.0 - '' - } + hotkey-overlay { + skip-at-startup } - default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } - focus-ring { - off + + prefer-no-csd + screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" + + animations { + slowdown 0.3 } - border { - width 4 - active-color "#ffc87f" - inactive-color "#505050" - urgent-color "#9b0000" + + window-rule { + match app-id="zen" + default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; } } - tab-indicator { - width 4 - gap 4 - place-within-column + + window-rule { + geometry-corner-radius 12 + clip-to-geometry true } - } - overview { - zoom 0.65 - } + config-notification { + disable-failed + } - spawn-at-startup "noctalia-shell" "-d" - layer-rule { - match namespace="^noctalia-overview*" - place-within-backdrop true - } - - hotkey-overlay { - skip-at-startup - } - - prefer-no-csd - screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" - - animations { - slowdown 0.3 - } - - window-rule { - match app-id="zen" - default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; } - } - - window-rule { - geometry-corner-radius 12 - clip-to-geometry true - } - - config-notification { - disable-failed - } - - binds { - Alt+Space repeat=false { spawn "vicinae" "toggle"; } - XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; } - XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; } - XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; } - XF86MonBrightnessUp allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "increase"; } - XF86MonBrightnessDown allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "decrease"; } - XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; } - XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } - XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } - XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } - Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; } - Mod+Shift+L repeat=false { spawn "noctalia-shell" "ipc" "call" "lockScreen" "lock"; } - Mod+Return { spawn "ghostty"; } - Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } - Mod+W repeat=false { toggle-overview; } - Mod+Q { close-window; } - Alt+Shift+Q { close-window;} - Mod+Shift+Q { close-window; } - Alt+F4 { close-window; } - Mod+Left { focus-column-left; } - Mod+Down { focus-window-or-workspace-down; } - Mod+Up { focus-window-or-workspace-up; } - Mod+Right { focus-column-right; } - Mod+H { focus-column-left; } - Mod+L { focus-column-right; } - Mod+J { focus-window-or-workspace-down; } - Mod+K { focus-window-or-workspace-up; } - Mod+Ctrl+Left { move-column-left; } - Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } - Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } - Mod+Ctrl+Right { move-column-right; } - Mod+Ctrl+H { move-column-left; } - Mod+Ctrl+J { move-window-down-or-to-workspace-down; } - Mod+Ctrl+K { move-window-up-or-to-workspace-up; } - Mod+Ctrl+L { move-column-right; } - Mod+Home { focus-column-first; } - Mod+End { focus-column-last; } - Mod+Ctrl+Home { move-column-to-first; } - Mod+Ctrl+End { move-column-to-last; } - Mod+Alt+Left { focus-monitor-left; } - Mod+Alt+Down { focus-monitor-down; } - Mod+Alt+Up { focus-monitor-up; } - Mod+Alt+Right { focus-monitor-right; } - Mod+Alt+H { focus-monitor-left; } - Mod+Alt+J { focus-monitor-down; } - Mod+Alt+K { focus-monitor-up; } - Mod+Alt+L { focus-monitor-right; } - Mod+Alt+Ctrl+Left { move-column-to-monitor-left; } - Mod+Alt+Ctrl+Down { move-column-to-monitor-down; } - Mod+Alt+Ctrl+Up { move-column-to-monitor-up; } - Mod+Alt+Ctrl+Right { move-column-to-monitor-right; } - Mod+Alt+Ctrl+H { move-column-to-monitor-left; } - Mod+Alt+Ctrl+J { move-column-to-monitor-down; } - Mod+Alt+Ctrl+K { move-column-to-monitor-up; } - Mod+Alt+Ctrl+L { move-column-to-monitor-right; } - Mod+Ctrl+U { move-workspace-down; } - Mod+Ctrl+I { move-workspace-up; } - Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; } - Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; } - Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; } - Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; } - Mod+Shift+WheelScrollDown { focus-column-right; } - Mod+Shift+WheelScrollUp { focus-column-left; } - Mod+Ctrl+Shift+WheelScrollDown { move-column-right; } - Mod+Ctrl+Shift+WheelScrollUp { move-column-left; } - Mod+BracketLeft { consume-or-expel-window-left; } - Mod+BracketRight { consume-or-expel-window-right; } - Mod+Comma { consume-window-into-column; } - Mod+Period { expel-window-from-column; } - Mod+R { switch-preset-column-width; } - Mod+F { maximize-column; } - Mod+Ctrl+F { fullscreen-window; } - Mod+C { center-visible-columns; } - Mod+Ctrl+C { center-column; } - Mod+Space { toggle-window-floating; } - Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; } - Mod+T { toggle-column-tabbed-display; } - Print { screenshot-screen; } - Mod+Print { screenshot; } - Ctrl+Print { screenshot-window; } - Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } - Mod+Alt+E { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } - Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } - Mod+Ctrl+P { power-off-monitors; } - } - ''; - }; + binds { + Alt+Space repeat=false { spawn "vicinae" "toggle"; } + XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; } + XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; } + XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; } + XF86MonBrightnessUp allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "increase"; } + XF86MonBrightnessDown allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "decrease"; } + XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; } + XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } + XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } + XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } + Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; } + Mod+Shift+L repeat=false { spawn "noctalia-shell" "ipc" "call" "lockScreen" "lock"; } + Mod+Return { spawn "ghostty"; } + Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } + Mod+W repeat=false { toggle-overview; } + Mod+Q { close-window; } + Alt+Shift+Q { close-window;} + Mod+Shift+Q { close-window; } + Alt+F4 { close-window; } + Mod+Left { focus-column-left; } + Mod+Down { focus-window-or-workspace-down; } + Mod+Up { focus-window-or-workspace-up; } + Mod+Right { focus-column-right; } + Mod+H { focus-column-left; } + Mod+L { focus-column-right; } + Mod+J { focus-window-or-workspace-down; } + Mod+K { focus-window-or-workspace-up; } + Mod+Ctrl+Left { move-column-left; } + Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } + Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } + Mod+Ctrl+Right { move-column-right; } + Mod+Ctrl+H { move-column-left; } + Mod+Ctrl+J { move-window-down-or-to-workspace-down; } + Mod+Ctrl+K { move-window-up-or-to-workspace-up; } + Mod+Ctrl+L { move-column-right; } + Mod+Home { focus-column-first; } + Mod+End { focus-column-last; } + Mod+Ctrl+Home { move-column-to-first; } + Mod+Ctrl+End { move-column-to-last; } + Mod+Alt+Left { focus-monitor-left; } + Mod+Alt+Down { focus-monitor-down; } + Mod+Alt+Up { focus-monitor-up; } + Mod+Alt+Right { focus-monitor-right; } + Mod+Alt+H { focus-monitor-left; } + Mod+Alt+J { focus-monitor-down; } + Mod+Alt+K { focus-monitor-up; } + Mod+Alt+L { focus-monitor-right; } + Mod+Alt+Ctrl+Left { move-column-to-monitor-left; } + Mod+Alt+Ctrl+Down { move-column-to-monitor-down; } + Mod+Alt+Ctrl+Up { move-column-to-monitor-up; } + Mod+Alt+Ctrl+Right { move-column-to-monitor-right; } + Mod+Alt+Ctrl+H { move-column-to-monitor-left; } + Mod+Alt+Ctrl+J { move-column-to-monitor-down; } + Mod+Alt+Ctrl+K { move-column-to-monitor-up; } + Mod+Alt+Ctrl+L { move-column-to-monitor-right; } + Mod+Ctrl+U { move-workspace-down; } + Mod+Ctrl+I { move-workspace-up; } + Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; } + Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; } + Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; } + Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; } + Mod+Shift+WheelScrollDown { focus-column-right; } + Mod+Shift+WheelScrollUp { focus-column-left; } + Mod+Ctrl+Shift+WheelScrollDown { move-column-right; } + Mod+Ctrl+Shift+WheelScrollUp { move-column-left; } + Mod+BracketLeft { consume-or-expel-window-left; } + Mod+BracketRight { consume-or-expel-window-right; } + Mod+Comma { consume-window-into-column; } + Mod+Period { expel-window-from-column; } + Mod+R { switch-preset-column-width; } + Mod+F { maximize-column; } + Mod+Ctrl+F { fullscreen-window; } + Mod+C { center-visible-columns; } + Mod+Ctrl+C { center-column; } + Mod+Space { toggle-window-floating; } + Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; } + Mod+T { toggle-column-tabbed-display; } + Print { screenshot-screen; } + Mod+Print { screenshot; } + Ctrl+Print { screenshot-window; } + Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } + Mod+Alt+E { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } + Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } + Mod+Ctrl+P { power-off-monitors; } + } + ''; + }; + }; } diff --git a/aspects/desktop/nix.nix b/aspects/desktop/nix.nix deleted file mode 100644 index 3a9e71e..0000000 --- a/aspects/desktop/nix.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ inputs, ... }: -{ - flake.modules.nixos.desktop-nix = - { - config, - lib, - pkgs, - ... - }: - { - environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; - - nix = { - registry.nixpkgs.flake = inputs.nixpkgs; - nixPath = [ - "nixpkgs=${inputs.nixpkgs}" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - }; - }; -} diff --git a/aspects/desktop/services.nix b/aspects/desktop/services.nix deleted file mode 100644 index eb9482a..0000000 --- a/aspects/desktop/services.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ ... }: -{ - flake.modules.nixos.desktop-services = - { - config, - lib, - pkgs, - ... - }: - { - services = { - printing.enable = true; - udev.packages = with pkgs; [ yubikey-personalization ]; - keyd = { - enable = true; - keyboards.all = { - ids = [ "*" ]; - settings.main.capslock = "overload(meta, esc)"; - }; - }; - }; - }; -} diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix index 6163244..6944555 100644 --- a/aspects/hosts/io.nix +++ b/aspects/hosts/io.nix @@ -22,23 +22,19 @@ # system aspects base cli + desktop # user aspects user root - # Desktop aspects - desktop-boot - desktop-desktop - desktop-nix - desktop-services - # Other aspects ai bluetooth dev libvirtd networkmanager + niri podman ]); }; diff --git a/aspects/hosts/rotterdam.nix b/aspects/hosts/rotterdam.nix index 77ffe54..ad4192e 100644 --- a/aspects/hosts/rotterdam.nix +++ b/aspects/hosts/rotterdam.nix @@ -22,28 +22,24 @@ # system aspects base cli + desktop # user aspects user root - # Desktop aspects - desktop-boot - desktop-desktop - desktop-nix - desktop-services - # Other aspects based on tags ai bluetooth dev fwupd - gaming-steam - gaming-hardware gaming-flatpak + gaming-hardware gaming-launchers + gaming-steam libvirtd networkmanager + niri podman ]); }; diff --git a/aspects/programs/graphics.nix b/aspects/programs/graphics.nix index 4b7a16b..7d1ed6d 100644 --- a/aspects/programs/graphics.nix +++ b/aspects/programs/graphics.nix @@ -1,7 +1,7 @@ { ... }: { - flake.modules.nixos.programs-graphics = + flake.modules.nixos.graphics = { pkgs, ... }: { environment.systemPackages = with pkgs; [ diff --git a/aspects/programs/media.nix b/aspects/programs/media.nix index 7daaa87..ed6a767 100644 --- a/aspects/programs/media.nix +++ b/aspects/programs/media.nix @@ -2,7 +2,7 @@ { flake.modules = { - nixos.programs-media = + nixos.media = { pkgs, ... }: { environment.systemPackages = with pkgs; [ diff --git a/aspects/programs/office.nix b/aspects/programs/office.nix index c3349f3..fe41d1d 100644 --- a/aspects/programs/office.nix +++ b/aspects/programs/office.nix @@ -1,7 +1,7 @@ { ... }: { - flake.modules.nixos.programs-office = + flake.modules.nixos.office = { pkgs, ... }: { environment.systemPackages = with pkgs; [ diff --git a/aspects/programs/utilities.nix b/aspects/programs/utilities.nix deleted file mode 100644 index 4a207af..0000000 --- a/aspects/programs/utilities.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ ... }: - -{ - flake.modules = { - nixos.programs-utilities = - { pkgs, ... }: - { - environment.systemPackages = with pkgs; [ - ghostty - gnome-disk-utility - mission-center - nautilus - p7zip - rclone - unrar - # Desktop Integration - adwaita-icon-theme - junction - libfido2 - toggleaudiosink - # Xwayland Support - xwayland-satellite - ]; - - services.flatpak.packages = [ - "com.github.tchx84.Flatseal" - "com.rustdesk.RustDesk" - ]; - }; - - homeManager.programs-utilities = - { pkgs, ... }: - { - programs = { - ghostty = { - enable = true; - settings = { - cursor-style = "block"; - shell-integration-features = "no-cursor"; - cursor-style-blink = false; - custom-shader = "${builtins.fetchurl { - url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; - sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; - }}"; - bell-features = ""; - gtk-titlebar-style = "tabs"; - keybind = [ "shift+enter=text:\\x1b\\r" ]; - }; - }; - - password-store = { - enable = true; - package = pkgs.pass-wayland; - }; - }; - - home.sessionVariables = { - TERMINAL = "ghostty"; - }; - }; - }; -} diff --git a/aspects/programs/web.nix b/aspects/programs/web.nix index a11ca57..f661218 100644 --- a/aspects/programs/web.nix +++ b/aspects/programs/web.nix @@ -1,7 +1,7 @@ { ... }: { - flake.modules.nixos.programs-web = + flake.modules.nixos.web = { inputs, pkgs, diff --git a/aspects/users/_user/git.nix b/aspects/users/_user/git.nix index 9c1fb20..40a5714 100644 --- a/aspects/users/_user/git.nix +++ b/aspects/users/_user/git.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ ... }: { programs = { From 7815017528fca3e0addb848dbf64d8858f4ed0cb Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 16:36:06 -0300 Subject: [PATCH 47/75] rework system, programs, desktop, cli and base aspects --- aspects/{shell => base}/bash.nix | 2 +- aspects/base/fish.nix | 47 +++++++++++++++++++ aspects/{programs => desktop}/graphics.nix | 0 aspects/{programs => desktop}/media.nix | 0 aspects/{programs => desktop}/office.nix | 0 aspects/{programs => desktop}/web.nix | 0 aspects/server/boot.nix | 14 ------ aspects/server/tailscale.nix | 22 --------- aspects/shell/fish.nix | 40 ---------------- aspects/{base => systems}/base.nix | 8 +--- aspects/{cli => systems}/cli.nix | 0 aspects/{desktop => systems}/desktop.nix | 0 .../{server/nix.nix => systems/server.nix} | 18 ++++++- 13 files changed, 66 insertions(+), 85 deletions(-) rename aspects/{shell => base}/bash.nix (82%) create mode 100644 aspects/base/fish.nix rename aspects/{programs => desktop}/graphics.nix (100%) rename aspects/{programs => desktop}/media.nix (100%) rename aspects/{programs => desktop}/office.nix (100%) rename aspects/{programs => desktop}/web.nix (100%) delete mode 100644 aspects/server/boot.nix delete mode 100644 aspects/server/tailscale.nix delete mode 100644 aspects/shell/fish.nix rename aspects/{base => systems}/base.nix (87%) rename aspects/{cli => systems}/cli.nix (100%) rename aspects/{desktop => systems}/desktop.nix (100%) rename aspects/{server/nix.nix => systems/server.nix} (51%) diff --git a/aspects/shell/bash.nix b/aspects/base/bash.nix similarity index 82% rename from aspects/shell/bash.nix rename to aspects/base/bash.nix index e451148..6ba97ef 100644 --- a/aspects/shell/bash.nix +++ b/aspects/base/bash.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.homeManager.shell-bash = + flake.modules.homeManager.bash = { config, lib, diff --git a/aspects/base/fish.nix b/aspects/base/fish.nix new file mode 100644 index 0000000..8ed326a --- /dev/null +++ b/aspects/base/fish.nix @@ -0,0 +1,47 @@ +{ ... }: +{ + flake.modules = { + nixos.fish = + { ... }: + { + programs.fish.enable = true; + }; + homeManager.fish = + { + config, + lib, + pkgs, + ... + }: + { + programs.fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + ${lib.getExe pkgs.nix-your-shell} fish | source + ''; + loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; + plugins = [ + { + name = "bang-bang"; + src = pkgs.fetchFromGitHub { + owner = "oh-my-fish"; + repo = "plugin-bang-bang"; + rev = "f969c618301163273d0a03d002614d9a81952c1e"; + sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; + }; + } + { + name = "z"; + src = pkgs.fetchFromGitHub { + owner = "jethrokuan"; + repo = "z"; + rev = "067e867debee59aee231e789fc4631f80fa5788e"; + sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU="; + }; + } + ]; + }; + }; + }; +} diff --git a/aspects/programs/graphics.nix b/aspects/desktop/graphics.nix similarity index 100% rename from aspects/programs/graphics.nix rename to aspects/desktop/graphics.nix diff --git a/aspects/programs/media.nix b/aspects/desktop/media.nix similarity index 100% rename from aspects/programs/media.nix rename to aspects/desktop/media.nix diff --git a/aspects/programs/office.nix b/aspects/desktop/office.nix similarity index 100% rename from aspects/programs/office.nix rename to aspects/desktop/office.nix diff --git a/aspects/programs/web.nix b/aspects/desktop/web.nix similarity index 100% rename from aspects/programs/web.nix rename to aspects/desktop/web.nix diff --git a/aspects/server/boot.nix b/aspects/server/boot.nix deleted file mode 100644 index 38634d1..0000000 --- a/aspects/server/boot.nix +++ /dev/null @@ -1,14 +0,0 @@ -# aspects/server/boot.nix -{ ... }: -{ - flake.modules.nixos.server-boot = - { - config, - lib, - pkgs, - ... - }: - { - boot.kernelPackages = pkgs.linuxPackages_hardened; - }; -} diff --git a/aspects/server/tailscale.nix b/aspects/server/tailscale.nix deleted file mode 100644 index cf2fa4b..0000000 --- a/aspects/server/tailscale.nix +++ /dev/null @@ -1,22 +0,0 @@ -# aspects/server/tailscale.nix -{ ... }: -{ - flake.modules.nixos.server-tailscale = - { - config, - lib, - pkgs, - ... - }: - { - services.tailscale = { - extraSetFlags = [ "--advertise-exit-node" ]; - useRoutingFeatures = "server"; - }; - - boot.kernel.sysctl = { - "net.ipv4.ip_forward" = 1; - "net.ipv6.conf.all.forwarding" = 1; - }; - }; -} diff --git a/aspects/shell/fish.nix b/aspects/shell/fish.nix deleted file mode 100644 index 22c0f5c..0000000 --- a/aspects/shell/fish.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ ... }: -{ - flake.modules.homeManager.shell-fish = - { - config, - lib, - pkgs, - ... - }: - { - programs.fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - ${lib.getExe pkgs.nix-your-shell} fish | source - ''; - loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; - plugins = [ - { - name = "bang-bang"; - src = pkgs.fetchFromGitHub { - owner = "oh-my-fish"; - repo = "plugin-bang-bang"; - rev = "f969c618301163273d0a03d002614d9a81952c1e"; - sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; - }; - } - { - name = "z"; - src = pkgs.fetchFromGitHub { - owner = "jethrokuan"; - repo = "z"; - rev = "067e867debee59aee231e789fc4631f80fa5788e"; - sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU="; - }; - } - ]; - }; - }; -} diff --git a/aspects/base/base.nix b/aspects/systems/base.nix similarity index 87% rename from aspects/base/base.nix rename to aspects/systems/base.nix index 08841b2..5fef6b9 100644 --- a/aspects/base/base.nix +++ b/aspects/systems/base.nix @@ -7,6 +7,7 @@ boot console firewall + fish locale nix security @@ -28,12 +29,7 @@ }; }; - programs = { - command-not-found.enable = false; - fish = { - enable = true; - }; - }; + programs.command-not-found.enable = false; services = { dbus.implementation = "broker"; diff --git a/aspects/cli/cli.nix b/aspects/systems/cli.nix similarity index 100% rename from aspects/cli/cli.nix rename to aspects/systems/cli.nix diff --git a/aspects/desktop/desktop.nix b/aspects/systems/desktop.nix similarity index 100% rename from aspects/desktop/desktop.nix rename to aspects/systems/desktop.nix diff --git a/aspects/server/nix.nix b/aspects/systems/server.nix similarity index 51% rename from aspects/server/nix.nix rename to aspects/systems/server.nix index 1cb8e8b..c3c24f0 100644 --- a/aspects/server/nix.nix +++ b/aspects/systems/server.nix @@ -1,7 +1,7 @@ -# aspects/server/nix.nix { inputs, ... }: + { - flake.modules.nixos.server-nix = + flake.modules.nixos.server = { config, lib, @@ -9,6 +9,14 @@ ... }: { + boot = { + kernelPackages = pkgs.linuxPackages_hardened; + kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + }; + }; + environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; nix = { @@ -18,5 +26,11 @@ "/nix/var/nix/profiles/per-user/root/channels" ]; }; + + services.tailscale = { + extraSetFlags = [ "--advertise-exit-node" ]; + useRoutingFeatures = "server"; + }; + }; } From 755937cb56f26b90e4a551de9b20e26ec72f948d Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 16:45:33 -0300 Subject: [PATCH 48/75] rework user aspect --- aspects/users/user.nix | 82 ++++++++++++------------------------------ 1 file changed, 23 insertions(+), 59 deletions(-) diff --git a/aspects/users/user.nix b/aspects/users/user.nix index ad1b8ca..ca74e8d 100644 --- a/aspects/users/user.nix +++ b/aspects/users/user.nix @@ -1,4 +1,4 @@ -{ inputs, self, ... }: +{ inputs, lib, ... }: { flake = { @@ -30,37 +30,6 @@ }; modules = [ { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - - # CLI aspects (common module included) - inputs.self.modules.homeManager.cli-base - inputs.self.modules.homeManager.cli-btop - inputs.self.modules.homeManager.cli-comma - inputs.self.modules.homeManager.cli-direnv - inputs.self.modules.homeManager.cli-helix - inputs.self.modules.homeManager.cli-starship - inputs.self.modules.homeManager.cli-tmux - - # Shell - inputs.self.modules.homeManager.shell-fish - inputs.self.modules.homeManager.shell-bash - - # Desktop - inputs.self.modules.homeManager.desktop-desktop - inputs.self.modules.homeManager.desktop-niri - - # Gaming - inputs.self.modules.homeManager.gaming-mangohud - - # Programs - inputs.self.modules.homeManager.programs-media # for obs-studio - - # Stylix - inputs.self.modules.homeManager.stylix - - # User-specific (from _user/) - ./_user/git.nix - - # Home configuration { home = { username = "user"; @@ -68,7 +37,17 @@ stateVersion = "22.05"; }; } - ]; + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) + ] + ++ (with inputs.self.modules.homeManager; [ + base # base aspect + cli # cli aspect + desktop # desktop aspect + + # other aspect + stylix + niri + ]); }; "user@io" = inputs.home-manager.lib.homeManagerConfiguration { @@ -79,31 +58,6 @@ }; modules = [ { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - - # CLI aspects (common module included) - inputs.self.modules.homeManager.cli-base - inputs.self.modules.homeManager.cli-btop - inputs.self.modules.homeManager.cli-comma - inputs.self.modules.homeManager.cli-direnv - inputs.self.modules.homeManager.cli-helix - inputs.self.modules.homeManager.cli-starship - inputs.self.modules.homeManager.cli-tmux - - # Shell - inputs.self.modules.homeManager.shell-fish - inputs.self.modules.homeManager.shell-bash - - # Desktop - inputs.self.modules.homeManager.desktop-desktop - inputs.self.modules.homeManager.desktop-niri - - # Stylix - inputs.self.modules.homeManager.stylix - - # User-specific (from _user/) - ./_user/git.nix - - # Home configuration { home = { username = "user"; @@ -111,7 +65,17 @@ stateVersion = "22.05"; }; } - ]; + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) + ] + ++ (with inputs.self.modules.homeManager; [ + base # base aspect + cli # cli aspect + desktop # desktop aspect + + # other aspect + stylix + niri + ]); }; }; }; From 0ce2d3b9479f496ba014ad12d6b8c2e8043b1319 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 17:02:56 -0300 Subject: [PATCH 49/75] reworked other aspects --- aspects/ai.nix | 2 +- aspects/bluetooth.nix | 5 ++++- aspects/desktop/office.nix | 1 + aspects/dev.nix | 3 --- aspects/stylix.nix | 15 ++------------- 5 files changed, 8 insertions(+), 18 deletions(-) diff --git a/aspects/ai.nix b/aspects/ai.nix index f67bbbc..3431ddd 100644 --- a/aspects/ai.nix +++ b/aspects/ai.nix @@ -4,7 +4,7 @@ { inputs, pkgs, ... }: { environment.systemPackages = - (with pkgs; [ claude-desktop ]) + (with pkgs; [ ]) ++ (with inputs.nix-ai-tools.packages.${pkgs.system}; [ claude-code claudebox diff --git a/aspects/bluetooth.nix b/aspects/bluetooth.nix index 2027ac1..6c7b2d8 100644 --- a/aspects/bluetooth.nix +++ b/aspects/bluetooth.nix @@ -8,6 +8,9 @@ ... }: { - hardware.bluetooth.enable = true; + hardware.bluetooth = { + enable = true; + powerOnBoot = false; + }; }; } diff --git a/aspects/desktop/office.nix b/aspects/desktop/office.nix index fe41d1d..68d958a 100644 --- a/aspects/desktop/office.nix +++ b/aspects/desktop/office.nix @@ -10,6 +10,7 @@ aspellDicts.en aspellDicts.en-computers aspellDicts.pt_BR + glow papers presenterm rnote diff --git a/aspects/dev.nix b/aspects/dev.nix index 89a1026..afe9edc 100644 --- a/aspects/dev.nix +++ b/aspects/dev.nix @@ -10,14 +10,11 @@ { environment.systemPackages = with pkgs; [ android-tools - bat lazygit fd fzf - glow nixfmt nix-init - nix-output-monitor ripgrep ]; diff --git a/aspects/stylix.nix b/aspects/stylix.nix index ec3fd42..f7eb9fa 100644 --- a/aspects/stylix.nix +++ b/aspects/stylix.nix @@ -1,4 +1,5 @@ { ... }: + { flake.modules = { nixos.stylix = @@ -15,10 +16,7 @@ ... }: { - imports = [ - inputs.stylix.homeModules.stylix - inputs.zen-browser.homeModules.beta - ]; + imports = [ inputs.stylix.homeModules.stylix ]; stylix = { enable = true; @@ -65,15 +63,6 @@ terminal = 12; }; }; - targets.zen-browser = { - enable = true; - profileNames = [ "william" ]; - }; - }; - - programs.zen-browser = { - enable = true; - profiles.william = { }; }; }; }; From 1075c256f85a5ad19bf443aad8a9f3001ebe3c95 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 17:17:29 -0300 Subject: [PATCH 50/75] rework gaming aspect --- aspects/gaming/flatpak.nix | 25 ------------------- aspects/gaming/hardware.nix | 13 ---------- aspects/gaming/launchers.nix | 13 ---------- aspects/gaming/mangohud.nix | 4 +-- aspects/gaming/steam.nix | 7 +++++- aspects/hosts/alexandria.nix | 8 ++---- aspects/hosts/rotterdam.nix | 7 ++---- aspects/hosts/trantor.nix | 6 +---- aspects/systems/cli.nix | 2 +- aspects/systems/gaming.nix | 48 ++++++++++++++++++++++++++++++++++++ aspects/users/user.nix | 17 +++++++------ 11 files changed, 72 insertions(+), 78 deletions(-) delete mode 100644 aspects/gaming/flatpak.nix delete mode 100644 aspects/gaming/hardware.nix delete mode 100644 aspects/gaming/launchers.nix create mode 100644 aspects/systems/gaming.nix diff --git a/aspects/gaming/flatpak.nix b/aspects/gaming/flatpak.nix deleted file mode 100644 index cc4d0ee..0000000 --- a/aspects/gaming/flatpak.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ ... }: - -{ - flake.modules.nixos.gaming-flatpak = - { pkgs, ... }: - { - services.flatpak.packages = [ - "com.github.k4zmu2a.spacecadetpinball" - "com.steamgriddb.SGDBoop" - "io.github.Foldex.AdwSteamGtk" - "io.itch.itch" - "io.mrarm.mcpelauncher" - "net.retrodeck.retrodeck" - "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08" - rec { - appId = "com.hypixel.HytaleLauncher"; - sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv"; - bundle = "${pkgs.fetchurl { - url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak"; - inherit sha256; - }}"; - } - ]; - }; -} diff --git a/aspects/gaming/hardware.nix b/aspects/gaming/hardware.nix deleted file mode 100644 index e3b5c4b..0000000 --- a/aspects/gaming/hardware.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: - -{ - flake.modules.nixos.gaming-hardware = - { ... }: - { - hardware = { - xpadneo.enable = true; - steam-hardware.enable = true; # Allow steam client to manage controllers - graphics.enable32Bit = true; # For OpenGL games - }; - }; -} diff --git a/aspects/gaming/launchers.nix b/aspects/gaming/launchers.nix deleted file mode 100644 index 1fd3bb4..0000000 --- a/aspects/gaming/launchers.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: - -{ - flake.modules.nixos.gaming-launchers = - { pkgs, ... }: - { - environment.systemPackages = with pkgs; [ - clonehero - heroic - prismlauncher - ]; - }; -} diff --git a/aspects/gaming/mangohud.nix b/aspects/gaming/mangohud.nix index 2856b8f..14a3df6 100644 --- a/aspects/gaming/mangohud.nix +++ b/aspects/gaming/mangohud.nix @@ -2,7 +2,7 @@ { flake.modules = { - nixos.gaming-mangohud = + nixos.mangohud = { pkgs, ... }: { environment.systemPackages = with pkgs; [ @@ -10,7 +10,7 @@ ]; }; - homeManager.gaming-mangohud = + homeManager.mangohud = { config, ... }: { programs.mangohud = { diff --git a/aspects/gaming/steam.nix b/aspects/gaming/steam.nix index 530c99b..a10d0e4 100644 --- a/aspects/gaming/steam.nix +++ b/aspects/gaming/steam.nix @@ -1,7 +1,7 @@ { ... }: { - flake.modules.nixos.gaming-steam = + flake.modules.nixos.steam = { pkgs, ... }: { environment.systemPackages = with pkgs; [ @@ -15,5 +15,10 @@ }; gamemode.enable = true; }; + + services.flatpak.packages = [ + "com.steamgriddb.SGDBoop" + "io.github.Foldex.AdwSteamGtk" + ]; }; } diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index d05639d..57fdf5f 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -19,17 +19,13 @@ # system aspects base cli + server # user aspects user root - # Server aspects - server-boot - server-nix - server-tailscale - - # Other aspects + # other aspects fwupd ]); }; diff --git a/aspects/hosts/rotterdam.nix b/aspects/hosts/rotterdam.nix index ad4192e..1c177e4 100644 --- a/aspects/hosts/rotterdam.nix +++ b/aspects/hosts/rotterdam.nix @@ -23,20 +23,17 @@ base cli desktop + gaming # user aspects user root - # Other aspects based on tags + # other aspects ai bluetooth dev fwupd - gaming-flatpak - gaming-hardware - gaming-launchers - gaming-steam libvirtd networkmanager niri diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix index e7934ab..076672c 100644 --- a/aspects/hosts/trantor.nix +++ b/aspects/hosts/trantor.nix @@ -21,15 +21,11 @@ # system aspects base cli + server # user aspects user root - - # Server aspects - server-boot - server-nix - server-tailscale ]); }; } diff --git a/aspects/systems/cli.nix b/aspects/systems/cli.nix index 1d379e8..2b95f0e 100644 --- a/aspects/systems/cli.nix +++ b/aspects/systems/cli.nix @@ -19,7 +19,7 @@ homeManager.cli = { ... }: { - imports = with inputs.self.modules.nixos; [ + imports = with inputs.self.modules.homeManager; [ btop comma direnv diff --git a/aspects/systems/gaming.nix b/aspects/systems/gaming.nix new file mode 100644 index 0000000..e73a6fe --- /dev/null +++ b/aspects/systems/gaming.nix @@ -0,0 +1,48 @@ +{ inputs, ... }: + +{ + flake.modules = { + nixos.gaming = + { pkgs, ... }: + { + imports = with inputs.self.modules.nixos; [ + mangohud + steam + ]; + hardware = { + xpadneo.enable = true; + steam-hardware.enable = true; # Allow steam client to manage controllers + graphics.enable32Bit = true; # For OpenGL games + }; + + services.flatpak.packages = [ + "com.github.k4zmu2a.spacecadetpinball" + "io.itch.itch" + "io.mrarm.mcpelauncher" + "net.retrodeck.retrodeck" + "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08" + rec { + appId = "com.hypixel.HytaleLauncher"; + sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv"; + bundle = "${pkgs.fetchurl { + url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak"; + inherit sha256; + }}"; + } + ]; + + environment.systemPackages = with pkgs; [ + clonehero + heroic + prismlauncher + ]; + }; + homeManager.gaming = + { ... }: + { + imports = with inputs.self.modules.homeManager; [ + mangohud + ]; + }; + }; +} diff --git a/aspects/users/user.nix b/aspects/users/user.nix index ca74e8d..e37c038 100644 --- a/aspects/users/user.nix +++ b/aspects/users/user.nix @@ -40,11 +40,13 @@ ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) ] ++ (with inputs.self.modules.homeManager; [ - base # base aspect - cli # cli aspect - desktop # desktop aspect + # system aspects + base + cli + desktop + gaming - # other aspect + # other aspects stylix niri ]); @@ -68,9 +70,10 @@ ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) ] ++ (with inputs.self.modules.homeManager; [ - base # base aspect - cli # cli aspect - desktop # desktop aspect + # system aspects + base + cli + desktop # other aspect stylix From 472aabee2a655f3ab3e69a753fd19a8401398a0f Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 17:32:03 -0300 Subject: [PATCH 51/75] finalise dendritic migration --- aspects/desktop/media.nix | 2 +- aspects/systems/base.nix | 83 +++++++++++++++++++++---------------- aspects/systems/desktop.nix | 5 ++- 3 files changed, 52 insertions(+), 38 deletions(-) diff --git a/aspects/desktop/media.nix b/aspects/desktop/media.nix index ed6a767..7543c0a 100644 --- a/aspects/desktop/media.nix +++ b/aspects/desktop/media.nix @@ -13,7 +13,7 @@ ]; }; - homeManager.programs-media = + homeManager.media = { pkgs, ... }: { programs.obs-studio = { diff --git a/aspects/systems/base.nix b/aspects/systems/base.nix index 5fef6b9..fdfc525 100644 --- a/aspects/systems/base.nix +++ b/aspects/systems/base.nix @@ -1,44 +1,55 @@ { inputs, ... }: { - flake.modules.nixos.base = - { lib, pkgs, ... }: - { - imports = with inputs.self.modules.nixos; [ - boot - console - firewall - fish - locale - nix - security - ssh - ]; - environment = { - systemPackages = with pkgs; [ - git - fastfetch - nixos-firewall-tool - sysz - wget - yazi + flake.modules = { + nixos.base = + { lib, pkgs, ... }: + { + imports = with inputs.self.modules.nixos; [ + boot + console + firewall + fish + locale + nix + security + ssh ]; - shellAliases = { - cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; - ls = "${lib.getExe pkgs.eza} --git --icons --group-directories-first"; - tree = "ls --tree"; + environment = { + systemPackages = with pkgs; [ + git + fastfetch + nixos-firewall-tool + sysz + wget + yazi + ]; + shellAliases = { + cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; + ls = "${lib.getExe pkgs.eza} --git --icons --group-directories-first"; + tree = "ls --tree"; + }; + }; + + programs.command-not-found.enable = false; + + services = { + dbus.implementation = "broker"; + irqbalance.enable = true; + fstrim.enable = true; + tailscale = { + enable = true; + extraUpFlags = [ "--operator=user" ]; + }; }; }; - programs.command-not-found.enable = false; - - services = { - dbus.implementation = "broker"; - irqbalance.enable = true; - fstrim.enable = true; - tailscale = { - enable = true; - extraUpFlags = [ "--operator=user" ]; - }; + homeManager.base = + { ... }: + { + imports = with inputs.self.modules.homeManager; [ + bash + fish + ]; }; - }; + }; } diff --git a/aspects/systems/desktop.nix b/aspects/systems/desktop.nix index 39fd0e0..fb3aa1b 100644 --- a/aspects/systems/desktop.nix +++ b/aspects/systems/desktop.nix @@ -158,7 +158,10 @@ ... }: { - imports = [ inputs.vicinae.homeManagerModules.default ]; + imports = [ + inputs.vicinae.homeManagerModules.default + ] + ++ (with inputs.self.modules.homeManager; [ media ]); fonts.fontconfig.enable = true; From 8b3ab52435811d954744695fcfd1b7dd4dabfda1 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 17:36:28 -0300 Subject: [PATCH 52/75] moved home manager user configuration to dedicated files --- aspects/users/user.nix | 97 ++++++-------------------------- aspects/users/user_io.nix | 32 +++++++++++ aspects/users/user_rotterdam.nix | 35 ++++++++++++ 3 files changed, 84 insertions(+), 80 deletions(-) create mode 100644 aspects/users/user_io.nix create mode 100644 aspects/users/user_rotterdam.nix diff --git a/aspects/users/user.nix b/aspects/users/user.nix index e37c038..e3f8530 100644 --- a/aspects/users/user.nix +++ b/aspects/users/user.nix @@ -1,85 +1,22 @@ -{ inputs, lib, ... }: +{ ... }: { - flake = { - modules.nixos.user = - { pkgs, ... }: - { - users.users.user = { - isNormalUser = true; - shell = pkgs.fish; - extraGroups = [ - "networkmanager" - "wheel" - ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" - ]; - hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; - }; - }; - - homeConfigurations = { - "user@rotterdam" = inputs.home-manager.lib.homeManagerConfiguration { - pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = { - inherit inputs; - hostname = "rotterdam"; - }; - modules = [ - { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - { - home = { - username = "user"; - homeDirectory = "/home/user"; - stateVersion = "22.05"; - }; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) - ] - ++ (with inputs.self.modules.homeManager; [ - # system aspects - base - cli - desktop - gaming - - # other aspects - stylix - niri - ]); - }; - - "user@io" = inputs.home-manager.lib.homeManagerConfiguration { - pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = { - inherit inputs; - hostname = "io"; - }; - modules = [ - { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - { - home = { - username = "user"; - homeDirectory = "/home/user"; - stateVersion = "22.05"; - }; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) - ] - ++ (with inputs.self.modules.homeManager; [ - # system aspects - base - cli - desktop - - # other aspect - stylix - niri - ]); + flake.modules.nixos.user = + { pkgs, ... }: + { + users.users.user = { + isNormalUser = true; + shell = pkgs.fish; + extraGroups = [ + "networkmanager" + "wheel" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + ]; + hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; }; }; - }; } diff --git a/aspects/users/user_io.nix b/aspects/users/user_io.nix new file mode 100644 index 0000000..c956b1c --- /dev/null +++ b/aspects/users/user_io.nix @@ -0,0 +1,32 @@ +{ inputs, lib, ... }: + +{ + flake."user@io" = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { + inherit inputs; + hostname = "io"; + }; + modules = [ + { nixpkgs.overlays = [ inputs.self.overlays.default ]; } + { + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + }; + } + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) + ] + ++ (with inputs.self.modules.homeManager; [ + # system aspects + base + cli + desktop + + # other aspect + stylix + niri + ]); + }; +} diff --git a/aspects/users/user_rotterdam.nix b/aspects/users/user_rotterdam.nix new file mode 100644 index 0000000..56b2dc1 --- /dev/null +++ b/aspects/users/user_rotterdam.nix @@ -0,0 +1,35 @@ +{ inputs, lib, ... }: + +{ + flake.homeConfigurations = { + "user@rotterdam" = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { + inherit inputs; + hostname = "rotterdam"; + }; + modules = [ + { nixpkgs.overlays = [ inputs.self.overlays.default ]; } + { + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + }; + } + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) + ] + ++ (with inputs.self.modules.homeManager; [ + # system aspects + base + cli + desktop + gaming + + # other aspects + stylix + niri + ]); + }; + }; +} From 8ab3f6e2c82974f0842362c85dc2dc40f9fb3f70 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 18:11:28 -0300 Subject: [PATCH 53/75] no more niri-flake --- aspects/base/nix.nix | 5 +- aspects/desktop/niri.nix | 40 +++--- aspects/desktop/web.nix | 3 +- flake.lock | 268 +++++++-------------------------------- flake.nix | 4 - 5 files changed, 66 insertions(+), 254 deletions(-) diff --git a/aspects/base/nix.nix b/aspects/base/nix.nix index 16397a9..8d44d54 100644 --- a/aspects/base/nix.nix +++ b/aspects/base/nix.nix @@ -33,7 +33,10 @@ config = { use_nvd = true; ignore_dirty_tree = true; - apply.reexec_as_root = true; + apply = { + reexec_as_root = true; + use_nom = true; + }; confirmation.empty = "default-yes"; }; }; diff --git a/aspects/desktop/niri.nix b/aspects/desktop/niri.nix index adb3f80..9c87723 100644 --- a/aspects/desktop/niri.nix +++ b/aspects/desktop/niri.nix @@ -1,4 +1,4 @@ -{ inputs, ... }: +{ ... }: { flake.modules = { nixos.niri = @@ -9,18 +9,11 @@ ... }: { - imports = [ inputs.niri-flake.nixosModules.niri ]; - services.greetd.settings = { default_session.command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; }; programs.niri.enable = true; - - xdg.portal.config.niri.default = [ - "gtk" - "gnome" - ]; }; homeManager.niri = { @@ -88,26 +81,27 @@ focus-follows-mouse } + output "LG Electronics LG ULTRAWIDE 206AZFM5E459" { + layout { + preset-column-widths { + proportion 0.33333 + proportion 0.5 + proportion 0.66667 + } + default-column-width { proportion 0.33333; } + } + } + layout { gaps 8 center-focused-column "never" - auto-center-when-space-available + always-center-single-column + empty-workspace-above-first preset-column-widths { - ${ - if isRotterdam then - '' - proportion 0.33333 - proportion 0.5 - proportion 0.66667 - '' - else - '' - proportion 0.5 - proportion 1.0 - '' - } + proportion 0.5 + proportion 1.0 } - default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } + default-column-width { proportion 0.5; } focus-ring { off } diff --git a/aspects/desktop/web.nix b/aspects/desktop/web.nix index f661218..1e4ed1c 100644 --- a/aspects/desktop/web.nix +++ b/aspects/desktop/web.nix @@ -5,12 +5,11 @@ { inputs, pkgs, - system, ... }: { environment.systemPackages = with pkgs; [ - inputs.zen-browser.packages."${system}".default + inputs.zen-browser.packages."${pkgs.system}".default bitwarden-desktop fragments nextcloud-client diff --git a/flake.lock b/flake.lock index 8587eb2..20de064 100644 --- a/flake.lock +++ b/flake.lock @@ -432,86 +432,10 @@ "type": "github" } }, - "niri": { - "inputs": { - "nixpkgs": "nixpkgs_3", - "rust-overlay": "rust-overlay" - }, - "locked": { - "lastModified": 1760963745, - "narHash": "sha256-FVf9YFw2wQnMAxvMxEk+vFakXhPQUSapDpGmlLzAxjg=", - "owner": "baduhai", - "repo": "niri", - "rev": "dd3e3d1009991ecd87ab7253c9e7696acf2bc943", - "type": "github" - }, - "original": { - "owner": "baduhai", - "ref": "auto-center-when-space-available", - "repo": "niri", - "type": "github" - } - }, - "niri-flake": { - "inputs": { - "niri-stable": "niri-stable", - "niri-unstable": "niri-unstable", - "nixpkgs": "nixpkgs_4", - "nixpkgs-stable": "nixpkgs-stable", - "xwayland-satellite-stable": "xwayland-satellite-stable", - "xwayland-satellite-unstable": "xwayland-satellite-unstable" - }, - "locked": { - "lastModified": 1770844822, - "narHash": "sha256-QgJZ+W6YE6nAzO/m7ezamAzr9DTflIEXRozMivL0+hc=", - "owner": "sodiboo", - "repo": "niri-flake", - "rev": "7634add8bf2dd225d04f535de4bd0ee60982f367", - "type": "github" - }, - "original": { - "owner": "sodiboo", - "repo": "niri-flake", - "type": "github" - } - }, - "niri-stable": { - "flake": false, - "locked": { - "lastModified": 1756556321, - "narHash": "sha256-RLD89dfjN0RVO86C/Mot0T7aduCygPGaYbog566F0Qo=", - "owner": "YaLTeR", - "repo": "niri", - "rev": "01be0e65f4eb91a9cd624ac0b76aaeab765c7294", - "type": "github" - }, - "original": { - "owner": "YaLTeR", - "ref": "v25.08", - "repo": "niri", - "type": "github" - } - }, - "niri-unstable": { - "flake": false, - "locked": { - "lastModified": 1770735554, - "narHash": "sha256-8GzUa8bCyQ688jYW2waXrOqetTr7oV8UPTO2He+5Hsg=", - "owner": "YaLTeR", - "repo": "niri", - "rev": "41b5de87692b8262fbdbff7faab93f04ff0be453", - "type": "github" - }, - "original": { - "owner": "YaLTeR", - "repo": "niri", - "type": "github" - } - }, "nix-ai-tools": { "inputs": { "blueprint": "blueprint", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_3", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -568,7 +492,7 @@ "inputs": { "flake-compat": "flake-compat", "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_4", "optnix": "optnix" }, "locked": { @@ -632,22 +556,6 @@ } }, "nixpkgs-stable": { - "locked": { - "lastModified": 1770770419, - "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_2": { "locked": { "lastModified": 1770770419, "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=", @@ -663,38 +571,6 @@ "type": "github" } }, - "nixpkgs_10": { - "locked": { - "lastModified": 1762111121, - "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { - "locked": { - "lastModified": 1769461804, - "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1768564909, @@ -712,38 +588,6 @@ } }, "nixpkgs_3": { - "locked": { - "lastModified": 1757967192, - "narHash": "sha256-/aA9A/OBmnuOMgwfzdsXRusqzUpd8rQnQY8jtrHK+To=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "0d7c15863b251a7a50265e57c1dca1a7add2e291", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1770562336, - "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { "locked": { "lastModified": 1770843696, "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=", @@ -759,7 +603,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_4": { "locked": { "lastModified": 1767151656, "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", @@ -775,7 +619,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_5": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -791,7 +635,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_6": { "locked": { "lastModified": 1770562336, "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", @@ -807,7 +651,7 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_7": { "locked": { "lastModified": 1767767207, "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", @@ -823,6 +667,38 @@ "type": "github" } }, + "nixpkgs_8": { + "locked": { + "lastModified": 1762111121, + "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_9": { + "locked": { + "lastModified": 1769461804, + "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "noctalia": { "inputs": { "nixpkgs": [ @@ -871,7 +747,7 @@ "optnix": { "inputs": { "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1765418479, @@ -895,14 +771,12 @@ "home-manager": "home-manager_2", "impermanence": "impermanence", "import-tree": "import-tree", - "niri": "niri", - "niri-flake": "niri-flake", "nix-ai-tools": "nix-ai-tools", "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_8", - "nixpkgs-stable": "nixpkgs-stable_2", + "nixpkgs": "nixpkgs_6", + "nixpkgs-stable": "nixpkgs-stable", "noctalia": "noctalia", "stylix": "stylix", "terranix": "terranix", @@ -910,27 +784,6 @@ "zen-browser": "zen-browser" } }, - "rust-overlay": { - "inputs": { - "nixpkgs": [ - "niri", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1757989933, - "narHash": "sha256-9cpKYWWPCFhgwQTww8S94rTXgg8Q8ydFv9fXM6I8xQM=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "8249aa3442fb9b45e615a35f39eca2fe5510d7c3", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, "stylix": { "inputs": { "base16": "base16", @@ -940,7 +793,7 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_3", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_7", "nur": "nur", "systems": "systems_3", "tinted-foot": "tinted-foot", @@ -1164,7 +1017,7 @@ }, "vicinae": { "inputs": { - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_8", "systems": "systems_5" }, "locked": { @@ -1181,43 +1034,10 @@ "type": "github" } }, - "xwayland-satellite-stable": { - "flake": false, - "locked": { - "lastModified": 1755491097, - "narHash": "sha256-m+9tUfsmBeF2Gn4HWa6vSITZ4Gz1eA1F5Kh62B0N4oE=", - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "rev": "388d291e82ffbc73be18169d39470f340707edaa", - "type": "github" - }, - "original": { - "owner": "Supreeeme", - "ref": "v0.7", - "repo": "xwayland-satellite", - "type": "github" - } - }, - "xwayland-satellite-unstable": { - "flake": false, - "locked": { - "lastModified": 1770583271, - "narHash": "sha256-Q75S8cEqJoZ92s1y4zArvk2U1ayAy2E4SaF7gbNXkYQ=", - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "rev": "86f5bd5d867ad6e120935dfe825f6b903ebbeddd", - "type": "github" - }, - "original": { - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "type": "github" - } - }, "zen-browser": { "inputs": { "home-manager": "home-manager_4", - "nixpkgs": "nixpkgs_11" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1771000521, diff --git a/flake.nix b/flake.nix index 6026fa3..2036828 100644 --- a/flake.nix +++ b/flake.nix @@ -26,7 +26,6 @@ stylix.url = "github:danth/stylix"; # nixos/hm program modules - niri-flake.url = "github:sodiboo/niri-flake"; nix-ai-tools.url = "github:numtide/llm-agents.nix"; nix-index-database = { url = "github:nix-community/nix-index-database"; @@ -44,9 +43,6 @@ url = "github:terranix/terranix"; inputs.nixpkgs.follows = "nixpkgs"; }; - - # others - niri.url = "github:baduhai/niri/auto-center-when-space-available"; }; outputs = From 71ec638573f13f6cbadd3d6e1e4d49d31fda92eb Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 20:05:34 -0300 Subject: [PATCH 54/75] fix ssh motd; add nvd and nom --- aspects/base/nix.nix | 7 ++++++- aspects/base/ssh.nix | 4 ++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/aspects/base/nix.nix b/aspects/base/nix.nix index 8d44d54..2442024 100644 --- a/aspects/base/nix.nix +++ b/aspects/base/nix.nix @@ -1,7 +1,7 @@ { ... }: { flake.modules.nixos.nix = - { inputs, ... }: + { inputs, pkgs, ... }: { imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; @@ -41,6 +41,11 @@ }; }; + environment.systemPackages = with pkgs; [ + nix-output-monitor + nvd + ]; + system.stateVersion = "22.11"; }; } diff --git a/aspects/base/ssh.nix b/aspects/base/ssh.nix index 03fa556..6569bf0 100644 --- a/aspects/base/ssh.nix +++ b/aspects/base/ssh.nix @@ -13,7 +13,7 @@ }; programs = { bash.interactiveShellInit = '' - if { [ -n "$SSH_CONNECTION" ] && [ -z "$IN_NIX_SHELL" ]; } || [ -z "$TMUX" ]; then + if [ -n "$SSH_CONNECTION" ] && [ -z "$IN_NIX_SHELL" ] && [ -z "$TMUX" ]; then export TERM=xterm-256color clear fastfetch @@ -21,7 +21,7 @@ ''; fish.interactiveShellInit = '' set fish_greeting - if set -q SSH_CONNECTION; and not set -q IN_NIX_SHELL; or not set -q TMUX + if set -q SSH_CONNECTION; and not set -q IN_NIX_SHELL; and not set -q TMUX export TERM=xterm-256color clear fastfetch From 91f37f90230a9a958d31781652944ce2d7e9414d Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 21:05:59 -0300 Subject: [PATCH 55/75] remove claude-desktop pkg --- packages/claude-desktop.nix | 216 ------------------------------------ 1 file changed, 216 deletions(-) delete mode 100644 packages/claude-desktop.nix diff --git a/packages/claude-desktop.nix b/packages/claude-desktop.nix deleted file mode 100644 index c21ec8e..0000000 --- a/packages/claude-desktop.nix +++ /dev/null @@ -1,216 +0,0 @@ -{ inputs, ... }: - -{ - perSystem = - { system, ... }: - let - pkgs = import inputs.nixpkgs { - inherit system; - config.allowUnfree = true; - }; - - pname = "claude-desktop"; - version = "1.0.1768"; - - srcs.x86_64-linux = pkgs.fetchurl { - url = "https://downloads.claude.ai/releases/win32/x64/1.0.1768/Claude-67d01376d0e9d08b328455f6db9e63b0d603506a.exe"; - hash = "sha256-x76Qav38ya3ObpWIq3dDowo79LgvVquMfaZeH8M1LUk=;"; - }; - - src = - srcs.${pkgs.stdenv.hostPlatform.system} - or (throw "Unsupported system: ${pkgs.stdenv.hostPlatform.system}"); - - claudeNativeStub = '' - // Stub implementation of claude-native using KeyboardKey enum values - const KeyboardKey = { - Backspace: 43, Tab: 280, Enter: 261, Shift: 272, Control: 61, Alt: 40, - CapsLock: 56, Escape: 85, Space: 276, PageUp: 251, PageDown: 250, - End: 83, Home: 154, LeftArrow: 175, UpArrow: 282, RightArrow: 262, - DownArrow: 81, Delete: 79, Meta: 187 - }; - Object.freeze(KeyboardKey); - module.exports = { - getWindowsVersion: () => "10.0.0", - setWindowEffect: () => {}, - removeWindowEffect: () => {}, - getIsMaximized: () => false, - flashFrame: () => {}, - clearFlashFrame: () => {}, - showNotification: () => {}, - setProgressBar: () => {}, - clearProgressBar: () => {}, - setOverlayIcon: () => {}, - clearOverlayIcon: () => {}, - KeyboardKey - }; - ''; - in - { - packages.claude-desktop = pkgs.stdenv.mkDerivation rec { - inherit pname version src; - - nativeBuildInputs = with pkgs; [ - makeWrapper - copyDesktopItems - p7zip - unzip - nodejs - graphicsmagick - ]; - - buildInputs = [ pkgs.electron ]; - - desktopItems = [ - (pkgs.makeDesktopItem { - name = "claude-desktop"; - desktopName = "Claude"; - comment = "AI assistant from Anthropic"; - exec = "claude-desktop %u"; - icon = "claude-desktop"; - categories = [ - "Network" - "Chat" - "Office" - ]; - mimeTypes = [ "x-scheme-handler/claude" ]; - startupNotify = true; - startupWMClass = "Claude"; - }) - ]; - - unpackPhase = '' - runHook preUnpack - - # Extract the Windows installer - use -y to auto-overwrite - 7z x -y $src -o./extracted - - # The installer contains a NuGet package - if [ -f ./extracted/AnthropicClaude-*-full.nupkg ]; then - echo "Found NuGet package, extracting..." - # NuGet packages are just zip files - unzip -q ./extracted/AnthropicClaude-*-full.nupkg -d ./nupkg - - # Extract app.asar to modify it - if [ -f ./nupkg/lib/net45/resources/app.asar ]; then - echo "Extracting app.asar..." - ${pkgs.asar}/bin/asar extract ./nupkg/lib/net45/resources/app.asar ./app - - # Also copy the unpacked resources - if [ -d ./nupkg/lib/net45/resources/app.asar.unpacked ]; then - cp -r ./nupkg/lib/net45/resources/app.asar.unpacked/* ./app/ - fi - - # Copy additional resources - mkdir -p ./app/resources - mkdir -p ./app/resources/i18n - cp ./nupkg/lib/net45/resources/Tray* ./app/resources/ || true - cp ./nupkg/lib/net45/resources/*-*.json ./app/resources/i18n/ || true - fi - else - echo "NuGet package not found" - ls -la ./extracted/ - exit 1 - fi - - runHook postUnpack - ''; - - buildPhase = '' - runHook preBuild - - # Replace the Windows-specific claude-native module with a stub - if [ -d ./app/node_modules/claude-native ]; then - echo "Replacing claude-native module with Linux stub..." - rm -rf ./app/node_modules/claude-native/*.node - cat > ./app/node_modules/claude-native/index.js << 'EOF' - ${claudeNativeStub} - EOF - fi - - # Fix the title bar detection (from aaddrick script) - echo "Fixing title bar detection..." - SEARCH_BASE="./app/.vite/renderer/main_window/assets" - if [ -d "$SEARCH_BASE" ]; then - TARGET_FILE=$(find "$SEARCH_BASE" -type f -name "MainWindowPage-*.js" | head -1) - if [ -n "$TARGET_FILE" ]; then - echo "Found target file: $TARGET_FILE" - # Replace patterns like 'if(!VAR1 && VAR2)' with 'if(VAR1 && VAR2)' - sed -i -E 's/if\(!([a-zA-Z]+)[[:space:]]*&&[[:space:]]*([a-zA-Z]+)\)/if(\1 \&\& \2)/g' "$TARGET_FILE" - echo "Title bar fix applied" - fi - fi - - runHook postBuild - ''; - - installPhase = '' - runHook preInstall - - mkdir -p $out/lib/claude-desktop - - # Repack the modified app as app.asar - cd ./app - ${pkgs.asar}/bin/asar pack . ../app.asar - cd .. - - # Copy resources - mkdir -p $out/lib/claude-desktop/resources - cp ./app.asar $out/lib/claude-desktop/resources/ - - # Create app.asar.unpacked directory with the stub - mkdir -p $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native - cat > $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native/index.js << 'EOF' - ${claudeNativeStub} - EOF - - # Copy other resources - if [ -d ./nupkg/lib/net45/resources ]; then - cp ./nupkg/lib/net45/resources/*.png $out/lib/claude-desktop/resources/ 2>/dev/null || true - cp ./nupkg/lib/net45/resources/*.ico $out/lib/claude-desktop/resources/ 2>/dev/null || true - cp ./nupkg/lib/net45/resources/*.json $out/lib/claude-desktop/resources/ 2>/dev/null || true - fi - - # Create wrapper script - makeWrapper ${pkgs.electron}/bin/electron $out/bin/claude-desktop \ - --add-flags "$out/lib/claude-desktop/resources/app.asar" \ - --set DISABLE_AUTOUPDATER 1 \ - --set NODE_ENV production - - # Extract and install icons in multiple sizes - if [ -f ./extracted/setupIcon.ico ]; then - echo "Converting and installing icons..." - # Count frames in the ICO file and extract each one - frame_count=$(gm identify ./extracted/setupIcon.ico | wc -l) - for i in $(seq 0 $((frame_count - 1))); do - gm convert "./extracted/setupIcon.ico[$i]" "./extracted/setupIcon-$i.png" 2>/dev/null || true - done - - # Loop through converted icons and install them by size - for img in ./extracted/setupIcon-*.png; do - if [ -f "$img" ]; then - size=$(gm identify -format "%wx%h" "$img") - # Skip smallest icons (16x16 and 32x32) as they're too low quality - if [ "$size" != "16x16" ] && [ "$size" != "32x32" ]; then - mkdir -p "$out/share/icons/hicolor/$size/apps" - cp "$img" "$out/share/icons/hicolor/$size/apps/claude-desktop.png" - fi - fi - done - fi - - runHook postInstall - ''; - - meta = with pkgs.lib; { - description = "Claude Desktop - AI assistant from Anthropic"; - homepage = "https://claude.ai"; - license = licenses.unfree; - sourceProvenance = with sourceTypes; [ binaryNativeCode ]; - maintainers = [ ]; - platforms = [ "x86_64-linux" ]; - mainProgram = "claude-desktop"; - }; - }; - }; -} From 10f823a3a6821f8de4f37b030e4af05a4e5349ac Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 22:21:33 -0300 Subject: [PATCH 56/75] lxc support for alexandria --- aspects/hosts/alexandria.nix | 1 + aspects/lxc.nix | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 aspects/lxc.nix diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index 57fdf5f..c0c9f32 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -27,6 +27,7 @@ # other aspects fwupd + lxc ]); }; } diff --git a/aspects/lxc.nix b/aspects/lxc.nix new file mode 100644 index 0000000..15da310 --- /dev/null +++ b/aspects/lxc.nix @@ -0,0 +1,17 @@ +{ ... }: + +{ + flake.modules.nixos.lxc = + { + config, + lib, + pkgs, + ... + }: + { + virtualisation.lxc = { + enable = true; + unprivilegedContainers = true; + }; + }; +} From fe460c9151c87b46c9ebcca327c09fb883fef8d9 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 23:01:25 -0300 Subject: [PATCH 57/75] fix secrets locations --- aspects/hosts/_alexandria/nextcloud.nix | 7 +++---- aspects/hosts/_alexandria/nginx.nix | 2 +- aspects/hosts/_trantor/nginx.nix | 2 +- aspects/hosts/alexandria.nix | 2 +- 4 files changed, 6 insertions(+), 7 deletions(-) diff --git a/aspects/hosts/_alexandria/nextcloud.nix b/aspects/hosts/_alexandria/nextcloud.nix index c4a9669..cb9f2ac 100644 --- a/aspects/hosts/_alexandria/nextcloud.nix +++ b/aspects/hosts/_alexandria/nextcloud.nix @@ -1,8 +1,7 @@ { - lib, config, - pkgs, inputs, + pkgs, ... }: @@ -83,12 +82,12 @@ in age.secrets = { "nextcloud-secrets.json" = { - file = ../../../secrets/nextcloud-secrets.json.age; + file = "${inputs.self}/secrets/nextcloud-secrets.json.age"; owner = "nextcloud"; group = "nextcloud"; }; nextcloud-adminpass = { - file = ../../../secrets/nextcloud-adminpass.age; + file = "${inputs.self}/secrets/nextcloud-adminpass.age"; owner = "nextcloud"; group = "nextcloud"; }; diff --git a/aspects/hosts/_alexandria/nginx.nix b/aspects/hosts/_alexandria/nginx.nix index 26a7ba1..087faf4 100644 --- a/aspects/hosts/_alexandria/nginx.nix +++ b/aspects/hosts/_alexandria/nginx.nix @@ -51,7 +51,7 @@ in ]; age.secrets.cloudflare = { - file = ../../../secrets/cloudflare.age; + file = "${inputs.self}/secrets/cloudflare.age"; owner = "nginx"; group = "nginx"; }; diff --git a/aspects/hosts/_trantor/nginx.nix b/aspects/hosts/_trantor/nginx.nix index 899666e..eccfb12 100644 --- a/aspects/hosts/_trantor/nginx.nix +++ b/aspects/hosts/_trantor/nginx.nix @@ -51,7 +51,7 @@ in ]; age.secrets.cloudflare = { - file = ../../../secrets/cloudflare.age; + file = "${inputs.self}/secrets/cloudflare.age"; owner = "nginx"; group = "nginx"; }; diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index c0c9f32..f10dfe7 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -27,7 +27,7 @@ # other aspects fwupd - lxc + podman ]); }; } From 657e1e4697c22f4f82985844b3d8ad2535e6ec49 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 16 Feb 2026 00:07:36 -0300 Subject: [PATCH 58/75] fix forgejo on trantor --- aspects/hosts/_trantor/forgejo.nix | 7 ++++++- aspects/hosts/_trantor/nginx.nix | 2 -- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/aspects/hosts/_trantor/forgejo.nix b/aspects/hosts/_trantor/forgejo.nix index 1112622..6d702e2 100644 --- a/aspects/hosts/_trantor/forgejo.nix +++ b/aspects/hosts/_trantor/forgejo.nix @@ -21,6 +21,8 @@ in ROOT_URL = "https://git.baduhai.dev"; OFFLINE_MODE = true; # disable use of CDNs SSH_DOMAIN = "git.baduhai.dev"; + SSH_USER = "forgejo"; + SSH_PORT = lib.head config.services.openssh.ports; }; log.LEVEL = "Warn"; mailer.ENABLED = false; @@ -67,5 +69,8 @@ in }; # Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories - systemd.services.forgejo.serviceConfig.PrivateMounts = lib.mkForce false; + systemd.services.forgejo.serviceConfig = { + PrivateMounts = lib.mkForce false; + ProtectSystem = lib.mkForce false; + }; } diff --git a/aspects/hosts/_trantor/nginx.nix b/aspects/hosts/_trantor/nginx.nix index eccfb12..24f96c3 100644 --- a/aspects/hosts/_trantor/nginx.nix +++ b/aspects/hosts/_trantor/nginx.nix @@ -8,10 +8,8 @@ let services = inputs.self.services; - # Get all unique domains from shared services on trantor (host = "trantor") localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "trantor") services)); - # Generate ACME cert configs for all local domains acmeCerts = lib.genAttrs localDomains (domain: { group = "nginx"; }); From bea47712721aa49dd0fc27c5f3640f812db30dea Mon Sep 17 00:00:00 2001 From: William Date: Mon, 16 Feb 2026 01:05:30 -0300 Subject: [PATCH 59/75] lxc on alexandria again --- aspects/hosts/alexandria.nix | 2 +- aspects/lxc.nix | 11 ++++++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index f10dfe7..c0c9f32 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -27,7 +27,7 @@ # other aspects fwupd - podman + lxc ]); }; } diff --git a/aspects/lxc.nix b/aspects/lxc.nix index 15da310..4225e0c 100644 --- a/aspects/lxc.nix +++ b/aspects/lxc.nix @@ -9,9 +9,14 @@ ... }: { - virtualisation.lxc = { - enable = true; - unprivilegedContainers = true; + virtualisation = { + lxc = { + enable = true; + unprivilegedContainers = true; + }; + incus.enable = true; }; + + users.users.user.extraGroups = [ "incus-admin" ]; }; } From 19ecca4ea808e845e1db52d79ac3cbbbddfe647e Mon Sep 17 00:00:00 2001 From: William Date: Mon, 16 Feb 2026 11:59:32 -0300 Subject: [PATCH 60/75] add niri-auto-centre script --- aspects/desktop/niri.nix | 1 + packages/hm-cli.nix | 2 -- packages/niri-auto-centre.nix | 32 ++++++++++++++++++++++++++++++++ 3 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 packages/niri-auto-centre.nix diff --git a/aspects/desktop/niri.nix b/aspects/desktop/niri.nix index 9c87723..bc99482 100644 --- a/aspects/desktop/niri.nix +++ b/aspects/desktop/niri.nix @@ -123,6 +123,7 @@ } spawn-at-startup "noctalia-shell" "-d" + spawn-at-startup "${lib.getExe pkgs.niri-auto-centre}" layer-rule { match namespace="^noctalia-overview*" place-within-backdrop true diff --git a/packages/hm-cli.nix b/packages/hm-cli.nix index 94dae66..59f4b4f 100644 --- a/packages/hm-cli.nix +++ b/packages/hm-cli.nix @@ -5,8 +5,6 @@ { pkgs, ... }: { packages.hm-cli = pkgs.writeShellScriptBin "hm" '' - set -e - HM="${pkgs.lib.getExe pkgs.home-manager}" FLAKE_PATH="''${HM_PATH:-$HOME/.config/home-manager}" FLAKE_OUTPUT="''${HM_USER:-$(whoami)@$(hostname)}" diff --git a/packages/niri-auto-centre.nix b/packages/niri-auto-centre.nix new file mode 100644 index 0000000..dd7b04c --- /dev/null +++ b/packages/niri-auto-centre.nix @@ -0,0 +1,32 @@ +{ ... }: + +{ + perSystem = + { pkgs, ... }: + { + packages.niri-auto-centre = pkgs.writeShellApplication { + name = "niri-auto-centre"; + runtimeInputs = [ pkgs.jq ]; + text = '' + while true; do + ACTIVE_WORKSPACE=$(niri msg --json workspaces | jq -r '.[] | select(.is_active == true)') + WORKSPACE_ID=$(echo "$ACTIVE_WORKSPACE" | jq -r '.id') + OUTPUT_NAME=$(echo "$ACTIVE_WORKSPACE" | jq -r '.output') + + MONITOR_WIDTH=$(niri msg --json outputs | jq -r ".\"$OUTPUT_NAME\".logical.width") + + SUMMED_TILE_WIDTH=$(niri msg --json windows | jq --argjson wid "$WORKSPACE_ID" -r ' + [.[] | select(.workspace_id == $wid) | {col: .layout.pos_in_scrolling_layout[0], width: .layout.tile_size[0]}] + | group_by(.col) | map(first.width) | add + ') + + if awk "BEGIN {exit !($SUMMED_TILE_WIDTH < $MONITOR_WIDTH)}"; then + niri msg action center-visible-columns + fi + + sleep 0.1 + done + ''; + }; + }; +} From cd16985ddc763de89bc3eda4aeb9445b6cb059ee Mon Sep 17 00:00:00 2001 From: William Date: Tue, 17 Feb 2026 13:53:57 -0300 Subject: [PATCH 61/75] use determinate nix --- aspects/base/nix.nix | 31 +-- flake.lock | 444 +++++++++++++++++++++++++++++++------------ flake.nix | 1 + 3 files changed, 340 insertions(+), 136 deletions(-) diff --git a/aspects/base/nix.nix b/aspects/base/nix.nix index 2442024..29feff8 100644 --- a/aspects/base/nix.nix +++ b/aspects/base/nix.nix @@ -3,24 +3,25 @@ flake.modules.nixos.nix = { inputs, pkgs, ... }: { - imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; + imports = [ + inputs.nixos-cli.nixosModules.nixos-cli + inputs.determinate.nixosModules.default + ]; - nix = { - settings = { - auto-optimise-store = true; - connect-timeout = 10; - log-lines = 25; - min-free = 128000000; - max-free = 1000000000; - trusted-users = [ "@wheel" ]; - }; - extraOptions = "experimental-features = nix-command flakes"; - gc = { - automatic = true; - options = "--delete-older-than 8d"; - }; + nix.gc = { + automatic = true; + options = "--delete-older-than 8d"; }; + environment.etc."nix/nix.custom.conf".text = '' + auto-optimise-store = true + connect-timeout = 10 + log-lines = 25 + min-free = 128000000 + max-free = 1000000000 + trusted-users = @wheel + ''; + nixpkgs.config = { allowUnfree = true; enableParallelBuilding = true; diff --git a/flake.lock b/flake.lock index 20de064..8b17f1e 100644 --- a/flake.lock +++ b/flake.lock @@ -135,9 +135,66 @@ "type": "github" } }, + "determinate": { + "inputs": { + "determinate-nixd-aarch64-darwin": "determinate-nixd-aarch64-darwin", + "determinate-nixd-aarch64-linux": "determinate-nixd-aarch64-linux", + "determinate-nixd-x86_64-linux": "determinate-nixd-x86_64-linux", + "nix": "nix", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1771014593, + "narHash": "sha256-NrCFwn20ewJwy/SZoREs+XylerizPCYP54n9qkr31/E=", + "rev": "69b4ff80ae2bbdd1e3f02ccd76a5f2988b118ed2", + "revCount": 397, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.16.0/019c58b5-64dc-77f9-b913-8738b7d338cc/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/DeterminateSystems/determinate/%2A" + } + }, + "determinate-nixd-aarch64-darwin": { + "flake": false, + "locked": { + "narHash": "sha256-PUo0u1iNMB8eTlBNFMCW8/UAn1sGKGqsIYlXaDRhx00=", + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/macOS" + }, + "original": { + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/macOS" + } + }, + "determinate-nixd-aarch64-linux": { + "flake": false, + "locked": { + "narHash": "sha256-jiIWiM88xkEpBQeohSxhl83fn2xoZY0nFkrW6CUAIAI=", + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/aarch64-linux" + }, + "original": { + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/aarch64-linux" + } + }, + "determinate-nixd-x86_64-linux": { + "flake": false, + "locked": { + "narHash": "sha256-qF/NNdHwh3tAHrKIOz2FRq5Q8GcSMzJeEY/PFvGf5vo=", + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/x86_64-linux" + }, + "original": { + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/x86_64-linux" + } + }, "disko": { "inputs": { - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1769524058, @@ -170,6 +227,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1767039857, @@ -185,7 +258,7 @@ "type": "github" } }, - "flake-compat_2": { + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1747046372, @@ -202,6 +275,27 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "determinate", + "nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748821116, + "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=", + "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1", + "revCount": 377, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/hercules-ci/flake-parts/0.1.377%2Brev-49f0870db23e8c1ca0b5259734a02cd9e1e371a1/01972f28-554a-73f8-91f4-d488cc502f08/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/hercules-ci/flake-parts/0.1" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, @@ -219,7 +313,7 @@ "type": "github" } }, - "flake-parts_2": { + "flake-parts_3": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_2" }, @@ -237,7 +331,7 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -258,7 +352,7 @@ "type": "github" } }, - "flake-parts_4": { + "flake-parts_5": { "inputs": { "nixpkgs-lib": [ "terranix", @@ -295,6 +389,32 @@ "type": "github" } }, + "git-hooks-nix": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": [ + "determinate", + "nix" + ], + "nixpkgs": [ + "determinate", + "nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747372754, + "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", + "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", + "revCount": 1026, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/cachix/git-hooks.nix/0.1.1026%2Brev-80479b6ec16fefd9c1db3ea13aeb038c60530f46/0196d79a-1b35-7b8e-a021-c894fb62163d/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/cachix/git-hooks.nix/0.1.941" + } + }, "gnome-shell": { "flake": false, "locked": { @@ -401,7 +521,7 @@ "impermanence": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1769548169, @@ -432,10 +552,31 @@ "type": "github" } }, + "nix": { + "inputs": { + "flake-parts": "flake-parts", + "git-hooks-nix": "git-hooks-nix", + "nixpkgs": "nixpkgs", + "nixpkgs-23-11": "nixpkgs-23-11", + "nixpkgs-regression": "nixpkgs-regression" + }, + "locked": { + "lastModified": 1771010067, + "narHash": "sha256-Itk88UC3CxjGjjAb20KI6KrM9tRoGEpbv996fXwAWGo=", + "rev": "5c670e37e884c43e1da0405075c9b9c83d316a6c", + "revCount": 24629, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.16.0/019c589d-45e9-7337-9ff0-a8d78fecf63f/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/DeterminateSystems/nix-src/%2A" + } + }, "nix-ai-tools": { "inputs": { "blueprint": "blueprint", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_5", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -490,9 +631,9 @@ }, "nixos-cli": { "inputs": { - "flake-compat": "flake-compat", - "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_4", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts_3", + "nixpkgs": "nixpkgs_6", "optnix": "optnix" }, "locked": { @@ -511,17 +652,31 @@ }, "nixpkgs": { "locked": { - "lastModified": 1769330179, - "narHash": "sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv+6jcvA212M=", + "lastModified": 1761597516, + "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", + "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55", + "revCount": 811874, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.811874%2Brev-daf6dc47aa4b44791372d6139ab7b25269184d55/019a3494-3498-707e-9086-1fb81badc7fe/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/NixOS/nixpkgs/0.2505" + } + }, + "nixpkgs-23-11": { + "locked": { + "lastModified": 1717159533, + "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "48698d12cc10555a4f3e3222d9c669b884a49dfe", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", "repo": "nixpkgs", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", "type": "github" } }, @@ -555,6 +710,22 @@ "type": "github" } }, + "nixpkgs-regression": { + "locked": { + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1770770419, @@ -571,103 +742,7 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1768564909, - "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1770843696, - "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2343bbb58f99267223bc2aac4fc9ea301a155a16", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1767151656, - "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f665af0cdb70ed27e1bd8f9fdfecaf451260fc55", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { - "locked": { - "lastModified": 1759070547, - "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "647e5c14cbd5067f44ac86b74f014962df460840", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { - "locked": { - "lastModified": 1770562336, - "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_7": { - "locked": { - "lastModified": 1767767207, - "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_8": { + "nixpkgs_10": { "locked": { "lastModified": 1762111121, "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", @@ -683,7 +758,7 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_11": { "locked": { "lastModified": 1769461804, "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", @@ -699,6 +774,132 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1770537093, + "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", + "rev": "fef9403a3e4d31b0a23f0bacebbec52c248fbb51", + "revCount": 942631, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nixpkgs-weekly/0.1.942631%2Brev-fef9403a3e4d31b0a23f0bacebbec52c248fbb51/019c4621-ce4f-799f-82f6-b3b29f099b09/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/DeterminateSystems/nixpkgs-weekly/0.1" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1769330179, + "narHash": "sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv+6jcvA212M=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "48698d12cc10555a4f3e3222d9c669b884a49dfe", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1768564909, + "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1770843696, + "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2343bbb58f99267223bc2aac4fc9ea301a155a16", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1767151656, + "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f665af0cdb70ed27e1bd8f9fdfecaf451260fc55", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_7": { + "locked": { + "lastModified": 1759070547, + "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "647e5c14cbd5067f44ac86b74f014962df460840", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { + "locked": { + "lastModified": 1770562336, + "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_9": { + "locked": { + "lastModified": 1767767207, + "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "noctalia": { "inputs": { "nixpkgs": [ @@ -746,8 +947,8 @@ }, "optnix": { "inputs": { - "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs_5" + "flake-compat": "flake-compat_3", + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1765418479, @@ -766,8 +967,9 @@ "root": { "inputs": { "agenix": "agenix", + "determinate": "determinate", "disko": "disko", - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "home-manager": "home-manager_2", "impermanence": "impermanence", "import-tree": "import-tree", @@ -775,7 +977,7 @@ "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_8", "nixpkgs-stable": "nixpkgs-stable", "noctalia": "noctalia", "stylix": "stylix", @@ -791,9 +993,9 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_4", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_9", "nur": "nur", "systems": "systems_3", "tinted-foot": "tinted-foot", @@ -893,7 +1095,7 @@ }, "terranix": { "inputs": { - "flake-parts": "flake-parts_4", + "flake-parts": "flake-parts_5", "nixpkgs": [ "nixpkgs" ], @@ -1017,7 +1219,7 @@ }, "vicinae": { "inputs": { - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_10", "systems": "systems_5" }, "locked": { @@ -1037,7 +1239,7 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_4", - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_11" }, "locked": { "lastModified": 1771000521, diff --git a/flake.nix b/flake.nix index 2036828..c2f801c 100644 --- a/flake.nix +++ b/flake.nix @@ -5,6 +5,7 @@ # nix tools flake-parts.url = "github:hercules-ci/flake-parts"; import-tree.url = "github:vic/import-tree"; + determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*"; # nixos/hm nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; From 385586a376cdb9a78c0fb96a93d60f93b3957b69 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 17 Feb 2026 14:03:58 -0300 Subject: [PATCH 62/75] add vagrant to libvirtd aspect; add libvirtd aspect to alexandria --- aspects/hosts/alexandria.nix | 2 +- aspects/libvirtd.nix | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index c0c9f32..55867fa 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -27,7 +27,7 @@ # other aspects fwupd - lxc + libvirtd ]); }; } diff --git a/aspects/libvirtd.nix b/aspects/libvirtd.nix index 1135306..a21a23d 100644 --- a/aspects/libvirtd.nix +++ b/aspects/libvirtd.nix @@ -15,6 +15,8 @@ programs.virt-manager.enable = true; + environment.systemPackages = with pkgs; [ vagrant ]; + networking.firewall.trustedInterfaces = [ "virbr0" ]; users.users.user.extraGroups = [ From 79a6bd53bfa9e849bfbd0aa1e6b8340bed1171fc Mon Sep 17 00:00:00 2001 From: William Date: Tue, 17 Feb 2026 14:56:42 -0300 Subject: [PATCH 63/75] lima instead of vagrant --- aspects/libvirtd.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspects/libvirtd.nix b/aspects/libvirtd.nix index a21a23d..360743d 100644 --- a/aspects/libvirtd.nix +++ b/aspects/libvirtd.nix @@ -15,7 +15,7 @@ programs.virt-manager.enable = true; - environment.systemPackages = with pkgs; [ vagrant ]; + environment.systemPackages = with pkgs; [ lima ]; networking.firewall.trustedInterfaces = [ "virbr0" ]; From 561fdf5ef45d835c8948f6a9d644e165d92660b5 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 18 Feb 2026 16:08:53 -0300 Subject: [PATCH 64/75] 'system' has been renamed to/replaced by 'stdenv.hostPlatform.system' --- aspects/ai.nix | 2 +- aspects/desktop/niri.nix | 2 +- aspects/desktop/web.nix | 2 +- shells/default.nix | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/aspects/ai.nix b/aspects/ai.nix index 3431ddd..e3016e6 100644 --- a/aspects/ai.nix +++ b/aspects/ai.nix @@ -5,7 +5,7 @@ { environment.systemPackages = (with pkgs; [ ]) - ++ (with inputs.nix-ai-tools.packages.${pkgs.system}; [ + ++ (with inputs.nix-ai-tools.packages.${pkgs.stdenv.hostPlatform.system}; [ claude-code claudebox opencode diff --git a/aspects/desktop/niri.nix b/aspects/desktop/niri.nix index bc99482..9408097 100644 --- a/aspects/desktop/niri.nix +++ b/aspects/desktop/niri.nix @@ -48,7 +48,7 @@ home = { packages = with pkgs; [ xwayland-satellite - inputs.noctalia.packages.${pkgs.system}.default + inputs.noctalia.packages.${pkgs.stdenv.hostPlatform.system}.default ]; sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; }; diff --git a/aspects/desktop/web.nix b/aspects/desktop/web.nix index 1e4ed1c..8fb960a 100644 --- a/aspects/desktop/web.nix +++ b/aspects/desktop/web.nix @@ -9,7 +9,7 @@ }: { environment.systemPackages = with pkgs; [ - inputs.zen-browser.packages."${pkgs.system}".default + inputs.zen-browser.packages."${pkgs.stdenv.hostPlatform.system}".default bitwarden-desktop fragments nextcloud-client diff --git a/shells/default.nix b/shells/default.nix index a7cda20..d9eb50b 100644 --- a/shells/default.nix +++ b/shells/default.nix @@ -6,7 +6,7 @@ { devShells.default = pkgs.mkShell { packages = with pkgs; [ - inputs.agenix.packages.${system}.default + inputs.agenix.packages.${stdenv.hostPlatform.system}.default nil nixfmt ]; From 80b1246ad87b6a0f48f4629158bbb4c312faa0a7 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 18 Feb 2026 16:18:07 -0300 Subject: [PATCH 65/75] new readme --- readme.md | 130 ++++++++++++++++++++++++------------------------------ 1 file changed, 58 insertions(+), 72 deletions(-) diff --git a/readme.md b/readme.md index a2b815f..554c5bc 100644 --- a/readme.md +++ b/readme.md @@ -1,87 +1,73 @@ -# Nix Configuration +# NixOS Flake Configuration -My personal Nix configuration for multiple NixOS hosts, home-manager users, miscellaneous resources... too many things to list. If I could put my life in a flake I would. +Modular NixOS configuration using flake-parts with the [dendritic](https://github.com/gytis-ivaskevicius/dendritic) pattern. + +## Structure + +``` +. +├── aspects/ # Reusable NixOS/home-manager modules (dendritic) +│ ├── base/ # Base system configuration +│ ├── hosts/ # Host-specific configurations +│ │ ├── _alexandria/ +│ │ ├── _io/ +│ │ ├── _rotterdam/ +│ │ └── _trantor/ +│ ├── systems/ # System type modules (desktop, server, cli, gaming) +│ └── users/ # User account configurations +├── data/ # Shared host/service definitions +├── packages/ # Custom packages and overlays +├── shells/ # Shell configurations +└── terranix/ # Terraform configurations for cloud resources +``` ## Hosts -### Desktop Systems -- **rotterdam** - Main desktop workstation (x86_64) - - Features: Desktop, AI tools, Bluetooth, Dev environment, Gaming, Virtualization (libvirtd), Podman - - Storage: Ephemeral root with LUKS encryption - -- **io** - Laptop workstation (x86_64) - - Features: Desktop, AI tools, Bluetooth, Dev environment, Podman - - Storage: Ephemeral root with LUKS encryption - -### Servers -- **alexandria** - Home server (x86_64) - - Hosts: Nextcloud, Vaultwarden, Jellyfin, Kanidm - -- **trantor** - Cloud server (aarch64) - - Hosts: Forgejo - - Cloud provider: Oracle Cloud Infrastructure - - Storage: Ephemeral root with btrfs - -## Home Manager Configurations - -- **user@rotterdam** - Full desktop setup with gaming, OBS, and complete development environment -- **user@io** - Lightweight desktop setup - -Both configurations include: -- btop, direnv, helix, starship, tmux -- Stylix theme management -- Fish shell with custom configurations - -## Terranix Configurations - -Infrastructure as code using Terranix (NixOS + Terraform/OpenTofu): - -- **oci-trantor** - Oracle Cloud Infrastructure provisioning for Trantor server -- **cloudflare-baduhaidev** - DNS and CDN configuration for baduhai.dev domain -- **tailscale-tailnet** - Tailscale network ACL and device management +| Host | Architecture | Type | Description | +|------|--------------|------|-------------| +| trantor | aarch64-linux | server | ARM server running Forgejo | +| alexandria | x86_64-linux | server | x86 server (Kanidm, Vaultwarden, Nextcloud, Jellyfin) | +| rotterdam | x86_64-linux | desktop | Gaming desktop with GPU passthrough | +| io | x86_64-linux | desktop | Workstation | ## Services -All services are accessible via custom domains under baduhai.dev: +- **git.baduhai.dev** (Forgejo) - Publicly accessible on trantor -- **Kanidm** (auth.baduhai.dev) - Identity and access management -- **Vaultwarden** (pass.baduhai.dev) - Password manager -- **Forgejo** (git.baduhai.dev) - Git forge (publicly accessible) -- **Nextcloud** (cloud.baduhai.dev) - File sync and collaboration -- **Jellyfin** (jellyfin.baduhai.dev) - Media server +Other services (LAN/Tailscale only): Kanidm, Vaultwarden, Nextcloud, Jellyfin -Services are accessible via: -- LAN for alexandria-hosted services -- Tailscale VPN for all services -- Public internet for Forgejo only +## Features -## Notable Features +- **Ephemeral root**: Automatic btrfs subvolume rollover with impermanence +- **Secrets**: Managed via agenix with age encryption +- **Disk management**: disko for declarative disk partitioning +- **Modular architecture**: Each aspect is a separate module imported via import-tree +- **Dendritic pattern**: Aspects are imported as a unified flake module -### Ephemeral Root -Rotterdam, io, and trantor use an ephemeral root filesystem that resets on every boot: -- Root filesystem is automatically rolled back using btrfs snapshots -- Old snapshots retained for 30 days -- Persistent data stored in dedicated subvolumes -- Implements truly stateless systems +## Building -### Custom DNS Architecture -- Unbound DNS servers on both alexandria and trantor -- Service routing based on visibility flags (public/LAN/Tailscale) -- Split-horizon DNS for optimal access paths +```bash +# Build specific host +nix build .#nixosConfigurations.trantor.config.system.build.toplevel -### Security -- LUKS full-disk encryption on desktop systems -- Fail2ban on public-facing servers -- agenix for secrets management -- Tailscale for secure remote access +# Rebuild host (if using nixos-cli on the host) +sudo nixos apply +``` -### Desktop Environment -- Custom Niri window manager (Wayland compositor) -- Using forked version with auto-centering feature -- Stylix for consistent theming +## Terranix -### Development Setup -- Nix flakes for reproducible builds -- deploy-rs for automated deployments -- Podman for containerization -- Complete AI tooling integration +Terraform configurations for cloud infrastructure managed via terranix: + +- baduhai.dev DNS +- Cloudflare tunnel endpoints +- Tailscale subnet routers + +## Key Dependencies + +- nixpkgs (nixos-unstable for workstations, nixos for servers) +- home-manager +- agenix +- disko +- impermanence +- nix-flatpak +- nixos-cli From 1f9812fea0450f3bbf232bc20fb568094e71cc12 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 19 Feb 2026 07:05:48 -0300 Subject: [PATCH 66/75] improve homeConfigurations files --- aspects/users/user_io.nix | 4 +-- aspects/users/user_rotterdam.nix | 56 +++++++++++++++----------------- 2 files changed, 29 insertions(+), 31 deletions(-) diff --git a/aspects/users/user_io.nix b/aspects/users/user_io.nix index c956b1c..a8fa675 100644 --- a/aspects/users/user_io.nix +++ b/aspects/users/user_io.nix @@ -1,7 +1,7 @@ { inputs, lib, ... }: { - flake."user@io" = inputs.home-manager.lib.homeManagerConfiguration { + flake.homeConfigurations."user@io" = { pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; extraSpecialArgs = { inherit inputs; @@ -24,7 +24,7 @@ cli desktop - # other aspect + # other aspects stylix niri ]); diff --git a/aspects/users/user_rotterdam.nix b/aspects/users/user_rotterdam.nix index 56b2dc1..36f512d 100644 --- a/aspects/users/user_rotterdam.nix +++ b/aspects/users/user_rotterdam.nix @@ -1,35 +1,33 @@ { inputs, lib, ... }: { - flake.homeConfigurations = { - "user@rotterdam" = inputs.home-manager.lib.homeManagerConfiguration { - pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = { - inherit inputs; - hostname = "rotterdam"; - }; - modules = [ - { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - { - home = { - username = "user"; - homeDirectory = "/home/user"; - stateVersion = "22.05"; - }; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) - ] - ++ (with inputs.self.modules.homeManager; [ - # system aspects - base - cli - desktop - gaming - - # other aspects - stylix - niri - ]); + flake.homeConfigurations."user@rotterdam" = { + pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { + inherit inputs; + hostname = "rotterdam"; }; + modules = [ + { nixpkgs.overlays = [ inputs.self.overlays.default ]; } + { + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + }; + } + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) + ] + ++ (with inputs.self.modules.homeManager; [ + # system aspects + base + cli + desktop + gaming + + # other aspects + stylix + niri + ]); }; } From d51f6f14db38b6780f2b4b9f11ad406aae8e6644 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 19 Feb 2026 08:08:27 -0300 Subject: [PATCH 67/75] created mkHost and mkHomeConfiguration --- aspects/constants.nix | 82 +++++++++++++++++++++++++++++++- aspects/hosts/alexandria.nix | 36 +++++--------- aspects/hosts/io.nix | 41 +++++----------- aspects/hosts/rotterdam.nix | 39 +++++---------- aspects/hosts/trantor.nix | 43 ++++++----------- aspects/users/user.nix | 63 ++++++++++++++++++------ aspects/users/user_io.nix | 32 ------------- aspects/users/user_rotterdam.nix | 33 ------------- 8 files changed, 178 insertions(+), 191 deletions(-) delete mode 100644 aspects/users/user_io.nix delete mode 100644 aspects/users/user_rotterdam.nix diff --git a/aspects/constants.nix b/aspects/constants.nix index 7d77098..5a82660 100644 --- a/aspects/constants.nix +++ b/aspects/constants.nix @@ -1,4 +1,9 @@ -{ lib, config, ... }: +{ + inputs, + lib, + config, + ... +}: let # Host submodule type @@ -132,6 +137,81 @@ in local-data = lanData; } ]; + # Generates flake.homeConfigurations + mkHomeConfiguration = + { + user, + hostname, + system ? "x86_64-linux", + stateVersion ? "22.05", + nixpkgs ? inputs.nixpkgs, # override with e.g. inputs.nixpkgs-stable + userModules ? [ ], + overlays ? [ inputs.self.overlays.default ], + homeManagerModules ? with inputs.self.modules.homeManager; [ + base + cli + ], + userDirectory ? "/home/${user}", + }: + inputs.home-manager.lib.homeManagerConfiguration { + pkgs = nixpkgs.legacyPackages.${system}; + + extraSpecialArgs = { + inherit inputs hostname; + }; + + modules = [ + { nixpkgs.overlays = overlays; } + { + home = { + username = user; + homeDirectory = userDirectory; + inherit stateVersion; + }; + } + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) + "/${inputs.self}/aspects/users/_${user}" + ) + ] + ++ homeManagerModules + ++ userModules; + }; + # Generates flake.nixosConfigurations + mkHost = + { + hostname, + system ? "x86_64-linux", + nixpkgs ? inputs.nixpkgs, + overlays ? [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ], + ephemeralRootDev ? null, # pass rootDevice string to enable, e.g. ephemeralephemeralRootDev = "/dev/mapper/cryptroot" + nixosModules ? with inputs.self.modules.nixos; [ + base + cli + user + root + ], + extraModules ? [ ], + }: + nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = hostname; } + { nixpkgs.overlays = overlays; } + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) + "${inputs.self}/aspects/hosts/_${hostname}" + ) + ] + ++ (lib.optional (ephemeralRootDev != null) ( + inputs.self.factory.ephemeral { rootDevice = ephemeralRootDev; } + )) + ++ nixosModules + ++ extraModules; + }; }; }; } diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index 55867fa..be5027e 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -1,33 +1,19 @@ -{ inputs, lib, ... }: +{ inputs, ... }: + +let + mkHost = inputs.self.lib.mkHost; +in { - flake.nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "alexandria"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_alexandria) - ] - ++ (with inputs.self.modules.nixos; [ - # system aspects - base - cli + flake.nixosConfigurations.alexandria = mkHost { + hostname = "alexandria"; + nixpkgs = inputs.nixpkgs-stable; + extraModules = with inputs.self.modules.nixos; [ + # base aspects server - - # user aspects - user - root - # other aspects fwupd libvirtd - ]); + ]; }; } diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix index 6944555..cf5ecec 100644 --- a/aspects/hosts/io.nix +++ b/aspects/hosts/io.nix @@ -1,34 +1,17 @@ -{ inputs, lib, ... }: +{ inputs, ... }: + +let + mkHost = inputs.self.lib.mkHost; +in { - flake.nixosConfigurations.io = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "io"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_io) - (inputs.self.factory.ephemeral { - rootDevice = "/dev/mapper/cryptroot"; - }) - ] - ++ (with inputs.self.modules.nixos; [ - # system aspects - base - cli + flake.nixosConfigurations.io = mkHost { + hostname = "io"; + ephemeralRootDev = "/dev/mapper/cryptroot"; + extraModules = with inputs.self.modules.nixos; [ + # base aspects desktop - - # user aspects - user - root - - # Other aspects + # other aspects ai bluetooth dev @@ -36,6 +19,6 @@ networkmanager niri podman - ]); + ]; }; } diff --git a/aspects/hosts/rotterdam.nix b/aspects/hosts/rotterdam.nix index 1c177e4..f3b6fca 100644 --- a/aspects/hosts/rotterdam.nix +++ b/aspects/hosts/rotterdam.nix @@ -1,34 +1,17 @@ -{ inputs, lib, ... }: +{ inputs, ... }: + +let + mkHost = inputs.self.lib.mkHost; +in { - flake.nixosConfigurations.rotterdam = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "rotterdam"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_rotterdam) - (inputs.self.factory.ephemeral { - rootDevice = "/dev/mapper/cryptroot"; - }) - ] - ++ (with inputs.self.modules.nixos; [ - # system aspects - base - cli + flake.nixosConfigurations.rotterdam = mkHost { + hostname = "rotterdam"; + ephemeralRootDev = "/dev/mapper/cryptroot"; + extraModules = with inputs.self.modules.nixos; [ + # base aspects desktop gaming - - # user aspects - user - root - # other aspects ai bluetooth @@ -38,6 +21,6 @@ networkmanager niri podman - ]); + ]; }; } diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix index 076672c..14f9dd7 100644 --- a/aspects/hosts/trantor.nix +++ b/aspects/hosts/trantor.nix @@ -1,31 +1,18 @@ -{ inputs, lib, ... }: -{ - flake.nixosConfigurations.trantor = inputs.nixpkgs-stable.lib.nixosSystem { - system = "aarch64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "trantor"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_trantor) - (inputs.self.factory.ephemeral { - rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; - }) - ] - ++ (with inputs.self.modules.nixos; [ - # system aspects - base - cli - server +{ inputs, ... }: - # user aspects - user - root - ]); +let + mkHost = inputs.self.lib.mkHost; +in + +{ + flake.nixosConfigurations.trantor = mkHost { + hostname = "trantor"; + system = "aarch64-linux"; + nixpkgs = inputs.nixpkgs-stable; + ephemeralRootDev = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; + extraModules = with inputs.self.modules.nixos; [ + # base aspects + server + ]; }; } diff --git a/aspects/users/user.nix b/aspects/users/user.nix index e3f8530..86bcddb 100644 --- a/aspects/users/user.nix +++ b/aspects/users/user.nix @@ -1,22 +1,55 @@ -{ ... }: +{ inputs, ... }: + +let + mkHomeConfiguration = inputs.self.lib.mkHomeConfiguration; +in { - flake.modules.nixos.user = - { pkgs, ... }: - { - users.users.user = { - isNormalUser = true; - shell = pkgs.fish; - extraGroups = [ - "networkmanager" - "wheel" + flake = { + modules.nixos.user = + { pkgs, ... }: + { + users.users.user = { + isNormalUser = true; + shell = pkgs.fish; + extraGroups = [ + "networkmanager" + "wheel" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + ]; + hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; + }; + }; + homeConfigurations = { + "user@rotterdam" = mkHomeConfiguration { + user = "user"; + hostname = "rotterdam"; + userModules = with inputs.self.modules.homeManager; [ + # system aspects + desktop + gaming + + # other aspects + stylix + niri ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + }; + "user@io" = mkHomeConfiguration { + user = "user"; + hostname = "io"; + userModules = with inputs.self.modules.homeManager; [ + # system aspects + desktop + + # other aspects + stylix + niri ]; - hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; }; }; + }; } diff --git a/aspects/users/user_io.nix b/aspects/users/user_io.nix deleted file mode 100644 index a8fa675..0000000 --- a/aspects/users/user_io.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ inputs, lib, ... }: - -{ - flake.homeConfigurations."user@io" = { - pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = { - inherit inputs; - hostname = "io"; - }; - modules = [ - { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - { - home = { - username = "user"; - homeDirectory = "/home/user"; - stateVersion = "22.05"; - }; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) - ] - ++ (with inputs.self.modules.homeManager; [ - # system aspects - base - cli - desktop - - # other aspects - stylix - niri - ]); - }; -} diff --git a/aspects/users/user_rotterdam.nix b/aspects/users/user_rotterdam.nix deleted file mode 100644 index 36f512d..0000000 --- a/aspects/users/user_rotterdam.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ inputs, lib, ... }: - -{ - flake.homeConfigurations."user@rotterdam" = { - pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = { - inherit inputs; - hostname = "rotterdam"; - }; - modules = [ - { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - { - home = { - username = "user"; - homeDirectory = "/home/user"; - stateVersion = "22.05"; - }; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) - ] - ++ (with inputs.self.modules.homeManager; [ - # system aspects - base - cli - desktop - gaming - - # other aspects - stylix - niri - ]); - }; -} From be4553046c151c048cc4bac3bf45f310b32ee5c3 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 19 Feb 2026 09:02:16 -0300 Subject: [PATCH 68/75] nix-ai-tools not that up to date --- aspects/ai.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/aspects/ai.nix b/aspects/ai.nix index e3016e6..99efd60 100644 --- a/aspects/ai.nix +++ b/aspects/ai.nix @@ -4,11 +4,8 @@ { inputs, pkgs, ... }: { environment.systemPackages = - (with pkgs; [ ]) + (with pkgs; [ opencode ]) ++ (with inputs.nix-ai-tools.packages.${pkgs.stdenv.hostPlatform.system}; [ - claude-code - claudebox - opencode ]); }; } From 09b0e64708e2f936e5eed33992cf4ffbb9f48f29 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 19 Feb 2026 09:10:44 -0300 Subject: [PATCH 69/75] determinate nix breaks my systems --- aspects/base/nix.nix | 31 ++--- flake.lock | 322 ++++++++----------------------------------- flake.nix | 1 - 3 files changed, 75 insertions(+), 279 deletions(-) diff --git a/aspects/base/nix.nix b/aspects/base/nix.nix index 29feff8..2442024 100644 --- a/aspects/base/nix.nix +++ b/aspects/base/nix.nix @@ -3,25 +3,24 @@ flake.modules.nixos.nix = { inputs, pkgs, ... }: { - imports = [ - inputs.nixos-cli.nixosModules.nixos-cli - inputs.determinate.nixosModules.default - ]; + imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; - nix.gc = { - automatic = true; - options = "--delete-older-than 8d"; + nix = { + settings = { + auto-optimise-store = true; + connect-timeout = 10; + log-lines = 25; + min-free = 128000000; + max-free = 1000000000; + trusted-users = [ "@wheel" ]; + }; + extraOptions = "experimental-features = nix-command flakes"; + gc = { + automatic = true; + options = "--delete-older-than 8d"; + }; }; - environment.etc."nix/nix.custom.conf".text = '' - auto-optimise-store = true - connect-timeout = 10 - log-lines = 25 - min-free = 128000000 - max-free = 1000000000 - trusted-users = @wheel - ''; - nixpkgs.config = { allowUnfree = true; enableParallelBuilding = true; diff --git a/flake.lock b/flake.lock index 8b17f1e..20de064 100644 --- a/flake.lock +++ b/flake.lock @@ -135,66 +135,9 @@ "type": "github" } }, - "determinate": { - "inputs": { - "determinate-nixd-aarch64-darwin": "determinate-nixd-aarch64-darwin", - "determinate-nixd-aarch64-linux": "determinate-nixd-aarch64-linux", - "determinate-nixd-x86_64-linux": "determinate-nixd-x86_64-linux", - "nix": "nix", - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1771014593, - "narHash": "sha256-NrCFwn20ewJwy/SZoREs+XylerizPCYP54n9qkr31/E=", - "rev": "69b4ff80ae2bbdd1e3f02ccd76a5f2988b118ed2", - "revCount": 397, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.16.0/019c58b5-64dc-77f9-b913-8738b7d338cc/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/DeterminateSystems/determinate/%2A" - } - }, - "determinate-nixd-aarch64-darwin": { - "flake": false, - "locked": { - "narHash": "sha256-PUo0u1iNMB8eTlBNFMCW8/UAn1sGKGqsIYlXaDRhx00=", - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/macOS" - }, - "original": { - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/macOS" - } - }, - "determinate-nixd-aarch64-linux": { - "flake": false, - "locked": { - "narHash": "sha256-jiIWiM88xkEpBQeohSxhl83fn2xoZY0nFkrW6CUAIAI=", - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/aarch64-linux" - }, - "original": { - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/aarch64-linux" - } - }, - "determinate-nixd-x86_64-linux": { - "flake": false, - "locked": { - "narHash": "sha256-qF/NNdHwh3tAHrKIOz2FRq5Q8GcSMzJeEY/PFvGf5vo=", - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/x86_64-linux" - }, - "original": { - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/x86_64-linux" - } - }, "disko": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs" }, "locked": { "lastModified": 1769524058, @@ -227,22 +170,6 @@ } }, "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { "flake": false, "locked": { "lastModified": 1767039857, @@ -258,7 +185,7 @@ "type": "github" } }, - "flake-compat_3": { + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1747046372, @@ -275,27 +202,6 @@ } }, "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "determinate", - "nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1748821116, - "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=", - "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1", - "revCount": 377, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/hercules-ci/flake-parts/0.1.377%2Brev-49f0870db23e8c1ca0b5259734a02cd9e1e371a1/01972f28-554a-73f8-91f4-d488cc502f08/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/hercules-ci/flake-parts/0.1" - } - }, - "flake-parts_2": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, @@ -313,7 +219,7 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_2": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_2" }, @@ -331,7 +237,7 @@ "type": "github" } }, - "flake-parts_4": { + "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -352,7 +258,7 @@ "type": "github" } }, - "flake-parts_5": { + "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "terranix", @@ -389,32 +295,6 @@ "type": "github" } }, - "git-hooks-nix": { - "inputs": { - "flake-compat": "flake-compat", - "gitignore": [ - "determinate", - "nix" - ], - "nixpkgs": [ - "determinate", - "nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1747372754, - "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", - "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", - "revCount": 1026, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/cachix/git-hooks.nix/0.1.1026%2Brev-80479b6ec16fefd9c1db3ea13aeb038c60530f46/0196d79a-1b35-7b8e-a021-c894fb62163d/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/cachix/git-hooks.nix/0.1.941" - } - }, "gnome-shell": { "flake": false, "locked": { @@ -521,7 +401,7 @@ "impermanence": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1769548169, @@ -552,31 +432,10 @@ "type": "github" } }, - "nix": { - "inputs": { - "flake-parts": "flake-parts", - "git-hooks-nix": "git-hooks-nix", - "nixpkgs": "nixpkgs", - "nixpkgs-23-11": "nixpkgs-23-11", - "nixpkgs-regression": "nixpkgs-regression" - }, - "locked": { - "lastModified": 1771010067, - "narHash": "sha256-Itk88UC3CxjGjjAb20KI6KrM9tRoGEpbv996fXwAWGo=", - "rev": "5c670e37e884c43e1da0405075c9b9c83d316a6c", - "revCount": 24629, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.16.0/019c589d-45e9-7337-9ff0-a8d78fecf63f/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/DeterminateSystems/nix-src/%2A" - } - }, "nix-ai-tools": { "inputs": { "blueprint": "blueprint", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_3", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -631,9 +490,9 @@ }, "nixos-cli": { "inputs": { - "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_6", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts_2", + "nixpkgs": "nixpkgs_4", "optnix": "optnix" }, "locked": { @@ -652,31 +511,17 @@ }, "nixpkgs": { "locked": { - "lastModified": 1761597516, - "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", - "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55", - "revCount": 811874, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.811874%2Brev-daf6dc47aa4b44791372d6139ab7b25269184d55/019a3494-3498-707e-9086-1fb81badc7fe/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/NixOS/nixpkgs/0.2505" - } - }, - "nixpkgs-23-11": { - "locked": { - "lastModified": 1717159533, - "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=", + "lastModified": 1769330179, + "narHash": "sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv+6jcvA212M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", + "rev": "48698d12cc10555a4f3e3222d9c669b884a49dfe", "type": "github" }, "original": { "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", - "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", "type": "github" } }, @@ -710,22 +555,6 @@ "type": "github" } }, - "nixpkgs-regression": { - "locked": { - "lastModified": 1643052045, - "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - } - }, "nixpkgs-stable": { "locked": { "lastModified": 1770770419, @@ -742,69 +571,7 @@ "type": "github" } }, - "nixpkgs_10": { - "locked": { - "lastModified": 1762111121, - "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { - "locked": { - "lastModified": 1769461804, - "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { - "locked": { - "lastModified": 1770537093, - "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", - "rev": "fef9403a3e4d31b0a23f0bacebbec52c248fbb51", - "revCount": 942631, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nixpkgs-weekly/0.1.942631%2Brev-fef9403a3e4d31b0a23f0bacebbec52c248fbb51/019c4621-ce4f-799f-82f6-b3b29f099b09/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/DeterminateSystems/nixpkgs-weekly/0.1" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1769330179, - "narHash": "sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv+6jcvA212M=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "48698d12cc10555a4f3e3222d9c669b884a49dfe", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { "locked": { "lastModified": 1768564909, "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", @@ -820,7 +587,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_3": { "locked": { "lastModified": 1770843696, "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=", @@ -836,7 +603,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_4": { "locked": { "lastModified": 1767151656, "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", @@ -852,7 +619,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_5": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -868,7 +635,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_6": { "locked": { "lastModified": 1770562336, "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", @@ -884,7 +651,7 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_7": { "locked": { "lastModified": 1767767207, "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", @@ -900,6 +667,38 @@ "type": "github" } }, + "nixpkgs_8": { + "locked": { + "lastModified": 1762111121, + "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_9": { + "locked": { + "lastModified": 1769461804, + "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "noctalia": { "inputs": { "nixpkgs": [ @@ -947,8 +746,8 @@ }, "optnix": { "inputs": { - "flake-compat": "flake-compat_3", - "nixpkgs": "nixpkgs_7" + "flake-compat": "flake-compat_2", + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1765418479, @@ -967,9 +766,8 @@ "root": { "inputs": { "agenix": "agenix", - "determinate": "determinate", "disko": "disko", - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts", "home-manager": "home-manager_2", "impermanence": "impermanence", "import-tree": "import-tree", @@ -977,7 +775,7 @@ "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_6", "nixpkgs-stable": "nixpkgs-stable", "noctalia": "noctalia", "stylix": "stylix", @@ -993,9 +791,9 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_4", + "flake-parts": "flake-parts_3", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_7", "nur": "nur", "systems": "systems_3", "tinted-foot": "tinted-foot", @@ -1095,7 +893,7 @@ }, "terranix": { "inputs": { - "flake-parts": "flake-parts_5", + "flake-parts": "flake-parts_4", "nixpkgs": [ "nixpkgs" ], @@ -1219,7 +1017,7 @@ }, "vicinae": { "inputs": { - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_8", "systems": "systems_5" }, "locked": { @@ -1239,7 +1037,7 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_4", - "nixpkgs": "nixpkgs_11" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1771000521, diff --git a/flake.nix b/flake.nix index c2f801c..2036828 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,6 @@ # nix tools flake-parts.url = "github:hercules-ci/flake-parts"; import-tree.url = "github:vic/import-tree"; - determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*"; # nixos/hm nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; From e9c17f10a5f3c999b46b7941b21db46a5cec68ef Mon Sep 17 00:00:00 2001 From: baduhai Date: Thu, 19 Feb 2026 18:29:03 -0300 Subject: [PATCH 70/75] Update readme.md --- readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/readme.md b/readme.md index 554c5bc..52f8af1 100644 --- a/readme.md +++ b/readme.md @@ -27,14 +27,14 @@ Modular NixOS configuration using flake-parts with the [dendritic](https://githu |------|--------------|------|-------------| | trantor | aarch64-linux | server | ARM server running Forgejo | | alexandria | x86_64-linux | server | x86 server (Kanidm, Vaultwarden, Nextcloud, Jellyfin) | -| rotterdam | x86_64-linux | desktop | Gaming desktop with GPU passthrough | +| rotterdam | x86_64-linux | desktop | Main workstation setup for gaming | | io | x86_64-linux | desktop | Workstation | ## Services - **git.baduhai.dev** (Forgejo) - Publicly accessible on trantor -Other services (LAN/Tailscale only): Kanidm, Vaultwarden, Nextcloud, Jellyfin +Other services (LAN/Tailscale only): Vaultwarden, Nextcloud, Jellyfin ## Features From b16821ef741129fb9053f75325c8831a9e27fab7 Mon Sep 17 00:00:00 2001 From: baduhai Date: Thu, 19 Feb 2026 18:32:43 -0300 Subject: [PATCH 71/75] Update readme.md --- readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/readme.md b/readme.md index 52f8af1..e36ccec 100644 --- a/readme.md +++ b/readme.md @@ -58,8 +58,8 @@ sudo nixos apply Terraform configurations for cloud infrastructure managed via terranix: -- baduhai.dev DNS -- Cloudflare tunnel endpoints +- baduhai.dev DNS on CloudFlare +- VPS provisioning on OCI - Tailscale subnet routers ## Key Dependencies From 87d75380bb7a1661394f86cc58f00f89a45f47ad Mon Sep 17 00:00:00 2001 From: William Date: Fri, 20 Feb 2026 11:14:31 -0300 Subject: [PATCH 72/75] add beeper to web packages --- aspects/desktop/web.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/aspects/desktop/web.nix b/aspects/desktop/web.nix index 8fb960a..4e4fe5b 100644 --- a/aspects/desktop/web.nix +++ b/aspects/desktop/web.nix @@ -10,6 +10,7 @@ { environment.systemPackages = with pkgs; [ inputs.zen-browser.packages."${pkgs.stdenv.hostPlatform.system}".default + beeper bitwarden-desktop fragments nextcloud-client From 834d4d516090f96e44c58dfa8eb409849acc95ea Mon Sep 17 00:00:00 2001 From: William Date: Sun, 22 Feb 2026 16:08:52 -0300 Subject: [PATCH 73/75] add ungoogled-chromium to web aspect --- aspects/desktop/web.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/aspects/desktop/web.nix b/aspects/desktop/web.nix index 4e4fe5b..9d6494f 100644 --- a/aspects/desktop/web.nix +++ b/aspects/desktop/web.nix @@ -15,6 +15,7 @@ fragments nextcloud-client tor-browser + ungoogled-chromium vesktop ]; }; From 84e7f6c51041f3a0dda2f254881f8b0b630e3b44 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 23 Feb 2026 08:31:38 -0300 Subject: [PATCH 74/75] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nix-ai-tools': 'github:numtide/llm-agents.nix/266d4d8a55eef6dd23cd0adced301053d8fc23c9?narHash=sha256-HQXK2CXAhBuTBw99Ip018Vp9MMAPfJVywgRrkwMUgMc%3D' (2026-02-12) → 'github:numtide/llm-agents.nix/db94a329058a1a37b49d3209af85708b3338559a?narHash=sha256-q5Wsb1573qDfIPJctG9CBZP0NMniejoB7SmBLZIVAHg%3D' (2026-02-23) • Updated input 'nix-ai-tools/blueprint': 'github:numtide/blueprint/c7da5c70ad1c9b60b6f5d4f674fbe205d48d8f6c?narHash=sha256-zI%2B7cbMI4wMIR57jMjDSEsVb3grapTnURDxxJPYFIW0%3D' (2026-01-25) → 'github:numtide/blueprint/06ee7190dc2620ea98af9eb225aa9627b68b0e33?narHash=sha256-bLqwib%2BrtyBRRVBWhMuBXPCL/OThfokA%2Bj6%2BuH7jDGU%3D' (2026-02-18) • Updated input 'nix-ai-tools/nixpkgs': 'github:NixOS/nixpkgs/2343bbb58f99267223bc2aac4fc9ea301a155a16?narHash=sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8%3D' (2026-02-11) → 'github:NixOS/nixpkgs/d1c15b7d5806069da59e819999d70e1cec0760bf?narHash=sha256-b9uG8yN50DRQ6A7JdZBfzq718ryYrlmGgqkRm9OOwCE%3D' (2026-02-16) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 20de064..a99cac7 100644 --- a/flake.lock +++ b/flake.lock @@ -100,11 +100,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1769353768, - "narHash": "sha256-zI+7cbMI4wMIR57jMjDSEsVb3grapTnURDxxJPYFIW0=", + "lastModified": 1771437256, + "narHash": "sha256-bLqwib+rtyBRRVBWhMuBXPCL/OThfokA+j6+uH7jDGU=", "owner": "numtide", "repo": "blueprint", - "rev": "c7da5c70ad1c9b60b6f5d4f674fbe205d48d8f6c", + "rev": "06ee7190dc2620ea98af9eb225aa9627b68b0e33", "type": "github" }, "original": { @@ -439,11 +439,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1770907059, - "narHash": "sha256-HQXK2CXAhBuTBw99Ip018Vp9MMAPfJVywgRrkwMUgMc=", + "lastModified": 1771816560, + "narHash": "sha256-q5Wsb1573qDfIPJctG9CBZP0NMniejoB7SmBLZIVAHg=", "owner": "numtide", "repo": "llm-agents.nix", - "rev": "266d4d8a55eef6dd23cd0adced301053d8fc23c9", + "rev": "db94a329058a1a37b49d3209af85708b3338559a", "type": "github" }, "original": { @@ -589,11 +589,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1770843696, - "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=", + "lastModified": 1771207753, + "narHash": "sha256-b9uG8yN50DRQ6A7JdZBfzq718ryYrlmGgqkRm9OOwCE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2343bbb58f99267223bc2aac4fc9ea301a155a16", + "rev": "d1c15b7d5806069da59e819999d70e1cec0760bf", "type": "github" }, "original": { From c3650b73a1310c61c2e67afe0d1347bc4dac852a Mon Sep 17 00:00:00 2001 From: William Date: Mon, 23 Feb 2026 08:32:16 -0300 Subject: [PATCH 75/75] opencode from nix-ai-tools --- aspects/ai.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/aspects/ai.nix b/aspects/ai.nix index 99efd60..f3eb6dd 100644 --- a/aspects/ai.nix +++ b/aspects/ai.nix @@ -4,8 +4,16 @@ { inputs, pkgs, ... }: { environment.systemPackages = - (with pkgs; [ opencode ]) + (with pkgs; [ ]) ++ (with inputs.nix-ai-tools.packages.${pkgs.stdenv.hostPlatform.system}; [ + opencode ]); + + nix.settings = { + extra-substituters = [ "https://cache.numtide.com" ]; + extra-trusted-public-keys = [ + "niks3.numtide.com-1:DTx8wZduET09hRmMtKdQDxNNthLQETkc/yaX7M4qK0g=" + ]; + }; }; }