diff --git a/.gitignore b/.gitignore index 2a47a91..73105bb 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,13 @@ -result/ +# Nix build outputs result +result-* .direnv/ -.pre-commit-config.yaml +oci-trantor/ +tailscale-tailnet/ +cloudflare-baduhaidev + +# Personal notes and temporary files +todo.md +notes.md +scratch/ +tmp/ diff --git a/aspects/ai.nix b/aspects/ai.nix new file mode 100644 index 0000000..f3eb6dd --- /dev/null +++ b/aspects/ai.nix @@ -0,0 +1,19 @@ +{ ... }: +{ + flake.modules.nixos.ai = + { inputs, pkgs, ... }: + { + environment.systemPackages = + (with pkgs; [ ]) + ++ (with inputs.nix-ai-tools.packages.${pkgs.stdenv.hostPlatform.system}; [ + opencode + ]); + + nix.settings = { + extra-substituters = [ "https://cache.numtide.com" ]; + extra-trusted-public-keys = [ + "niks3.numtide.com-1:DTx8wZduET09hRmMtKdQDxNNthLQETkc/yaX7M4qK0g=" + ]; + }; + }; +} diff --git a/aspects/base/bash.nix b/aspects/base/bash.nix new file mode 100644 index 0000000..6ba97ef --- /dev/null +++ b/aspects/base/bash.nix @@ -0,0 +1,16 @@ +{ ... }: +{ + flake.modules.homeManager.bash = + { + config, + lib, + pkgs, + ... + }: + { + programs.bash = { + enable = true; + historyFile = "~/.cache/bash_history"; + }; + }; +} diff --git a/aspects/base/boot.nix b/aspects/base/boot.nix new file mode 100644 index 0000000..ec8593d --- /dev/null +++ b/aspects/base/boot.nix @@ -0,0 +1,23 @@ +{ ... }: +{ + flake.modules.nixos.boot = + { pkgs, ... }: + { + boot = { + loader = { + timeout = 1; + efi.canTouchEfiVariables = true; + systemd-boot = { + enable = true; + editor = false; + consoleMode = "max"; + sortKey = "aa"; + netbootxyz = { + enable = true; + sortKey = "zz"; + }; + }; + }; + }; + }; +} diff --git a/aspects/base/console.nix b/aspects/base/console.nix new file mode 100644 index 0000000..6bb7be4 --- /dev/null +++ b/aspects/base/console.nix @@ -0,0 +1,11 @@ +{ ... }: +{ + flake.modules.nixos.console = + { ... }: + { + console = { + useXkbConfig = true; + earlySetup = true; + }; + }; +} diff --git a/aspects/base/firewall.nix b/aspects/base/firewall.nix new file mode 100644 index 0000000..68ffa6e --- /dev/null +++ b/aspects/base/firewall.nix @@ -0,0 +1,11 @@ +{ ... }: +{ + flake.modules.nixos.firewall = + { ... }: + { + networking = { + firewall.enable = true; + nftables.enable = true; + }; + }; +} diff --git a/aspects/base/fish.nix b/aspects/base/fish.nix new file mode 100644 index 0000000..8ed326a --- /dev/null +++ b/aspects/base/fish.nix @@ -0,0 +1,47 @@ +{ ... }: +{ + flake.modules = { + nixos.fish = + { ... }: + { + programs.fish.enable = true; + }; + homeManager.fish = + { + config, + lib, + pkgs, + ... + }: + { + programs.fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + ${lib.getExe pkgs.nix-your-shell} fish | source + ''; + loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; + plugins = [ + { + name = "bang-bang"; + src = pkgs.fetchFromGitHub { + owner = "oh-my-fish"; + repo = "plugin-bang-bang"; + rev = "f969c618301163273d0a03d002614d9a81952c1e"; + sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; + }; + } + { + name = "z"; + src = pkgs.fetchFromGitHub { + owner = "jethrokuan"; + repo = "z"; + rev = "067e867debee59aee231e789fc4631f80fa5788e"; + sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU="; + }; + } + ]; + }; + }; + }; +} diff --git a/aspects/base/locale.nix b/aspects/base/locale.nix new file mode 100644 index 0000000..4d0c716 --- /dev/null +++ b/aspects/base/locale.nix @@ -0,0 +1,24 @@ +{ ... }: +{ + flake.modules.nixos.locale = + { ... }: + { + time.timeZone = "America/Bahia"; + + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocaleSettings = { + LC_ADDRESS = "pt_BR.utf8"; + LC_COLLATE = "pt_BR.utf8"; + LC_IDENTIFICATION = "pt_BR.utf8"; + LC_MEASUREMENT = "pt_BR.utf8"; + LC_MONETARY = "pt_BR.utf8"; + LC_NAME = "pt_BR.utf8"; + LC_NUMERIC = "pt_BR.utf8"; + LC_PAPER = "pt_BR.utf8"; + LC_TELEPHONE = "pt_BR.utf8"; + LC_TIME = "en_IE.utf8"; + }; + }; + }; +} diff --git a/aspects/base/nix.nix b/aspects/base/nix.nix new file mode 100644 index 0000000..2442024 --- /dev/null +++ b/aspects/base/nix.nix @@ -0,0 +1,51 @@ +{ ... }: +{ + flake.modules.nixos.nix = + { inputs, pkgs, ... }: + { + imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; + + nix = { + settings = { + auto-optimise-store = true; + connect-timeout = 10; + log-lines = 25; + min-free = 128000000; + max-free = 1000000000; + trusted-users = [ "@wheel" ]; + }; + extraOptions = "experimental-features = nix-command flakes"; + gc = { + automatic = true; + options = "--delete-older-than 8d"; + }; + }; + + nixpkgs.config = { + allowUnfree = true; + enableParallelBuilding = true; + buildManPages = false; + buildDocs = false; + }; + + services.nixos-cli = { + enable = true; + config = { + use_nvd = true; + ignore_dirty_tree = true; + apply = { + reexec_as_root = true; + use_nom = true; + }; + confirmation.empty = "default-yes"; + }; + }; + + environment.systemPackages = with pkgs; [ + nix-output-monitor + nvd + ]; + + system.stateVersion = "22.11"; + }; +} diff --git a/aspects/base/security.nix b/aspects/base/security.nix new file mode 100644 index 0000000..310e345 --- /dev/null +++ b/aspects/base/security.nix @@ -0,0 +1,13 @@ +{ ... }: +{ + flake.modules.nixos.security = + { ... }: + { + security.sudo = { + wheelNeedsPassword = false; + extraConfig = '' + Defaults lecture = never + ''; + }; + }; +} diff --git a/aspects/base/ssh.nix b/aspects/base/ssh.nix new file mode 100644 index 0000000..6569bf0 --- /dev/null +++ b/aspects/base/ssh.nix @@ -0,0 +1,32 @@ +{ ... }: + +{ + flake.modules.nixos.ssh = + { ... }: + { + services.openssh = { + enable = true; + settings.PermitRootLogin = "no"; + extraConfig = '' + PrintLastLog no + ''; + }; + programs = { + bash.interactiveShellInit = '' + if [ -n "$SSH_CONNECTION" ] && [ -z "$IN_NIX_SHELL" ] && [ -z "$TMUX" ]; then + export TERM=xterm-256color + clear + fastfetch + fi + ''; + fish.interactiveShellInit = '' + set fish_greeting + if set -q SSH_CONNECTION; and not set -q IN_NIX_SHELL; and not set -q TMUX + export TERM=xterm-256color + clear + fastfetch + end + ''; + }; + }; +} diff --git a/aspects/bluetooth.nix b/aspects/bluetooth.nix new file mode 100644 index 0000000..6c7b2d8 --- /dev/null +++ b/aspects/bluetooth.nix @@ -0,0 +1,16 @@ +{ ... }: +{ + flake.modules.nixos.bluetooth = + { + config, + lib, + pkgs, + ... + }: + { + hardware.bluetooth = { + enable = true; + powerOnBoot = false; + }; + }; +} diff --git a/aspects/cli/btop.nix b/aspects/cli/btop.nix new file mode 100644 index 0000000..220a462 --- /dev/null +++ b/aspects/cli/btop.nix @@ -0,0 +1,28 @@ +{ ... }: +{ + flake.modules = { + nixos.btop = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ btop ]; + }; + + homeManager.btop = + { + config, + lib, + pkgs, + ... + }: + { + programs.btop = { + enable = true; + settings = { + theme_background = false; + proc_sorting = "cpu direct"; + update_ms = 500; + }; + }; + }; + }; +} diff --git a/aspects/cli/comma.nix b/aspects/cli/comma.nix new file mode 100644 index 0000000..169144f --- /dev/null +++ b/aspects/cli/comma.nix @@ -0,0 +1,16 @@ +{ ... }: +{ + flake.modules.homeManager.comma = + { + config, + lib, + pkgs, + inputs, + ... + }: + { + imports = [ inputs.nix-index-database.homeModules.nix-index ]; + + programs.nix-index-database.comma.enable = true; + }; +} diff --git a/aspects/cli/direnv.nix b/aspects/cli/direnv.nix new file mode 100644 index 0000000..2cfb2ef --- /dev/null +++ b/aspects/cli/direnv.nix @@ -0,0 +1,16 @@ +{ ... }: +{ + flake.modules.homeManager.direnv = + { + config, + lib, + pkgs, + ... + }: + { + programs.direnv = { + enable = true; + nix-direnv.enable = true; + }; + }; +} diff --git a/aspects/cli/helix.nix b/aspects/cli/helix.nix new file mode 100644 index 0000000..a21641a --- /dev/null +++ b/aspects/cli/helix.nix @@ -0,0 +1,67 @@ +{ ... }: +{ + flake.modules = { + nixos.helix = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + helix + ]; + }; + + homeManager.helix = + { + config, + lib, + pkgs, + ... + }: + { + home.sessionVariables = { + EDITOR = "hx"; + }; + + programs.helix = { + enable = true; + settings = { + editor = { + file-picker.hidden = false; + idle-timeout = 0; + line-number = "relative"; + cursor-shape = { + normal = "underline"; + insert = "bar"; + select = "underline"; + }; + soft-wrap.enable = true; + auto-format = true; + indent-guides.render = true; + }; + keys.normal = { + space = { + o = "file_picker_in_current_buffer_directory"; + esc = [ + "collapse_selection" + "keep_primary_selection" + ]; + }; + }; + }; + languages = { + language = [ + { + name = "nix"; + auto-format = true; + formatter.command = "nixfmt"; + } + { + name = "typst"; + auto-format = true; + formatter.command = "typstyle -c 1000 -i"; + } + ]; + }; + }; + }; + }; +} diff --git a/aspects/cli/hm-cli.nix b/aspects/cli/hm-cli.nix new file mode 100644 index 0000000..97d79e4 --- /dev/null +++ b/aspects/cli/hm-cli.nix @@ -0,0 +1,18 @@ +{ ... }: +{ + flake.modules.homeManager.hm-cli = + { + config, + lib, + pkgs, + ... + }: + { + home = { + packages = with pkgs; [ hm-cli ]; + sessionVariables = { + HM_PATH = "/etc/nixos"; + }; + }; + }; +} diff --git a/aspects/cli/starship.nix b/aspects/cli/starship.nix new file mode 100644 index 0000000..3ac5e4f --- /dev/null +++ b/aspects/cli/starship.nix @@ -0,0 +1,48 @@ +{ ... }: +{ + flake.modules.homeManager.starship = + { + config, + lib, + pkgs, + ... + }: + { + programs.starship = { + enable = true; + enableBashIntegration = true; + enableFishIntegration = true; + settings = { + add_newline = false; + format = '' + $hostname$directory$git_branch$git_status$nix_shell + [ ❯ ](bold green) + ''; + right_format = "$cmd_duration$character"; + hostname = { + ssh_symbol = "󰖟 "; + }; + character = { + error_symbol = "[](red)"; + success_symbol = "[󱐋](green)"; + }; + cmd_duration = { + format = "[󰄉 $duration ]($style)"; + style = "yellow"; + min_time = 500; + }; + git_branch = { + symbol = " "; + style = "purple"; + }; + git_status.style = "red"; + nix_shell = { + format = "via [$symbol$state]($style)"; + heuristic = true; + style = "blue"; + symbol = "󱄅 "; + }; + }; + }; + }; +} diff --git a/aspects/cli/tmux.nix b/aspects/cli/tmux.nix new file mode 100644 index 0000000..4937574 --- /dev/null +++ b/aspects/cli/tmux.nix @@ -0,0 +1,29 @@ +{ ... }: +{ + flake.modules = { + nixos.tmux = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + tmux + ]; + }; + + homeManager.tmux = + { + config, + lib, + pkgs, + ... + }: + { + programs.tmux = { + enable = true; + clock24 = true; + terminal = "xterm-256color"; + mouse = true; + keyMode = "vi"; + }; + }; + }; +} diff --git a/aspects/constants.nix b/aspects/constants.nix new file mode 100644 index 0000000..5a82660 --- /dev/null +++ b/aspects/constants.nix @@ -0,0 +1,217 @@ +{ + inputs, + lib, + config, + ... +}: + +let + # Host submodule type + hostType = lib.types.submodule { + options = { + lanIP = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "LAN IP address for the host"; + }; + tailscaleIP = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Tailscale IP address for the host"; + }; + }; + }; + + # Service submodule type + serviceType = lib.types.submodule { + options = { + name = lib.mkOption { + type = lib.types.str; + description = "Service name"; + }; + domain = lib.mkOption { + type = lib.types.str; + description = "Domain name for the service"; + }; + host = lib.mkOption { + type = lib.types.str; + description = "Host where the service runs"; + }; + public = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether the service is publicly accessible"; + }; + lanIP = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "LAN IP address (inherited from host)"; + }; + tailscaleIP = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Tailscale IP address (inherited from host)"; + }; + }; + }; + + # Import shared data (also used by terranix) + sharedData = import ../data/services.nix; + + # Enrich services with host IP information + enrichServices = + hosts: services: + map ( + svc: + let + hostInfo = hosts.${svc.host} or { }; + in + svc + // { + lanIP = hostInfo.lanIP or null; + tailscaleIP = hostInfo.tailscaleIP or null; + } + ) services; + +in +{ + options.flake = { + hosts = lib.mkOption { + type = lib.types.attrsOf hostType; + default = { }; + description = "Host definitions with IP addresses"; + }; + + services = lib.mkOption { + type = lib.types.listOf serviceType; + default = [ ]; + description = "Service definitions with enriched host information"; + }; + + lib = lib.mkOption { + type = lib.types.attrsOf lib.types.raw; + default = { }; + description = "Utility functions for flake configuration"; + }; + }; + + config.flake = { + hosts = sharedData.hosts; + + services = enrichServices config.flake.hosts sharedData.services; + + lib = { + # Nginx virtual host utilities + mkNginxVHosts = + { domains }: + let + mkVHostConfig = + domain: vhostConfig: + lib.recursiveUpdate { + useACMEHost = domain; + forceSSL = true; + kTLS = true; + } vhostConfig; + in + lib.mapAttrs mkVHostConfig domains; + + # Split DNS utilities for unbound + # Generates unbound view config from a list of DNS entries + mkSplitDNS = + entries: + let + tailscaleData = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') entries; + lanData = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') entries; + in + [ + { + name = "tailscale"; + view-first = true; + local-zone = ''"baduhai.dev." transparent''; + local-data = tailscaleData; + } + { + name = "lan"; + view-first = true; + local-zone = ''"baduhai.dev." transparent''; + local-data = lanData; + } + ]; + # Generates flake.homeConfigurations + mkHomeConfiguration = + { + user, + hostname, + system ? "x86_64-linux", + stateVersion ? "22.05", + nixpkgs ? inputs.nixpkgs, # override with e.g. inputs.nixpkgs-stable + userModules ? [ ], + overlays ? [ inputs.self.overlays.default ], + homeManagerModules ? with inputs.self.modules.homeManager; [ + base + cli + ], + userDirectory ? "/home/${user}", + }: + inputs.home-manager.lib.homeManagerConfiguration { + pkgs = nixpkgs.legacyPackages.${system}; + + extraSpecialArgs = { + inherit inputs hostname; + }; + + modules = [ + { nixpkgs.overlays = overlays; } + { + home = { + username = user; + homeDirectory = userDirectory; + inherit stateVersion; + }; + } + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) + "/${inputs.self}/aspects/users/_${user}" + ) + ] + ++ homeManagerModules + ++ userModules; + }; + # Generates flake.nixosConfigurations + mkHost = + { + hostname, + system ? "x86_64-linux", + nixpkgs ? inputs.nixpkgs, + overlays ? [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ], + ephemeralRootDev ? null, # pass rootDevice string to enable, e.g. ephemeralephemeralRootDev = "/dev/mapper/cryptroot" + nixosModules ? with inputs.self.modules.nixos; [ + base + cli + user + root + ], + extraModules ? [ ], + }: + nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = hostname; } + { nixpkgs.overlays = overlays; } + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) + "${inputs.self}/aspects/hosts/_${hostname}" + ) + ] + ++ (lib.optional (ephemeralRootDev != null) ( + inputs.self.factory.ephemeral { rootDevice = ephemeralRootDev; } + )) + ++ nixosModules + ++ extraModules; + }; + }; + }; +} diff --git a/aspects/desktop/graphics.nix b/aspects/desktop/graphics.nix new file mode 100644 index 0000000..7d1ed6d --- /dev/null +++ b/aspects/desktop/graphics.nix @@ -0,0 +1,25 @@ +{ ... }: + +{ + flake.modules.nixos.graphics = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + gimp + inkscape + plasticity + ]; + + services.flatpak.packages = [ + "com.boxy_svg.BoxySVG" + rec { + appId = "io.github.softfever.OrcaSlicer"; + sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; + bundle = "${pkgs.fetchurl { + url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; + inherit sha256; + }}"; + } + ]; + }; +} diff --git a/aspects/desktop/media.nix b/aspects/desktop/media.nix new file mode 100644 index 0000000..7543c0a --- /dev/null +++ b/aspects/desktop/media.nix @@ -0,0 +1,29 @@ +{ ... }: + +{ + flake.modules = { + nixos.media = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + decibels + loupe + obs-studio + showtime + ]; + }; + + homeManager.media = + { pkgs, ... }: + { + programs.obs-studio = { + enable = true; + plugins = with pkgs.obs-studio-plugins; [ + obs-vkcapture + obs-backgroundremoval + obs-pipewire-audio-capture + ]; + }; + }; + }; +} diff --git a/aspects/desktop/niri.nix b/aspects/desktop/niri.nix new file mode 100644 index 0000000..9408097 --- /dev/null +++ b/aspects/desktop/niri.nix @@ -0,0 +1,246 @@ +{ ... }: +{ + flake.modules = { + nixos.niri = + { + config, + lib, + pkgs, + ... + }: + { + services.greetd.settings = { + default_session.command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; + }; + + programs.niri.enable = true; + }; + homeManager.niri = + { + config, + lib, + pkgs, + inputs, + hostname ? null, + ... + }: + let + isRotterdam = hostname == "rotterdam"; + in + { + imports = [ inputs.noctalia.homeModules.default ]; + + services.kanshi = { + enable = true; + settings = [ + { + profile.name = "default"; + profile.outputs = [ + { + criteria = "*"; + scale = 1.0; + } + ]; + } + ]; + }; + + home = { + packages = with pkgs; [ + xwayland-satellite + inputs.noctalia.packages.${pkgs.stdenv.hostPlatform.system}.default + ]; + sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; + }; + + xdg.configFile."niri/config.kdl".text = '' + input { + keyboard { + xkb { + layout "us" + variant "altgr-intl" + } + } + touchpad { + tap + dwt + drag true + drag-lock + natural-scroll + accel-speed 0.2 + accel-profile "flat" + scroll-method "two-finger" + middle-emulation + } + mouse { + natural-scroll + accel-speed 0.2 + accel-profile "flat" + } + warp-mouse-to-focus mode="center-xy" + focus-follows-mouse + } + + output "LG Electronics LG ULTRAWIDE 206AZFM5E459" { + layout { + preset-column-widths { + proportion 0.33333 + proportion 0.5 + proportion 0.66667 + } + default-column-width { proportion 0.33333; } + } + } + + layout { + gaps 8 + center-focused-column "never" + always-center-single-column + empty-workspace-above-first + preset-column-widths { + proportion 0.5 + proportion 1.0 + } + default-column-width { proportion 0.5; } + focus-ring { + off + } + border { + width 4 + active-color "#ffc87f" + inactive-color "#505050" + urgent-color "#9b0000" + } + tab-indicator { + width 4 + gap 4 + place-within-column + } + } + + overview { + zoom 0.65 + } + + spawn-at-startup "noctalia-shell" "-d" + spawn-at-startup "${lib.getExe pkgs.niri-auto-centre}" + layer-rule { + match namespace="^noctalia-overview*" + place-within-backdrop true + } + + hotkey-overlay { + skip-at-startup + } + + prefer-no-csd + screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" + + animations { + slowdown 0.3 + } + + window-rule { + match app-id="zen" + default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; } + } + + window-rule { + geometry-corner-radius 12 + clip-to-geometry true + } + + config-notification { + disable-failed + } + + binds { + Alt+Space repeat=false { spawn "vicinae" "toggle"; } + XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; } + XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; } + XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; } + XF86MonBrightnessUp allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "increase"; } + XF86MonBrightnessDown allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "decrease"; } + XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; } + XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } + XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } + XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } + Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; } + Mod+Shift+L repeat=false { spawn "noctalia-shell" "ipc" "call" "lockScreen" "lock"; } + Mod+Return { spawn "ghostty"; } + Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } + Mod+W repeat=false { toggle-overview; } + Mod+Q { close-window; } + Alt+Shift+Q { close-window;} + Mod+Shift+Q { close-window; } + Alt+F4 { close-window; } + Mod+Left { focus-column-left; } + Mod+Down { focus-window-or-workspace-down; } + Mod+Up { focus-window-or-workspace-up; } + Mod+Right { focus-column-right; } + Mod+H { focus-column-left; } + Mod+L { focus-column-right; } + Mod+J { focus-window-or-workspace-down; } + Mod+K { focus-window-or-workspace-up; } + Mod+Ctrl+Left { move-column-left; } + Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } + Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } + Mod+Ctrl+Right { move-column-right; } + Mod+Ctrl+H { move-column-left; } + Mod+Ctrl+J { move-window-down-or-to-workspace-down; } + Mod+Ctrl+K { move-window-up-or-to-workspace-up; } + Mod+Ctrl+L { move-column-right; } + Mod+Home { focus-column-first; } + Mod+End { focus-column-last; } + Mod+Ctrl+Home { move-column-to-first; } + Mod+Ctrl+End { move-column-to-last; } + Mod+Alt+Left { focus-monitor-left; } + Mod+Alt+Down { focus-monitor-down; } + Mod+Alt+Up { focus-monitor-up; } + Mod+Alt+Right { focus-monitor-right; } + Mod+Alt+H { focus-monitor-left; } + Mod+Alt+J { focus-monitor-down; } + Mod+Alt+K { focus-monitor-up; } + Mod+Alt+L { focus-monitor-right; } + Mod+Alt+Ctrl+Left { move-column-to-monitor-left; } + Mod+Alt+Ctrl+Down { move-column-to-monitor-down; } + Mod+Alt+Ctrl+Up { move-column-to-monitor-up; } + Mod+Alt+Ctrl+Right { move-column-to-monitor-right; } + Mod+Alt+Ctrl+H { move-column-to-monitor-left; } + Mod+Alt+Ctrl+J { move-column-to-monitor-down; } + Mod+Alt+Ctrl+K { move-column-to-monitor-up; } + Mod+Alt+Ctrl+L { move-column-to-monitor-right; } + Mod+Ctrl+U { move-workspace-down; } + Mod+Ctrl+I { move-workspace-up; } + Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; } + Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; } + Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; } + Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; } + Mod+Shift+WheelScrollDown { focus-column-right; } + Mod+Shift+WheelScrollUp { focus-column-left; } + Mod+Ctrl+Shift+WheelScrollDown { move-column-right; } + Mod+Ctrl+Shift+WheelScrollUp { move-column-left; } + Mod+BracketLeft { consume-or-expel-window-left; } + Mod+BracketRight { consume-or-expel-window-right; } + Mod+Comma { consume-window-into-column; } + Mod+Period { expel-window-from-column; } + Mod+R { switch-preset-column-width; } + Mod+F { maximize-column; } + Mod+Ctrl+F { fullscreen-window; } + Mod+C { center-visible-columns; } + Mod+Ctrl+C { center-column; } + Mod+Space { toggle-window-floating; } + Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; } + Mod+T { toggle-column-tabbed-display; } + Print { screenshot-screen; } + Mod+Print { screenshot; } + Ctrl+Print { screenshot-window; } + Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } + Mod+Alt+E { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } + Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } + Mod+Ctrl+P { power-off-monitors; } + } + ''; + }; + }; +} diff --git a/aspects/desktop/office.nix b/aspects/desktop/office.nix new file mode 100644 index 0000000..68d958a --- /dev/null +++ b/aspects/desktop/office.nix @@ -0,0 +1,23 @@ +{ ... }: + +{ + flake.modules.nixos.office = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + aspell + aspellDicts.de + aspellDicts.en + aspellDicts.en-computers + aspellDicts.pt_BR + glow + papers + presenterm + rnote + ]; + + services.flatpak.packages = [ + "com.collabora.Office" + ]; + }; +} diff --git a/aspects/desktop/web.nix b/aspects/desktop/web.nix new file mode 100644 index 0000000..9d6494f --- /dev/null +++ b/aspects/desktop/web.nix @@ -0,0 +1,22 @@ +{ ... }: + +{ + flake.modules.nixos.web = + { + inputs, + pkgs, + ... + }: + { + environment.systemPackages = with pkgs; [ + inputs.zen-browser.packages."${pkgs.stdenv.hostPlatform.system}".default + beeper + bitwarden-desktop + fragments + nextcloud-client + tor-browser + ungoogled-chromium + vesktop + ]; + }; +} diff --git a/aspects/dev.nix b/aspects/dev.nix new file mode 100644 index 0000000..afe9edc --- /dev/null +++ b/aspects/dev.nix @@ -0,0 +1,23 @@ +{ ... }: +{ + flake.modules.nixos.dev = + { + config, + lib, + pkgs, + ... + }: + { + environment.systemPackages = with pkgs; [ + android-tools + lazygit + fd + fzf + nixfmt + nix-init + ripgrep + ]; + + users.users.user.extraGroups = [ "adbusers" ]; + }; +} diff --git a/aspects/ephemeral.nix b/aspects/ephemeral.nix new file mode 100644 index 0000000..90c03c6 --- /dev/null +++ b/aspects/ephemeral.nix @@ -0,0 +1,139 @@ +# Ephemeral root aspect - provides automatic btrfs root subvolume rollover +# Exports both a base module with options and a factory function for easy configuration +{ inputs, ... }: +{ + # Base module with options (for external flakes or direct use) + flake.modules.nixos.ephemeral = + { lib, config, ... }: + let + cfg = config.ephemeral; + in + { + options.ephemeral = { + enable = lib.mkEnableOption "ephemeral root with automatic rollback"; + + rootDevice = lib.mkOption { + type = lib.types.str; + example = "/dev/mapper/cryptroot"; + description = "Device path for the root btrfs filesystem"; + }; + + rootSubvolume = lib.mkOption { + type = lib.types.str; + default = "@root"; + description = "Name of the root btrfs subvolume"; + }; + + oldRootRetentionDays = lib.mkOption { + type = lib.types.int; + default = 30; + description = "Number of days to keep old root snapshots before deletion"; + }; + }; + + config = lib.mkIf cfg.enable { + boot.initrd.systemd.services.recreate-root = { + description = "Rolling over and creating new filesystem root"; + requires = [ "initrd-root-device.target" ]; + after = [ + "local-fs-pre.target" + "initrd-root-device.target" + ]; + requiredBy = [ "initrd-root-fs.target" ]; + before = [ "sysroot.mount" ]; + unitConfig = { + AssertPathExists = "/etc/initrd-release"; + DefaultDependencies = false; + }; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + set -euo pipefail + + mkdir /btrfs_tmp + if ! mount ${cfg.rootDevice} /btrfs_tmp; then + echo "ERROR: Failed to mount ${cfg.rootDevice}" + exit 1 + fi + + if [[ -e /btrfs_tmp/${cfg.rootSubvolume} ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/${cfg.rootSubvolume})" "+%Y-%m-%-d_%H:%M:%S") + mv /btrfs_tmp/${cfg.rootSubvolume} "/btrfs_tmp/old_roots/$timestamp" + fi + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +${toString cfg.oldRootRetentionDays}); do + delete_subvolume_recursively "$i" + done + + if ! btrfs subvolume create /btrfs_tmp/${cfg.rootSubvolume}; then + echo "ERROR: Failed to create subvolume ${cfg.rootSubvolume}" + umount /btrfs_tmp + exit 1 + fi + + umount /btrfs_tmp + ''; + }; + }; + }; + + # Factory function that generates configured modules + flake.factory.ephemeral = + { + rootDevice, + rootSubvolume ? "@root", + retentionDays ? 30, + persistentStoragePath ? "/persistent", + persistentFiles ? [ + "/etc/machine-id" + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + ], + persistentDirectories ? [ + "/etc/NetworkManager/system-connections" + "/etc/nixos" + "/var/lib/bluetooth" + "/var/lib/flatpak" + "/var/lib/lxd" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + "/var/lib/systemd/timers" + "/var/lib/tailscale" + "/var/log" + ], + }: + { ... }: + { + imports = [ + inputs.impermanence.nixosModules.impermanence + inputs.self.modules.nixos.ephemeral + ]; + + ephemeral = { + enable = true; + inherit rootDevice rootSubvolume; + oldRootRetentionDays = retentionDays; + }; + + fileSystems."/persistent".neededForBoot = true; + + environment.persistence.main = { + inherit persistentStoragePath; + files = persistentFiles; + directories = persistentDirectories; + }; + }; +} diff --git a/aspects/fwupd.nix b/aspects/fwupd.nix new file mode 100644 index 0000000..217f1eb --- /dev/null +++ b/aspects/fwupd.nix @@ -0,0 +1,13 @@ +{ ... }: +{ + flake.modules.nixos.fwupd = + { + config, + lib, + pkgs, + ... + }: + { + services.fwupd.enable = true; + }; +} diff --git a/aspects/gaming/mangohud.nix b/aspects/gaming/mangohud.nix new file mode 100644 index 0000000..14a3df6 --- /dev/null +++ b/aspects/gaming/mangohud.nix @@ -0,0 +1,47 @@ +{ ... }: + +{ + flake.modules = { + nixos.mangohud = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + mangohud + ]; + }; + + homeManager.mangohud = + { config, ... }: + { + programs.mangohud = { + enable = true; + enableSessionWide = true; + settings = { + position = "top-left"; + fps = true; + frametime = false; + frame_timing = false; + gpu_stats = true; + gpu_temp = true; + gpu_power = true; + cpu_stats = true; + cpu_temp = true; + cpu_power = true; + ram = true; + vram = true; + gamemode = false; + vkbasalt = false; + version = false; + engine_version = false; + vulkan_driver = false; + wine = false; + time = false; + fps_sampling_period = 500; + toggle_hud = "Shift_L+F12"; + toggle_logging = "Ctrl_L+F2"; + output_folder = "${config.home.homeDirectory}/.local/share/mangohud"; + }; + }; + }; + }; +} diff --git a/aspects/gaming/steam.nix b/aspects/gaming/steam.nix new file mode 100644 index 0000000..a10d0e4 --- /dev/null +++ b/aspects/gaming/steam.nix @@ -0,0 +1,24 @@ +{ ... }: + +{ + flake.modules.nixos.steam = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + steam-run + ]; + + programs = { + steam = { + enable = true; + extraCompatPackages = [ pkgs.proton-ge-bin ]; + }; + gamemode.enable = true; + }; + + services.flatpak.packages = [ + "com.steamgriddb.SGDBoop" + "io.github.Foldex.AdwSteamGtk" + ]; + }; +} diff --git a/hosts/alexandria/hardware-configuration.nix b/aspects/hosts/_alexandria/hardware-configuration.nix similarity index 100% rename from hosts/alexandria/hardware-configuration.nix rename to aspects/hosts/_alexandria/hardware-configuration.nix diff --git a/hosts/alexandria/jellyfin.nix b/aspects/hosts/_alexandria/jellyfin.nix similarity index 67% rename from hosts/alexandria/jellyfin.nix rename to aspects/hosts/_alexandria/jellyfin.nix index 9555c89..0b024bd 100644 --- a/hosts/alexandria/jellyfin.nix +++ b/aspects/hosts/_alexandria/jellyfin.nix @@ -1,7 +1,6 @@ { lib, inputs, ... }: let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + mkNginxVHosts = inputs.self.lib.mkNginxVHosts; in { services.jellyfin = { @@ -10,7 +9,6 @@ in }; services.nginx.virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; }; } diff --git a/aspects/hosts/_alexandria/nextcloud.nix b/aspects/hosts/_alexandria/nextcloud.nix new file mode 100644 index 0000000..cb9f2ac --- /dev/null +++ b/aspects/hosts/_alexandria/nextcloud.nix @@ -0,0 +1,95 @@ +{ + config, + inputs, + pkgs, + ... +}: + +let + mkNginxVHosts = inputs.self.lib.mkNginxVHosts; +in + +{ + services = { + nextcloud = { + enable = true; + package = pkgs.nextcloud32; + datadir = "/data/nextcloud"; + hostName = "cloud.baduhai.dev"; + configureRedis = true; + https = true; + secretFile = config.age.secrets."nextcloud-secrets.json".path; + database.createLocally = true; + maxUploadSize = "16G"; + extraApps = { + inherit (config.services.nextcloud.package.packages.apps) + calendar + contacts + notes + tasks + user_oidc + ; + }; + extraAppsEnable = true; + caching = { + apcu = true; + redis = true; + }; + settings = { + trusted_proxies = [ "127.0.0.1" ]; + default_phone_region = "BR"; + maintenance_window_start = "4"; + allow_local_remote_servers = true; + enabledPreviewProviders = [ + "OC\\Preview\\BMP" + "OC\\Preview\\EMF" + "OC\\Preview\\Font" + "OC\\Preview\\GIF" + "OC\\Preview\\HEIC" + "OC\\Preview\\Illustrator" + "OC\\Preview\\JPEG" + "OC\\Preview\\Krita" + "OC\\Preview\\MarkDown" + "OC\\Preview\\Movie" + "OC\\Preview\\MP3" + "OC\\Preview\\MSOffice2003" + "OC\\Preview\\MSOffice2007" + "OC\\Preview\\MSOfficeDoc" + "OC\\Preview\\OpenDocument" + "OC\\Preview\\PDF" + "OC\\Preview\\Photoshop" + "OC\\Preview\\PNG" + "OC\\Preview\\Postscript" + "OC\\Preview\\SVG" + "OC\\Preview\\TIFF" + "OC\\Preview\\TXT" + "OC\\Preview\\XBitmap" + ]; + }; + config = { + dbtype = "pgsql"; + adminpassFile = config.age.secrets.nextcloud-adminpass.path; + }; + phpOptions = { + "opcache.interned_strings_buffer" = "16"; + }; + }; + + nginx.virtualHosts = mkNginxVHosts { + domains."cloud.baduhai.dev" = { }; + }; + }; + + age.secrets = { + "nextcloud-secrets.json" = { + file = "${inputs.self}/secrets/nextcloud-secrets.json.age"; + owner = "nextcloud"; + group = "nextcloud"; + }; + nextcloud-adminpass = { + file = "${inputs.self}/secrets/nextcloud-adminpass.age"; + owner = "nextcloud"; + group = "nextcloud"; + }; + }; +} diff --git a/aspects/hosts/_alexandria/nginx.nix b/aspects/hosts/_alexandria/nginx.nix new file mode 100644 index 0000000..087faf4 --- /dev/null +++ b/aspects/hosts/_alexandria/nginx.nix @@ -0,0 +1,58 @@ +{ + config, + lib, + inputs, + ... +}: + +let + services = inputs.self.services; + + # Get all unique domains from shared services that have LAN IPs (served by this host) + localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "alexandria") services)); + + # Generate ACME cert configs for all local domains + acmeCerts = lib.genAttrs localDomains (domain: { + group = "nginx"; + }); +in + +{ + security.acme = { + acceptTerms = true; + defaults = { + email = "baduhai@proton.me"; + dnsResolver = "1.1.1.1:53"; + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.cloudflare.path; + }; + certs = acmeCerts; + }; + + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = { + "_" = { + default = true; + locations."/".return = "444"; + }; + }; + }; + + users.users.nginx.extraGroups = [ "acme" ]; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + + age.secrets.cloudflare = { + file = "${inputs.self}/secrets/cloudflare.age"; + owner = "nginx"; + group = "nginx"; + }; +} diff --git a/aspects/hosts/_alexandria/unbound.nix b/aspects/hosts/_alexandria/unbound.nix new file mode 100644 index 0000000..8aedc37 --- /dev/null +++ b/aspects/hosts/_alexandria/unbound.nix @@ -0,0 +1,57 @@ +{ inputs, lib, ... }: + +let + services = inputs.self.services; +in + +{ + services.unbound = { + enable = true; + enableRootTrustAnchor = true; + settings = { + server = { + interface = [ + "0.0.0.0" + "::" + ]; + access-control = [ + "127.0.0.0/8 allow" + "192.168.0.0/16 allow" + "::1/128 allow" + ]; + + num-threads = 2; + msg-cache-size = "50m"; + rrset-cache-size = "100m"; + cache-min-ttl = 300; + cache-max-ttl = 86400; + prefetch = true; + prefetch-key = true; + hide-identity = true; + hide-version = true; + so-rcvbuf = "1m"; + so-sndbuf = "1m"; + + # LAN-only DNS records + local-zone = ''"baduhai.dev." transparent''; + local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') (lib.filter (e: e.lanIP != null) services); + }; + + forward-zone = [ + { + name = "."; + forward-addr = [ + "1.1.1.1@853#cloudflare-dns.com" + "1.0.0.1@853#cloudflare-dns.com" + ]; + forward-tls-upstream = true; + } + ]; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; +} diff --git a/hosts/alexandria/vaultwarden.nix b/aspects/hosts/_alexandria/vaultwarden.nix similarity index 54% rename from hosts/alexandria/vaultwarden.nix rename to aspects/hosts/_alexandria/vaultwarden.nix index 21f7d46..8577b2d 100644 --- a/hosts/alexandria/vaultwarden.nix +++ b/aspects/hosts/_alexandria/vaultwarden.nix @@ -5,8 +5,7 @@ ... }: let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + mkNginxVHosts = inputs.self.lib.mkNginxVHosts; in { services.vaultwarden = { @@ -14,13 +13,13 @@ in config = { DOMAIN = "https://pass.baduhai.dev"; SIGNUPS_ALLOWED = false; - ROCKET_ADDRESS = "/run/vaultwarden/vaultwarden.sock"; + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 58222; }; }; services.nginx.virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; domains."pass.baduhai.dev".locations."/".proxyPass = - "http://unix:${config.services.vaultwarden.config.ROCKET_ADDRESS}:/"; + "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; }; } diff --git a/hosts/io/boot.nix b/aspects/hosts/_io/boot.nix similarity index 100% rename from hosts/io/boot.nix rename to aspects/hosts/_io/boot.nix diff --git a/aspects/hosts/_io/disko.nix b/aspects/hosts/_io/disko.nix new file mode 100644 index 0000000..4e6c9d5 --- /dev/null +++ b/aspects/hosts/_io/disko.nix @@ -0,0 +1,79 @@ +{ inputs, ... }: + +{ + imports = [ inputs.disko.nixosModules.default ]; + + disko.devices.disk.main = { + type = "disk"; + device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689"; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1MiB"; + end = "1GiB"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot/efi"; + mountOptions = [ + "noatime" + "fmask=0077" + "dmask=0077" + ]; + }; + }; + cryptroot = { + priority = 2; + name = "root"; + size = "100%"; + content = { + type = "luks"; + name = "cryptroot"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "@root" = { + mountpoint = "/"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@root" + ]; + }; + "@home" = { + mountpoint = "/home"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@home" + ]; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@nix" + ]; + }; + "@persistent" = { + mountpoint = "/persistent"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@persistent" + ]; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/io/hardware-configuration.nix b/aspects/hosts/_io/hardware-configuration.nix similarity index 98% rename from hosts/io/hardware-configuration.nix rename to aspects/hosts/_io/hardware-configuration.nix index 56f0d0d..8e4dae4 100644 --- a/hosts/io/hardware-configuration.nix +++ b/aspects/hosts/_io/hardware-configuration.nix @@ -2,6 +2,7 @@ config, lib, modulesPath, + inputs, ... }: diff --git a/hosts/io/programs.nix b/aspects/hosts/_io/programs.nix similarity index 100% rename from hosts/io/programs.nix rename to aspects/hosts/_io/programs.nix diff --git a/hosts/io/services.nix b/aspects/hosts/_io/services.nix similarity index 95% rename from hosts/io/services.nix rename to aspects/hosts/_io/services.nix index 3703ba3..df41a6f 100644 --- a/hosts/io/services.nix +++ b/aspects/hosts/_io/services.nix @@ -48,6 +48,8 @@ }; }; }; + upower.enable = true; + power-profiles-daemon.enable = true; }; # TODO: remove once gmodena/nix-flatpak/issues/45 fixed diff --git a/hosts/rotterdam/boot.nix b/aspects/hosts/_rotterdam/boot.nix similarity index 100% rename from hosts/rotterdam/boot.nix rename to aspects/hosts/_rotterdam/boot.nix diff --git a/hosts/rotterdam/hardware-configuration.nix b/aspects/hosts/_rotterdam/hardware-configuration.nix similarity index 100% rename from hosts/rotterdam/hardware-configuration.nix rename to aspects/hosts/_rotterdam/hardware-configuration.nix diff --git a/hosts/rotterdam/hardware.nix b/aspects/hosts/_rotterdam/hardware.nix similarity index 100% rename from hosts/rotterdam/hardware.nix rename to aspects/hosts/_rotterdam/hardware.nix diff --git a/hosts/rotterdam/programs.nix b/aspects/hosts/_rotterdam/programs.nix similarity index 100% rename from hosts/rotterdam/programs.nix rename to aspects/hosts/_rotterdam/programs.nix diff --git a/hosts/rotterdam/services.nix b/aspects/hosts/_rotterdam/services.nix similarity index 100% rename from hosts/rotterdam/services.nix rename to aspects/hosts/_rotterdam/services.nix diff --git a/hosts/trantor/boot.nix b/aspects/hosts/_trantor/boot.nix similarity index 53% rename from hosts/trantor/boot.nix rename to aspects/hosts/_trantor/boot.nix index a031ce9..0498818 100644 --- a/hosts/trantor/boot.nix +++ b/aspects/hosts/_trantor/boot.nix @@ -1,6 +1,6 @@ { boot = { - loader.efi.efiSysMountPoint = "/boot"; initrd.systemd.enable = true; + loader.efi.efiSysMountPoint = "/boot/efi"; }; } diff --git a/aspects/hosts/_trantor/disko.nix b/aspects/hosts/_trantor/disko.nix new file mode 100644 index 0000000..0e47058 --- /dev/null +++ b/aspects/hosts/_trantor/disko.nix @@ -0,0 +1,64 @@ +{ inputs, ... }: + +{ + imports = [ inputs.disko.nixosModules.default ]; + + disko.devices.disk.main = { + type = "disk"; + device = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20"; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1MiB"; + end = "512MiB"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot/efi"; + mountOptions = [ + "noatime" + "fmask=0077" + "dmask=0077" + ]; + }; + }; + root = { + priority = 2; + name = "root"; + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "@root" = { + mountpoint = "/"; + mountOptions = [ + "noatime" + "compress=zstd" + ]; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = [ + "noatime" + "compress=zstd" + ]; + }; + "@persistent" = { + mountpoint = "/persistent"; + mountOptions = [ + "noatime" + "compress=zstd" + ]; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/aspects/hosts/_trantor/fail2ban.nix b/aspects/hosts/_trantor/fail2ban.nix new file mode 100644 index 0000000..bc05139 --- /dev/null +++ b/aspects/hosts/_trantor/fail2ban.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: + +{ + services.fail2ban = { + enable = true; + maxretry = 5; + ignoreIP = [ + "127.0.0.0/8" + "::1" + "10.0.0.0/8" + "172.16.0.0/12" + "192.168.0.0/16" + "100.64.0.0/10" + ]; + bantime = "1h"; + bantime-increment = { + enable = true; + multipliers = "1 2 4 8 16 32 64"; + maxtime = "10000h"; + overalljails = true; + }; + }; +} diff --git a/aspects/hosts/_trantor/forgejo.nix b/aspects/hosts/_trantor/forgejo.nix new file mode 100644 index 0000000..6d702e2 --- /dev/null +++ b/aspects/hosts/_trantor/forgejo.nix @@ -0,0 +1,76 @@ +{ + config, + lib, + inputs, + ... +}: + +let + mkNginxVHosts = inputs.self.lib.mkNginxVHosts; +in + +{ + services = { + forgejo = { + enable = true; + settings = { + session.COOKIE_SECURE = true; + server = { + PROTOCOL = "http+unix"; + DOMAIN = "git.baduhai.dev"; + ROOT_URL = "https://git.baduhai.dev"; + OFFLINE_MODE = true; # disable use of CDNs + SSH_DOMAIN = "git.baduhai.dev"; + SSH_USER = "forgejo"; + SSH_PORT = lib.head config.services.openssh.ports; + }; + log.LEVEL = "Warn"; + mailer.ENABLED = false; + actions.ENABLED = false; + service.DISABLE_REGISTRATION = true; + oauth2_client = { + ENABLE_AUTO_REGISTRATION = true; + UPDATE_AVATAR = true; + ACCOUNT_LINKING = "login"; + USERNAME = "preferred_username"; + }; + }; + }; + nginx.virtualHosts = mkNginxVHosts { + domains."git.baduhai.dev".locations."/".proxyPass = + "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; + }; + fail2ban.jails.forgejo = { + settings = { + enabled = true; + filter = "forgejo"; + maxretry = 3; + findtime = "10m"; + bantime = "1h"; + }; + }; + }; + + environment = { + etc."fail2ban/filter.d/forgejo.conf".text = '' + [Definition] + failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from + ignoreregex = + journalmatch = _SYSTEMD_UNIT=forgejo.service + ''; + + persistence.main.directories = [ + { + directory = config.services.forgejo.stateDir; + inherit (config.services.forgejo) user group; + mode = "0700"; + } + ]; + }; + + # Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories + systemd.services.forgejo.serviceConfig = { + PrivateMounts = lib.mkForce false; + ProtectSystem = lib.mkForce false; + }; +} diff --git a/aspects/hosts/_trantor/hardware-configuration.nix b/aspects/hosts/_trantor/hardware-configuration.nix new file mode 100644 index 0000000..039129e --- /dev/null +++ b/aspects/hosts/_trantor/hardware-configuration.nix @@ -0,0 +1,20 @@ +{ + lib, + modulesPath, + ... +}: + +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "virtio_pci" + "virtio_scsi" + "usbhid" + ]; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} diff --git a/hosts/trantor/networking.nix b/aspects/hosts/_trantor/networking.nix similarity index 100% rename from hosts/trantor/networking.nix rename to aspects/hosts/_trantor/networking.nix diff --git a/hosts/alexandria/nginx.nix b/aspects/hosts/_trantor/nginx.nix similarity index 57% rename from hosts/alexandria/nginx.nix rename to aspects/hosts/_trantor/nginx.nix index 192dbda..24f96c3 100644 --- a/hosts/alexandria/nginx.nix +++ b/aspects/hosts/_trantor/nginx.nix @@ -4,10 +4,17 @@ inputs, ... }: + let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + services = inputs.self.services; + + localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "trantor") services)); + + acmeCerts = lib.genAttrs localDomains (domain: { + group = "nginx"; + }); in + { security.acme = { acceptTerms = true; @@ -17,15 +24,7 @@ in dnsProvider = "cloudflare"; credentialsFile = config.age.secrets.cloudflare.path; }; - certs."baduhai.dev" = { - extraDomainNames = [ "*.baduhai.dev" ]; - }; - }; - - age.secrets.cloudflare = { - file = ../../secrets/cloudflare.age; - owner = "nginx"; - group = "nginx"; + certs = acmeCerts; }; services.nginx = { @@ -34,11 +33,24 @@ in recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; - domains."_".locations."/".return = "444"; + virtualHosts = { + "_" = { + default = true; + locations."/".return = "444"; + }; }; }; users.users.nginx.extraGroups = [ "acme" ]; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + + age.secrets.cloudflare = { + file = "${inputs.self}/secrets/cloudflare.age"; + owner = "nginx"; + group = "nginx"; + }; } diff --git a/aspects/hosts/_trantor/openssh.nix b/aspects/hosts/_trantor/openssh.nix new file mode 100644 index 0000000..704b3df --- /dev/null +++ b/aspects/hosts/_trantor/openssh.nix @@ -0,0 +1,23 @@ +{ ... }: + +{ + services = { + openssh = { + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; + fail2ban.jails.sshd = { + settings = { + enabled = true; + port = "ssh"; + filter = "sshd"; + logpath = "/var/log/auth.log"; + maxretry = 3; + findtime = "10m"; + bantime = "1h"; + }; + }; + }; +} diff --git a/aspects/hosts/_trantor/unbound.nix b/aspects/hosts/_trantor/unbound.nix new file mode 100644 index 0000000..9f84228 --- /dev/null +++ b/aspects/hosts/_trantor/unbound.nix @@ -0,0 +1,58 @@ +{ inputs, lib, ... }: + +let + services = inputs.self.services; +in + +{ + services.unbound = { + enable = true; + enableRootTrustAnchor = true; + settings = { + server = { + interface = [ + "0.0.0.0" + "::" + ]; + access-control = [ + "127.0.0.0/8 allow" + "100.64.0.0/10 allow" # Tailscale CGNAT range + "::1/128 allow" + "fd7a:115c:a1e0::/48 allow" # Tailscale IPv6 + ]; + + num-threads = 2; + msg-cache-size = "50m"; + rrset-cache-size = "100m"; + cache-min-ttl = 300; + cache-max-ttl = 86400; + prefetch = true; + prefetch-key = true; + hide-identity = true; + hide-version = true; + so-rcvbuf = "1m"; + so-sndbuf = "1m"; + + # Tailnet DNS records from shared services + local-zone = ''"baduhai.dev." transparent''; + local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') services; + }; + + forward-zone = [ + { + name = "."; + forward-addr = [ + "1.1.1.1@853#cloudflare-dns.com" + "1.0.0.1@853#cloudflare-dns.com" + ]; + forward-tls-upstream = true; + } + ]; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; +} diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix new file mode 100644 index 0000000..be5027e --- /dev/null +++ b/aspects/hosts/alexandria.nix @@ -0,0 +1,19 @@ +{ inputs, ... }: + +let + mkHost = inputs.self.lib.mkHost; +in + +{ + flake.nixosConfigurations.alexandria = mkHost { + hostname = "alexandria"; + nixpkgs = inputs.nixpkgs-stable; + extraModules = with inputs.self.modules.nixos; [ + # base aspects + server + # other aspects + fwupd + libvirtd + ]; + }; +} diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix new file mode 100644 index 0000000..cf5ecec --- /dev/null +++ b/aspects/hosts/io.nix @@ -0,0 +1,24 @@ +{ inputs, ... }: + +let + mkHost = inputs.self.lib.mkHost; +in + +{ + flake.nixosConfigurations.io = mkHost { + hostname = "io"; + ephemeralRootDev = "/dev/mapper/cryptroot"; + extraModules = with inputs.self.modules.nixos; [ + # base aspects + desktop + # other aspects + ai + bluetooth + dev + libvirtd + networkmanager + niri + podman + ]; + }; +} diff --git a/aspects/hosts/rotterdam.nix b/aspects/hosts/rotterdam.nix new file mode 100644 index 0000000..f3b6fca --- /dev/null +++ b/aspects/hosts/rotterdam.nix @@ -0,0 +1,26 @@ +{ inputs, ... }: + +let + mkHost = inputs.self.lib.mkHost; +in + +{ + flake.nixosConfigurations.rotterdam = mkHost { + hostname = "rotterdam"; + ephemeralRootDev = "/dev/mapper/cryptroot"; + extraModules = with inputs.self.modules.nixos; [ + # base aspects + desktop + gaming + # other aspects + ai + bluetooth + dev + fwupd + libvirtd + networkmanager + niri + podman + ]; + }; +} diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix new file mode 100644 index 0000000..14f9dd7 --- /dev/null +++ b/aspects/hosts/trantor.nix @@ -0,0 +1,18 @@ +{ inputs, ... }: + +let + mkHost = inputs.self.lib.mkHost; +in + +{ + flake.nixosConfigurations.trantor = mkHost { + hostname = "trantor"; + system = "aarch64-linux"; + nixpkgs = inputs.nixpkgs-stable; + ephemeralRootDev = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; + extraModules = with inputs.self.modules.nixos; [ + # base aspects + server + ]; + }; +} diff --git a/aspects/libvirtd.nix b/aspects/libvirtd.nix new file mode 100644 index 0000000..360743d --- /dev/null +++ b/aspects/libvirtd.nix @@ -0,0 +1,27 @@ +{ ... }: +{ + flake.modules.nixos.libvirtd = + { + config, + lib, + pkgs, + ... + }: + { + virtualisation = { + libvirtd.enable = true; + spiceUSBRedirection.enable = true; + }; + + programs.virt-manager.enable = true; + + environment.systemPackages = with pkgs; [ lima ]; + + networking.firewall.trustedInterfaces = [ "virbr0" ]; + + users.users.user.extraGroups = [ + "libvirt" + "libvirtd" + ]; + }; +} diff --git a/aspects/lxc.nix b/aspects/lxc.nix new file mode 100644 index 0000000..4225e0c --- /dev/null +++ b/aspects/lxc.nix @@ -0,0 +1,22 @@ +{ ... }: + +{ + flake.modules.nixos.lxc = + { + config, + lib, + pkgs, + ... + }: + { + virtualisation = { + lxc = { + enable = true; + unprivilegedContainers = true; + }; + incus.enable = true; + }; + + users.users.user.extraGroups = [ "incus-admin" ]; + }; +} diff --git a/aspects/networkmanager.nix b/aspects/networkmanager.nix new file mode 100644 index 0000000..8bcb1f2 --- /dev/null +++ b/aspects/networkmanager.nix @@ -0,0 +1,18 @@ +{ ... }: +{ + flake.modules.nixos.networkmanager = + { + config, + lib, + pkgs, + ... + }: + { + networking.networkmanager = { + enable = true; + wifi.backend = "iwd"; + }; + + users.users.user.extraGroups = [ "networkmanager" ]; + }; +} diff --git a/aspects/podman.nix b/aspects/podman.nix new file mode 100644 index 0000000..6afa327 --- /dev/null +++ b/aspects/podman.nix @@ -0,0 +1,24 @@ +{ ... }: +{ + flake.modules.nixos.podman = + { + config, + lib, + pkgs, + ... + }: + { + virtualisation.podman = { + enable = true; + autoPrune.enable = true; + extraPackages = [ pkgs.podman-compose ]; + }; + + security.unprivilegedUsernsClone = true; # Needed for rootless podman + + systemd = { + services.podman-auto-update.enable = true; + timers.podman-auto-update.enable = true; + }; + }; +} diff --git a/aspects/stylix.nix b/aspects/stylix.nix new file mode 100644 index 0000000..f7eb9fa --- /dev/null +++ b/aspects/stylix.nix @@ -0,0 +1,69 @@ +{ ... }: + +{ + flake.modules = { + nixos.stylix = + { inputs, ... }: + { + imports = [ inputs.stylix.nixosModules.stylix ]; + }; + + homeManager.stylix = + { + config, + inputs, + pkgs, + ... + }: + { + imports = [ inputs.stylix.homeModules.stylix ]; + + stylix = { + enable = true; + polarity = "dark"; + base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyodark.yaml"; + cursor = { + package = pkgs.kdePackages.breeze; + name = "breeze_cursors"; + size = 24; + }; + icons = { + enable = true; + package = pkgs.morewaita-icon-theme; + light = "MoreWaita"; + dark = "MoreWaita"; + }; + opacity = { + applications = 1.0; + desktop = 1.0; + popups = config.stylix.opacity.desktop; + terminal = 1.0; + }; + fonts = { + serif = { + package = pkgs.source-serif; + name = "Source Serif 4 Display"; + }; + sansSerif = { + package = pkgs.inter; + name = "Inter"; + }; + monospace = { + package = pkgs.nerd-fonts.fira-code; + name = "FiraCode Nerd Font"; + }; + emoji = { + package = pkgs.noto-fonts-color-emoji; + name = "Noto Color Emoji"; + }; + sizes = { + applications = 10; + desktop = config.stylix.fonts.sizes.applications; + popups = config.stylix.fonts.sizes.applications; + terminal = 12; + }; + }; + }; + }; + }; +} diff --git a/aspects/systems/base.nix b/aspects/systems/base.nix new file mode 100644 index 0000000..fdfc525 --- /dev/null +++ b/aspects/systems/base.nix @@ -0,0 +1,55 @@ +{ inputs, ... }: +{ + flake.modules = { + nixos.base = + { lib, pkgs, ... }: + { + imports = with inputs.self.modules.nixos; [ + boot + console + firewall + fish + locale + nix + security + ssh + ]; + environment = { + systemPackages = with pkgs; [ + git + fastfetch + nixos-firewall-tool + sysz + wget + yazi + ]; + shellAliases = { + cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; + ls = "${lib.getExe pkgs.eza} --git --icons --group-directories-first"; + tree = "ls --tree"; + }; + }; + + programs.command-not-found.enable = false; + + services = { + dbus.implementation = "broker"; + irqbalance.enable = true; + fstrim.enable = true; + tailscale = { + enable = true; + extraUpFlags = [ "--operator=user" ]; + }; + }; + }; + + homeManager.base = + { ... }: + { + imports = with inputs.self.modules.homeManager; [ + bash + fish + ]; + }; + }; +} diff --git a/aspects/systems/cli.nix b/aspects/systems/cli.nix new file mode 100644 index 0000000..2b95f0e --- /dev/null +++ b/aspects/systems/cli.nix @@ -0,0 +1,33 @@ +{ inputs, ... }: + +{ + flake.modules = { + nixos.cli = + { pkgs, ... }: + { + imports = with inputs.self.modules.nixos; [ + btop + helix + tmux + ]; + + environment.systemPackages = with pkgs; [ + p7zip + rclone + ]; + }; + homeManager.cli = + { ... }: + { + imports = with inputs.self.modules.homeManager; [ + btop + comma + direnv + helix + hm-cli + starship + tmux + ]; + }; + }; +} diff --git a/aspects/systems/desktop.nix b/aspects/systems/desktop.nix new file mode 100644 index 0000000..fb3aa1b --- /dev/null +++ b/aspects/systems/desktop.nix @@ -0,0 +1,210 @@ +{ + inputs, + ... +}: +{ + flake.modules = { + nixos.desktop = + { + config, + lib, + pkgs, + ... + }: + { + imports = [ + inputs.nix-flatpak.nixosModules.nix-flatpak + ] + ++ (with inputs.self.modules.nixos; [ + graphics + media + office + web + ]); + + boot = { + plymouth.enable = true; + initrd.systemd.enable = true; + loader.efi.efiSysMountPoint = "/boot/efi"; + kernelPackages = pkgs.linuxPackages_xanmod_latest; + extraModprobeConfig = '' + options bluetooth disable_ertm=1 + ''; + kernel.sysctl = { + "net.ipv4.tcp_mtu_probing" = 1; + }; + kernelParams = [ + "quiet" + "splash" + "i2c-dev" + "i2c-piix4" + "loglevel=3" + "udev.log_priority=3" + "rd.udev.log_level=3" + "rd.systemd.show_status=false" + ]; + }; + + nix = { + registry.nixpkgs.flake = inputs.nixpkgs; + nixPath = [ + "nixpkgs=${inputs.nixpkgs}" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; + + environment = { + etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; + sessionVariables = { + KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir + NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland + }; + systemPackages = with pkgs; [ + adwaita-icon-theme + ghostty + gnome-disk-utility + junction + libfido2 + mission-center + nautilus + toggleaudiosink + unrar + ]; + }; + + services = { + printing.enable = true; + udev.packages = with pkgs; [ yubikey-personalization ]; + keyd = { + enable = true; + keyboards.all = { + ids = [ "*" ]; + settings.main.capslock = "overload(meta, esc)"; + }; + }; + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + wireplumber.enable = true; + }; + greetd = { + enable = true; + settings.default_session.user = "greeter"; + }; + flatpak = { + enable = true; + packages = [ + "com.github.tchx84.Flatseal" + "com.rustdesk.RustDesk" + ]; + uninstallUnmanaged = true; + update.auto.enable = true; + }; + gvfs.enable = true; + }; + + security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority + + users = { + users.greeter = { + isSystemUser = true; + group = "greeter"; + }; + groups.greeter = { }; + }; + + programs = { + kdeconnect = { + enable = true; + package = pkgs.valent; + }; + dconf.enable = true; + appimage = { + enable = true; + binfmt = true; + }; + }; + + fonts = { + fontDir.enable = true; + packages = with pkgs; [ + corefonts + inter + nerd-fonts.fira-code + noto-fonts-cjk-sans + noto-fonts-color-emoji + roboto + ]; + }; + + xdg.portal = { + extraPortals = with pkgs; [ + xdg-desktop-portal-gnome + xdg-desktop-portal-gtk + ]; + config.common.default = "*"; + }; + }; + + homeManager.desktop = + { + config, + lib, + pkgs, + inputs, + ... + }: + { + imports = [ + inputs.vicinae.homeManagerModules.default + ] + ++ (with inputs.self.modules.homeManager; [ media ]); + + fonts.fontconfig.enable = true; + + home = { + packages = with pkgs; [ xwayland-satellite ]; + sessionVariables.TERMINAL = "ghostty"; + }; + + services.vicinae = { + enable = true; + systemd = { + enable = true; + autoStart = true; + }; + }; + + programs = { + ghostty = { + enable = true; + settings = { + cursor-style = "block"; + shell-integration-features = "no-cursor"; + cursor-style-blink = false; + custom-shader = "${builtins.fetchurl { + url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; + sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; + }}"; + bell-features = ""; + gtk-titlebar-style = "tabs"; + keybind = [ "shift+enter=text:\\x1b\\r" ]; + }; + }; + + password-store = { + enable = true; + package = pkgs.pass-wayland; + }; + }; + + xdg = { + enable = true; + userDirs.enable = true; + }; + }; + }; +} diff --git a/aspects/systems/gaming.nix b/aspects/systems/gaming.nix new file mode 100644 index 0000000..e73a6fe --- /dev/null +++ b/aspects/systems/gaming.nix @@ -0,0 +1,48 @@ +{ inputs, ... }: + +{ + flake.modules = { + nixos.gaming = + { pkgs, ... }: + { + imports = with inputs.self.modules.nixos; [ + mangohud + steam + ]; + hardware = { + xpadneo.enable = true; + steam-hardware.enable = true; # Allow steam client to manage controllers + graphics.enable32Bit = true; # For OpenGL games + }; + + services.flatpak.packages = [ + "com.github.k4zmu2a.spacecadetpinball" + "io.itch.itch" + "io.mrarm.mcpelauncher" + "net.retrodeck.retrodeck" + "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08" + rec { + appId = "com.hypixel.HytaleLauncher"; + sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv"; + bundle = "${pkgs.fetchurl { + url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak"; + inherit sha256; + }}"; + } + ]; + + environment.systemPackages = with pkgs; [ + clonehero + heroic + prismlauncher + ]; + }; + homeManager.gaming = + { ... }: + { + imports = with inputs.self.modules.homeManager; [ + mangohud + ]; + }; + }; +} diff --git a/aspects/systems/server.nix b/aspects/systems/server.nix new file mode 100644 index 0000000..c3c24f0 --- /dev/null +++ b/aspects/systems/server.nix @@ -0,0 +1,36 @@ +{ inputs, ... }: + +{ + flake.modules.nixos.server = + { + config, + lib, + pkgs, + ... + }: + { + boot = { + kernelPackages = pkgs.linuxPackages_hardened; + kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + }; + }; + + environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; + + nix = { + registry.nixpkgs.flake = inputs.nixpkgs-stable; + nixPath = [ + "nixpkgs=/etc/channels/nixpkgs" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; + + services.tailscale = { + extraSetFlags = [ "--advertise-exit-node" ]; + useRoutingFeatures = "server"; + }; + + }; +} diff --git a/aspects/users/_user/git.nix b/aspects/users/_user/git.nix new file mode 100644 index 0000000..40a5714 --- /dev/null +++ b/aspects/users/_user/git.nix @@ -0,0 +1,17 @@ +{ ... }: + +{ + programs = { + git = { + enable = true; + settings.user = { + name = "William"; + email = "baduhai@proton.me"; + }; + }; + diff-so-fancy = { + enable = true; + enableGitIntegration = true; + }; + }; +} diff --git a/aspects/users/root.nix b/aspects/users/root.nix new file mode 100644 index 0000000..ff04c56 --- /dev/null +++ b/aspects/users/root.nix @@ -0,0 +1,12 @@ +{ ... }: + +{ + flake.modules.nixos.root = + { pkgs, ... }: + { + users.users.root = { + shell = pkgs.fish; + hashedPassword = "!"; + }; + }; +} diff --git a/aspects/users/user.nix b/aspects/users/user.nix new file mode 100644 index 0000000..86bcddb --- /dev/null +++ b/aspects/users/user.nix @@ -0,0 +1,55 @@ +{ inputs, ... }: + +let + mkHomeConfiguration = inputs.self.lib.mkHomeConfiguration; +in + +{ + flake = { + modules.nixos.user = + { pkgs, ... }: + { + users.users.user = { + isNormalUser = true; + shell = pkgs.fish; + extraGroups = [ + "networkmanager" + "wheel" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + ]; + hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; + }; + }; + homeConfigurations = { + "user@rotterdam" = mkHomeConfiguration { + user = "user"; + hostname = "rotterdam"; + userModules = with inputs.self.modules.homeManager; [ + # system aspects + desktop + gaming + + # other aspects + stylix + niri + ]; + }; + "user@io" = mkHomeConfiguration { + user = "user"; + hostname = "io"; + userModules = with inputs.self.modules.homeManager; [ + # system aspects + desktop + + # other aspects + stylix + niri + ]; + }; + }; + }; +} diff --git a/data/services.nix b/data/services.nix new file mode 100644 index 0000000..ae7395c --- /dev/null +++ b/data/services.nix @@ -0,0 +1,42 @@ +# Shared service and host definitions +# This file can be imported directly (unlike aspects which use flake-parts) +{ + hosts = { + alexandria = { + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + }; + trantor = { + tailscaleIP = "100.108.5.90"; + }; + }; + + services = [ + { + name = "kanidm"; + domain = "auth.baduhai.dev"; + host = "alexandria"; + } + { + name = "vaultwarden"; + domain = "pass.baduhai.dev"; + host = "alexandria"; + } + { + name = "forgejo"; + domain = "git.baduhai.dev"; + host = "trantor"; + public = true; + } + { + name = "nextcloud"; + domain = "cloud.baduhai.dev"; + host = "alexandria"; + } + { + name = "jellyfin"; + domain = "jellyfin.baduhai.dev"; + host = "alexandria"; + } + ]; +} diff --git a/flake.lock b/flake.lock index b19b2ca..a99cac7 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1754433428, - "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", + "lastModified": 1770165109, + "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", "owner": "ryantm", "repo": "agenix", - "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", + "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", "type": "github" }, "original": { @@ -23,6 +23,96 @@ "type": "github" } }, + "base16": { + "inputs": { + "fromYaml": "fromYaml" + }, + "locked": { + "lastModified": 1755819240, + "narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=", + "owner": "SenchoPens", + "repo": "base16.nix", + "rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "base16.nix", + "type": "github" + } + }, + "base16-fish": { + "flake": false, + "locked": { + "lastModified": 1765809053, + "narHash": "sha256-XCUQLoLfBJ8saWms2HCIj4NEN+xNsWBlU1NrEPcQG4s=", + "owner": "tomyun", + "repo": "base16-fish", + "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", + "type": "github" + }, + "original": { + "owner": "tomyun", + "repo": "base16-fish", + "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", + "type": "github" + } + }, + "base16-helix": { + "flake": false, + "locked": { + "lastModified": 1760703920, + "narHash": "sha256-m82fGUYns4uHd+ZTdoLX2vlHikzwzdu2s2rYM2bNwzw=", + "owner": "tinted-theming", + "repo": "base16-helix", + "rev": "d646af9b7d14bff08824538164af99d0c521b185", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-helix", + "type": "github" + } + }, + "base16-vim": { + "flake": false, + "locked": { + "lastModified": 1732806396, + "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + } + }, + "blueprint": { + "inputs": { + "nixpkgs": [ + "nix-ai-tools", + "nixpkgs" + ], + "systems": "systems_2" + }, + "locked": { + "lastModified": 1771437256, + "narHash": "sha256-bLqwib+rtyBRRVBWhMuBXPCL/OThfokA+j6+uH7jDGU=", + "owner": "numtide", + "repo": "blueprint", + "rev": "06ee7190dc2620ea98af9eb225aa9627b68b0e33", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "blueprint", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -45,93 +135,57 @@ "type": "github" } }, - "dgop": { - "inputs": { - "nixpkgs": [ - "dms", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1760238269, - "narHash": "sha256-7CeGZM/Z/5Qt3AYByCRohGYGR1MRuXYzTTbkV/JxyAs=", - "owner": "AvengeMedia", - "repo": "dgop", - "rev": "95acdfce2d323e28fa8f5a4f345160962034f2b5", - "type": "github" - }, - "original": { - "owner": "AvengeMedia", - "repo": "dgop", - "type": "github" - } - }, "disko": { "inputs": { - "nixpkgs": [ - "nixpkgs-stable" - ] + "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1736864502, - "narHash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=", + "lastModified": 1769524058, + "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=", "owner": "nix-community", "repo": "disko", - "rev": "0141aabed359f063de7413f80d906e1d98c0c123", + "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d", "type": "github" }, "original": { "owner": "nix-community", - "ref": "v1.11.0", "repo": "disko", "type": "github" } }, - "dms": { - "inputs": { - "dgop": "dgop", - "dms-cli": "dms-cli", - "nixpkgs": [ - "nixpkgs" - ], - "quickshell": "quickshell" - }, + "firefox-gnome-theme": { + "flake": false, "locked": { - "lastModified": 1760401338, - "narHash": "sha256-aN4qiI9R4ByEucFE/zvJFF8Y456nDe1IXCKu0hvEP+U=", - "owner": "AvengeMedia", - "repo": "DankMaterialShell", - "rev": "07fe2ca4072eb987c8090f388d4979f5006cef52", + "lastModified": 1764873433, + "narHash": "sha256-1XPewtGMi+9wN9Ispoluxunw/RwozuTRVuuQOmxzt+A=", + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "rev": "f7ffd917ac0d253dbd6a3bf3da06888f57c69f92", "type": "github" }, "original": { - "owner": "AvengeMedia", - "repo": "DankMaterialShell", - "type": "github" - } - }, - "dms-cli": { - "inputs": { - "nixpkgs": [ - "dms", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1760241259, - "narHash": "sha256-DlLGn+4M6tIafoDsHr2WhHG2hrHrC24S2IL3+KAvjEU=", - "owner": "AvengeMedia", - "repo": "danklinux", - "rev": "dae4c3ff4ce0feb930361c399747edb29d081775", - "type": "github" - }, - "original": { - "owner": "AvengeMedia", - "repo": "danklinux", + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", "type": "github" } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1747046372, @@ -152,11 +206,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1759362264, - "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "type": "github" }, "original": { @@ -165,24 +219,101 @@ "type": "github" } }, - "flake-utils": { + "flake-parts_2": { "inputs": { - "systems": "systems_2" + "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "lastModified": 1765835352, + "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "a34fae9c08a15ad73f295041fec82323541400a9", "type": "github" }, "original": { - "owner": "numtide", - "repo": "flake-utils", + "owner": "hercules-ci", + "repo": "flake-parts", "type": "github" } }, + "flake-parts_3": { + "inputs": { + "nixpkgs-lib": [ + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1767609335, + "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "250481aafeb741edfe23d29195671c19b36b6dca", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_4": { + "inputs": { + "nixpkgs-lib": [ + "terranix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "fromYaml": { + "flake": false, + "locked": { + "lastModified": 1731966426, + "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", + "owner": "SenchoPens", + "repo": "fromYaml", + "rev": "106af9e2f715e2d828df706c386a685698f3223b", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "fromYaml", + "type": "github" + } + }, + "gnome-shell": { + "flake": false, + "locked": { + "host": "gitlab.gnome.org", + "lastModified": 1767737596, + "narHash": "sha256-eFujfIUQDgWnSJBablOuG+32hCai192yRdrNHTv0a+s=", + "owner": "GNOME", + "repo": "gnome-shell", + "rev": "ef02db02bf0ff342734d525b5767814770d85b49", + "type": "gitlab" + }, + "original": { + "host": "gitlab.gnome.org", + "owner": "GNOME", + "ref": "gnome-49", + "repo": "gnome-shell", + "type": "gitlab" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -204,27 +335,6 @@ "type": "github" } }, - "home-manager-stable": { - "inputs": { - "nixpkgs": [ - "nixpkgs-stable" - ] - }, - "locked": { - "lastModified": 1758463745, - "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-25.05", - "repo": "home-manager", - "type": "github" - } - }, "home-manager_2": { "inputs": { "nixpkgs": [ @@ -232,11 +342,11 @@ ] }, "locked": { - "lastModified": 1760033152, - "narHash": "sha256-e2g07P6SBJrYdRWw5JEJgh8ssccr+jigYR9p4GS0tME=", + "lastModified": 1770915843, + "narHash": "sha256-ZwU5wXKNqpOQvjNz6aBp1j5peiBZow1++6pLnk5VAhs=", "owner": "nix-community", "repo": "home-manager", - "rev": "5d61767c8dee7f9c66991335795dbca9e801c25a", + "rev": "6a1f7101d2c3ee87d485a87880d73b4665c6a4bd", "type": "github" }, "original": { @@ -246,13 +356,59 @@ "type": "github" } }, - "impermanence": { + "home-manager_3": { + "inputs": { + "nixpkgs": [ + "impermanence", + "nixpkgs" + ] + }, "locked": { - "lastModified": 1737831083, - "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", + "lastModified": 1768598210, + "narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "c47b2cc64a629f8e075de52e4742de688f930dc6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_4": { + "inputs": { + "nixpkgs": [ + "zen-browser", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1769872935, + "narHash": "sha256-07HMIGQ/WJeAQJooA7Kkg1SDKxhAiV6eodvOwTX6WKI=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "f4ad5068ee8e89e4a7c2e963e10dd35cd77b37b7", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "impermanence": { + "inputs": { + "home-manager": "home-manager_3", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1769548169, + "narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=", "owner": "nix-community", "repo": "impermanence", - "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", + "rev": "7b1d382faf603b6d264f58627330f9faa5cba149", "type": "github" }, "original": { @@ -261,13 +417,48 @@ "type": "github" } }, + "import-tree": { + "locked": { + "lastModified": 1763762820, + "narHash": "sha256-ZvYKbFib3AEwiNMLsejb/CWs/OL/srFQ8AogkebEPF0=", + "owner": "vic", + "repo": "import-tree", + "rev": "3c23749d8013ec6daa1d7255057590e9ca726646", + "type": "github" + }, + "original": { + "owner": "vic", + "repo": "import-tree", + "type": "github" + } + }, + "nix-ai-tools": { + "inputs": { + "blueprint": "blueprint", + "nixpkgs": "nixpkgs_3", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1771816560, + "narHash": "sha256-q5Wsb1573qDfIPJctG9CBZP0NMniejoB7SmBLZIVAHg=", + "owner": "numtide", + "repo": "llm-agents.nix", + "rev": "db94a329058a1a37b49d3209af85708b3338559a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "llm-agents.nix", + "type": "github" + } + }, "nix-flatpak": { "locked": { - "lastModified": 1754777568, - "narHash": "sha256-0bBqT+3XncgF8F03RFAamw9vdf0VmaDoIJLTGkjfQZs=", + "lastModified": 1768656715, + "narHash": "sha256-Sbh037scxKFm7xL0ahgSCw+X2/5ZKeOwI2clqrYr9j4=", "owner": "gmodena", "repo": "nix-flatpak", - "rev": "62f636b87ef6050760a8cb325cadb90674d1e23e", + "rev": "123fe29340a5b8671367055b75a6e7c320d6f89a", "type": "github" }, "original": { @@ -277,39 +468,39 @@ "type": "github" } }, - "nix-options-doc": { + "nix-index-database": { "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs", - "rust-overlay": "rust-overlay" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { - "lastModified": 1742115705, - "narHash": "sha256-RfXwJPWBoWswIU68+y/XZfTWtFHd/fK14bKvOlRmfPo=", - "owner": "Thunderbottom", - "repo": "nix-options-doc", - "rev": "2caa4b5756a8666d65d70122f413e295f56886e7", + "lastModified": 1770315571, + "narHash": "sha256-hy0gcAgAcxrnSWKGuNO+Ob0x6jQ2xkR6hoaR0qJBHYs=", + "owner": "nix-community", + "repo": "nix-index-database", + "rev": "2684bb8080a6f2ca5f9d494de5ef875bc1c4ecdb", "type": "github" }, "original": { - "owner": "Thunderbottom", - "ref": "v0.2.0", - "repo": "nix-options-doc", + "owner": "nix-community", + "repo": "nix-index-database", "type": "github" } }, "nixos-cli": { "inputs": { "flake-compat": "flake-compat", - "nix-options-doc": "nix-options-doc", - "nixpkgs": "nixpkgs_2" + "flake-parts": "flake-parts_2", + "nixpkgs": "nixpkgs_4", + "optnix": "optnix" }, "locked": { - "lastModified": 1759846470, - "narHash": "sha256-cFA87F149mDeogKjty5Kbk6Qy/RhMBr1fM3qEFbdTIg=", + "lastModified": 1770862985, + "narHash": "sha256-TFRhwVzPg3ly388J3CYYvjrma/dWjsBVpNE437bWeHk=", "owner": "nix-community", "repo": "nixos-cli", - "rev": "437b586743c3d06b0a72893097395b10e70a2b7b", + "rev": "9a2e97e8832b211df22c5cb21a55ebf1c3eb2be1", "type": "github" }, "original": { @@ -320,27 +511,42 @@ }, "nixpkgs": { "locked": { - "lastModified": 1740695751, - "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", - "owner": "nixos", + "lastModified": 1769330179, + "narHash": "sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv+6jcvA212M=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "6313551cd05425cd5b3e63fe47dbc324eabb15e4", + "rev": "48698d12cc10555a4f3e3222d9c669b884a49dfe", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable", + "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-lib": { "locked": { - "lastModified": 1754788789, - "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "lastModified": 1769909678, + "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "rev": "72716169fe93074c333e8d0173151350670b824c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_2": { + "locked": { + "lastModified": 1765674936, + "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", "type": "github" }, "original": { @@ -351,21 +557,69 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1759735786, - "narHash": "sha256-a0+h02lyP2KwSNrZz4wLJTu9ikujNsTWIC874Bv7IJ0=", + "lastModified": 1770770419, + "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "20c4598c84a671783f741e02bf05cbfaf4907cff", + "rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_2": { + "locked": { + "lastModified": 1768564909, + "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1771207753, + "narHash": "sha256-b9uG8yN50DRQ6A7JdZBfzq718ryYrlmGgqkRm9OOwCE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d1c15b7d5806069da59e819999d70e1cec0760bf", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1767151656, + "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f665af0cdb70ed27e1bd8f9fdfecaf451260fc55", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -381,13 +635,13 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_6": { "locked": { - "lastModified": 1759831965, - "narHash": "sha256-vgPm2xjOmKdZ0xKA6yLXPJpjOtQPHfaZDRtH+47XEBo=", + "lastModified": 1770562336, + "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c9b6fb798541223bbb396d287d16f43520250518", + "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", "type": "github" }, "original": { @@ -397,61 +651,168 @@ "type": "github" } }, - "quickshell": { + "nixpkgs_7": { + "locked": { + "lastModified": 1767767207, + "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { + "locked": { + "lastModified": 1762111121, + "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_9": { + "locked": { + "lastModified": 1769461804, + "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "noctalia": { "inputs": { "nixpkgs": [ - "dms", "nixpkgs" ] }, "locked": { - "lastModified": 1760228179, - "narHash": "sha256-4Z6k7lv3Zcgk3K+4h60LpqB9wCkR+utkYERU735U068=", - "ref": "refs/heads/master", - "rev": "c9d3ffb6043c5bf3f3009202bad7e0e5132c4a25", - "revCount": 693, - "type": "git", - "url": "https://git.outfoxxed.me/quickshell/quickshell" + "lastModified": 1770922006, + "narHash": "sha256-xg40mnp5KKBepACmvlPzmn5iPyUBxktfv50saSVUn0M=", + "owner": "noctalia-dev", + "repo": "noctalia-shell", + "rev": "d87364964948b9d691f8363f85a5e23bee154df9", + "type": "github" }, "original": { - "type": "git", - "url": "https://git.outfoxxed.me/quickshell/quickshell" + "owner": "noctalia-dev", + "repo": "noctalia-shell", + "type": "github" + } + }, + "nur": { + "inputs": { + "flake-parts": [ + "stylix", + "flake-parts" + ], + "nixpkgs": [ + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1767810917, + "narHash": "sha256-ZKqhk772+v/bujjhla9VABwcvz+hB2IaRyeLT6CFnT0=", + "owner": "nix-community", + "repo": "NUR", + "rev": "dead29c804adc928d3a69dfe7f9f12d0eec1f1a4", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "optnix": { + "inputs": { + "flake-compat": "flake-compat_2", + "nixpkgs": "nixpkgs_5" + }, + "locked": { + "lastModified": 1765418479, + "narHash": "sha256-33VCCXiEnEL9N2wVxo9FHLwL8KWH6qk+MNRcSThOPWs=", + "owner": "water-sucks", + "repo": "optnix", + "rev": "01facc3de860bf479723bf19535586564e59fe73", + "type": "github" + }, + "original": { + "owner": "water-sucks", + "repo": "optnix", + "type": "github" } }, "root": { "inputs": { "agenix": "agenix", "disko": "disko", - "dms": "dms", "flake-parts": "flake-parts", "home-manager": "home-manager_2", - "home-manager-stable": "home-manager-stable", "impermanence": "impermanence", + "import-tree": "import-tree", + "nix-ai-tools": "nix-ai-tools", "nix-flatpak": "nix-flatpak", + "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_3", - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs": "nixpkgs_6", + "nixpkgs-stable": "nixpkgs-stable", + "noctalia": "noctalia", + "stylix": "stylix", + "terranix": "terranix", + "vicinae": "vicinae", + "zen-browser": "zen-browser" } }, - "rust-overlay": { + "stylix": { "inputs": { - "nixpkgs": [ - "nixos-cli", - "nix-options-doc", - "nixpkgs" - ] + "base16": "base16", + "base16-fish": "base16-fish", + "base16-helix": "base16-helix", + "base16-vim": "base16-vim", + "firefox-gnome-theme": "firefox-gnome-theme", + "flake-parts": "flake-parts_3", + "gnome-shell": "gnome-shell", + "nixpkgs": "nixpkgs_7", + "nur": "nur", + "systems": "systems_3", + "tinted-foot": "tinted-foot", + "tinted-kitty": "tinted-kitty", + "tinted-schemes": "tinted-schemes", + "tinted-tmux": "tinted-tmux", + "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1740796337, - "narHash": "sha256-FuoXrXZPoJEZQ3PF7t85tEpfBVID9JQIOnVKMNfTAb0=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "bbac9527bc6b28b6330b13043d0e76eac11720dc", + "lastModified": 1770914701, + "narHash": "sha256-QHFYyngohNhih4w+3IqQty5DV+p1txsx1kkk6XJWar8=", + "owner": "danth", + "repo": "stylix", + "rev": "db03fed72e5ca02be34e1d24789345a943329738", "type": "github" }, "original": { - "owner": "oxalica", - "repo": "rust-overlay", + "owner": "danth", + "repo": "stylix", "type": "github" } }, @@ -484,6 +845,213 @@ "repo": "default", "type": "github" } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "terranix": { + "inputs": { + "flake-parts": "flake-parts_4", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems_4" + }, + "locked": { + "lastModified": 1762472226, + "narHash": "sha256-iVS4sxVgGn+T74rGJjEJbzx+kjsuaP3wdQVXBNJ79A0=", + "owner": "terranix", + "repo": "terranix", + "rev": "3b5947a48da5694094b301a3b1ef7b22ec8b19fc", + "type": "github" + }, + "original": { + "owner": "terranix", + "repo": "terranix", + "type": "github" + } + }, + "tinted-foot": { + "flake": false, + "locked": { + "lastModified": 1726913040, + "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + } + }, + "tinted-kitty": { + "flake": false, + "locked": { + "lastModified": 1735730497, + "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", + "owner": "tinted-theming", + "repo": "tinted-kitty", + "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-kitty", + "type": "github" + } + }, + "tinted-schemes": { + "flake": false, + "locked": { + "lastModified": 1767710407, + "narHash": "sha256-+W1EB79Jl0/gm4JqmO0Nuc5C7hRdp4vfsV/VdzI+des=", + "owner": "tinted-theming", + "repo": "schemes", + "rev": "2800e2b8ac90f678d7e4acebe4fa253f602e05b2", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "schemes", + "type": "github" + } + }, + "tinted-tmux": { + "flake": false, + "locked": { + "lastModified": 1767489635, + "narHash": "sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU=", + "owner": "tinted-theming", + "repo": "tinted-tmux", + "rev": "3c32729ccae99be44fe8a125d20be06f8d7d8184", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-tmux", + "type": "github" + } + }, + "tinted-zed": { + "flake": false, + "locked": { + "lastModified": 1767488740, + "narHash": "sha256-wVOj0qyil8m+ouSsVZcNjl5ZR+1GdOOAooAatQXHbuU=", + "owner": "tinted-theming", + "repo": "base16-zed", + "rev": "11abb0b282ad3786a2aae088d3a01c60916f2e40", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-zed", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nix-ai-tools", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1770228511, + "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "vicinae": { + "inputs": { + "nixpkgs": "nixpkgs_8", + "systems": "systems_5" + }, + "locked": { + "lastModified": 1770912475, + "narHash": "sha256-21lurBRyHgJbVD3E0/i7Fhxi4rBUxyznGfKpdGVtEdc=", + "owner": "vicinaehq", + "repo": "vicinae", + "rev": "0c70267ab7e07d7972012fcf8ae58808a32a2e86", + "type": "github" + }, + "original": { + "owner": "vicinaehq", + "repo": "vicinae", + "type": "github" + } + }, + "zen-browser": { + "inputs": { + "home-manager": "home-manager_4", + "nixpkgs": "nixpkgs_9" + }, + "locked": { + "lastModified": 1771000521, + "narHash": "sha256-5UDaXr770MaDac9HcFvGlUjsqyOoNbFdHArmjmtHcVk=", + "owner": "0xc000022070", + "repo": "zen-browser-flake", + "rev": "80ce62fd26af1934454f405bcb2510ceeea8d3a2", + "type": "github" + }, + "original": { + "owner": "0xc000022070", + "repo": "zen-browser-flake", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 0d826a1..2036828 100644 --- a/flake.nix +++ b/flake.nix @@ -2,44 +2,57 @@ description = "My nix hosts"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05"; - + # nix tools flake-parts.url = "github:hercules-ci/flake-parts"; + import-tree.url = "github:vic/import-tree"; + # nixos/hm + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11"; home-manager = { url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; }; - home-manager-stable = { - url = "github:nix-community/home-manager/release-25.05"; - inputs.nixpkgs.follows = "nixpkgs-stable"; - }; + # nixos/hm functionality modules agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs-stable"; }; + disko.url = "github:nix-community/disko"; + impermanence.url = "github:nix-community/impermanence"; + nixos-cli.url = "github:nix-community/nixos-cli"; + nix-flatpak.url = "github:gmodena/nix-flatpak/main"; + stylix.url = "github:danth/stylix"; - disko = { - url = "github:nix-community/disko?ref=v1.11.0"; - inputs.nixpkgs.follows = "nixpkgs-stable"; - }; - - dms = { - url = "github:AvengeMedia/DankMaterialShell"; + # nixos/hm program modules + nix-ai-tools.url = "github:numtide/llm-agents.nix"; + nix-index-database = { + url = "github:nix-community/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; }; + noctalia = { + url = "github:noctalia-dev/noctalia-shell"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + vicinae.url = "github:vicinaehq/vicinae"; + zen-browser.url = "github:0xc000022070/zen-browser-flake"; - nixos-cli.url = "github:nix-community/nixos-cli"; - - nix-flatpak.url = "github:gmodena/nix-flatpak/main"; - - impermanence.url = "github:nix-community/impermanence"; + # stand-alone tools + terranix = { + url = "github:terranix/terranix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = - inputs@{ flake-parts, ... }: + inputs@{ flake-parts, import-tree, ... }: + let + aspectsModules = import-tree ./aspects; + packagesModules = import-tree ./packages; + shellsModules = import-tree ./shells; + terranixModules = import-tree ./terranix; + in flake-parts.lib.mkFlake { inherit inputs; } { systems = [ "x86_64-linux" @@ -47,11 +60,12 @@ ]; imports = [ - ./devShells.nix - ./homeConfigurations.nix - ./nixosConfigurations.nix - ./overlays.nix - ./packages.nix - ]; + flake-parts.flakeModules.modules + inputs.terranix.flakeModule + ] + ++ aspectsModules.imports + ++ packagesModules.imports + ++ shellsModules.imports + ++ terranixModules.imports; }; } diff --git a/homeConfigurations.nix b/homeConfigurations.nix deleted file mode 100644 index 112783f..0000000 --- a/homeConfigurations.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ inputs, ... }: -let - lib = inputs.nixpkgs.lib; - utils = import ./utils.nix { inherit inputs lib; }; - inherit (utils) mkUser; -in -{ - flake.homeConfigurations = { - "user@rotterdam" = mkUser { - username = "user"; - tags = [ - "btop" - "desktop" - "direnv" - "gaming" - "helix" - "obs-studio" - "starship" - "tmux" - ]; - }; - - "user@io" = mkUser { - username = "user"; - tags = [ - "btop" - "desktop" - "direnv" - "helix" - "starship" - "tmux" - ]; - }; - }; -} diff --git a/hosts/alexandria/firewall.nix b/hosts/alexandria/firewall.nix deleted file mode 100644 index f6fded2..0000000 --- a/hosts/alexandria/firewall.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: - -{ - networking.firewall = { - allowedTCPPorts = [ - 80 - 443 - ]; - allowedUDPPorts = [ ]; - }; -} diff --git a/hosts/alexandria/forgejo.nix b/hosts/alexandria/forgejo.nix deleted file mode 100644 index 909d1d1..0000000 --- a/hosts/alexandria/forgejo.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in -{ - services.forgejo = { - enable = true; - repositoryRoot = "/data/forgejo"; - settings = { - session.COOKIE_SECURE = true; - server = { - PROTOCOL = "http+unix"; - DOMAIN = "git.baduhai.dev"; - ROOT_URL = "https://git.baduhai.dev"; - OFFLINE_MODE = true; # disable use of CDNs - SSH_DOMAIN = "baduhai.dev"; - }; - log.LEVEL = "Warn"; - mailer.ENABLED = false; - actions.ENABLED = false; - }; - }; - - services.nginx.virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; - domains."git.baduhai.dev".locations."/".proxyPass = - "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; - }; -} diff --git a/hosts/alexandria/librespeed.nix b/hosts/alexandria/librespeed.nix deleted file mode 100644 index 79353bd..0000000 --- a/hosts/alexandria/librespeed.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ lib, inputs, ... }: -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in -{ - virtualisation.oci-containers.containers."librespeed" = { - image = "lscr.io/linuxserver/librespeed:latest"; - environment = { - TZ = "America/Bahia"; - }; - extraOptions = [ - "--pull=newer" - "--label=io.containers.autoupdate=registry" - ]; - }; - - services.nginx.virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; - domains."speedtest.baduhai.dev".locations."/".proxyPass = "http://librespeed:80/"; - }; -} diff --git a/hosts/io/disko.nix b/hosts/io/disko.nix deleted file mode 100644 index edb1418..0000000 --- a/hosts/io/disko.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.disko.nixosModules.default ]; - - disko.devices = { - disk = { - main = { - type = "disk"; - device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689"; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - start = "1MiB"; - end = "1GiB"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot/efi"; - mountOptions = [ - "noatime" - "fmask=0077" - "dmask=0077" - ]; - }; - }; - cryptroot = { - priority = 2; - name = "root"; - size = "100%"; - content = { - type = "luks"; - name = "cryptroot"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "@root" = { - mountpoint = "/"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@root" - ]; - }; - "@home" = { - mountpoint = "/home"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@home" - ]; - }; - "@nix" = { - mountpoint = "/nix"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@nix" - ]; - }; - "@persistent" = { - mountpoint = "/persistent"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@persistent" - ]; - }; - }; - }; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/modules/bluetooth.nix b/hosts/modules/bluetooth.nix deleted file mode 100644 index fb6a06a..0000000 --- a/hosts/modules/bluetooth.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: - -{ - hardware.bluetooth.enable = true; -} diff --git a/hosts/modules/common/boot.nix b/hosts/modules/common/boot.nix deleted file mode 100644 index fbba278..0000000 --- a/hosts/modules/common/boot.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, ... }: - -{ - boot = { - loader = { - timeout = 1; - efi.canTouchEfiVariables = true; - systemd-boot = { - enable = true; - editor = false; - consoleMode = "max"; - sortKey = "aa"; - netbootxyz = { - enable = true; - sortKey = "zz"; - }; - }; - }; - }; -} diff --git a/hosts/modules/common/console.nix b/hosts/modules/common/console.nix deleted file mode 100644 index 9cb99d4..0000000 --- a/hosts/modules/common/console.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - console = { - useXkbConfig = true; - earlySetup = true; - }; -} diff --git a/hosts/modules/common/firewall.nix b/hosts/modules/common/firewall.nix deleted file mode 100644 index 910e803..0000000 --- a/hosts/modules/common/firewall.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - networking = { - firewall.enable = true; - nftables.enable = true; - }; -} diff --git a/hosts/modules/common/locale.nix b/hosts/modules/common/locale.nix deleted file mode 100644 index 7e07d85..0000000 --- a/hosts/modules/common/locale.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ ... }: - -{ - time.timeZone = "America/Bahia"; - - i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocaleSettings = { - LC_ADDRESS = "pt_BR.utf8"; - LC_IDENTIFICATION = "pt_BR.utf8"; - LC_MEASUREMENT = "pt_BR.utf8"; - LC_MONETARY = "pt_BR.utf8"; - LC_NAME = "pt_BR.utf8"; - LC_NUMERIC = "pt_BR.utf8"; - LC_PAPER = "pt_BR.utf8"; - LC_TELEPHONE = "pt_BR.utf8"; - LC_TIME = "en_IE.utf8"; - }; - }; -} diff --git a/hosts/modules/common/nix.nix b/hosts/modules/common/nix.nix deleted file mode 100644 index ff0b474..0000000 --- a/hosts/modules/common/nix.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; - - nix = { - settings = { - auto-optimise-store = true; - connect-timeout = 10; - log-lines = 25; - min-free = 128000000; - max-free = 1000000000; - trusted-users = [ "@wheel" ]; - }; - extraOptions = "experimental-features = nix-command flakes"; - gc = { - automatic = true; - options = "--delete-older-than 8d"; - }; - }; - - nixpkgs.config = { - allowUnfree = true; - enableParallelBuilding = true; - buildManPages = false; - buildDocs = false; - }; - - services = { - nixos-cli = { - enable = true; - config = { - use_nvd = true; - ignore_dirty_tree = true; - }; - }; - }; - - system.stateVersion = "22.11"; -} diff --git a/hosts/modules/common/openssh.nix b/hosts/modules/common/openssh.nix deleted file mode 100644 index 07108ce..0000000 --- a/hosts/modules/common/openssh.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - services.openssh = { - enable = true; - settings.PermitRootLogin = "no"; - }; -} diff --git a/hosts/modules/common/programs.nix b/hosts/modules/common/programs.nix deleted file mode 100644 index 9820149..0000000 --- a/hosts/modules/common/programs.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ lib, pkgs, ... }: - -{ - environment = { - systemPackages = with pkgs; [ - ### Dev Tools ### - git - ### System Utilities ### - btop - nixos-firewall-tool - nvd - sysz - tmux - wget - yazi - ]; - shellAliases = { - cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; - ls = "${lib.getExe pkgs.eza} --icons --group-directories-first"; - neofetch = "${lib.getExe pkgs.fastfetch}"; - tree = "ls --tree"; - }; - }; - - programs = { - command-not-found.enable = false; - fish.enable = true; - }; -} diff --git a/hosts/modules/common/security.nix b/hosts/modules/common/security.nix deleted file mode 100644 index 33d4953..0000000 --- a/hosts/modules/common/security.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: - -{ - security = { - unprivilegedUsernsClone = true; # Needed for rootless podman - sudo = { - wheelNeedsPassword = false; - extraConfig = '' - Defaults lecture = never - ''; - }; - }; -} diff --git a/hosts/modules/common/services.nix b/hosts/modules/common/services.nix deleted file mode 100644 index 89ac527..0000000 --- a/hosts/modules/common/services.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: - -{ - services = { - dbus.implementation = "broker"; - irqbalance.enable = true; - fstrim.enable = true; - }; -} diff --git a/hosts/modules/common/tailscale.nix b/hosts/modules/common/tailscale.nix deleted file mode 100644 index 98bea97..0000000 --- a/hosts/modules/common/tailscale.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - services.tailscale = { - enable = true; - extraUpFlags = [ "--operator=user" ]; - }; -} diff --git a/hosts/modules/common/users.nix b/hosts/modules/common/users.nix deleted file mode 100644 index 076eb99..0000000 --- a/hosts/modules/common/users.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ pkgs, ... }: - -{ - users.users = { - user = { - isNormalUser = true; - shell = pkgs.fish; - extraGroups = [ - "networkmanager" - "wheel" - ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" - ]; - hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; - }; - root = { - shell = pkgs.fish; - hashedPassword = "!"; - }; - }; - programs.fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - ''; - }; -} diff --git a/hosts/modules/desktop/boot.nix b/hosts/modules/desktop/boot.nix deleted file mode 100644 index 0ac4847..0000000 --- a/hosts/modules/desktop/boot.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ pkgs, ... }: - -{ - boot = { - plymouth.enable = true; - initrd.systemd.enable = true; - loader.efi.efiSysMountPoint = "/boot/efi"; - kernelPackages = pkgs.linuxPackages_xanmod_latest; - extraModprobeConfig = '' - options bluetooth disable_ertm=1 - ''; - kernel.sysctl = { - "net.ipv4.tcp_mtu_probing" = 1; - }; - kernelParams = [ - "quiet" - "splash" - "i2c-dev" - "i2c-piix4" - "loglevel=3" - "udev.log_priority=3" - "rd.udev.log_level=3" - "rd.systemd.show_status=false" - ]; - }; -} diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix deleted file mode 100644 index 2afd7ea..0000000 --- a/hosts/modules/desktop/desktop.nix +++ /dev/null @@ -1,157 +0,0 @@ -{ - inputs, - lib, - pkgs, - ... -}: - -let - kwrite = pkgs.symlinkJoin { - name = "kwrite"; - paths = [ pkgs.kdePackages.kate ]; - postBuild = '' - rm -rf $out/bin/kate \ - $out/bin/.kate-wrapped \ - $out/share/applications/org.kde.kate.desktop \ - $out/share/man \ - $out/share/icons/hicolor/*/apps/kate.png \ - $out/share/icons/hicolor/scalable/apps/kate.svg \ - $out/share/appdata/org.kde.kate.appdata.xml - ''; - }; -in -{ - imports = [ inputs.nix-flatpak.nixosModules.nix-flatpak ]; - - environment = { - sessionVariables = { - KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir - NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland - }; - systemPackages = - with pkgs; - [ - ### Web ### - bitwarden-desktop - brave - tor-browser - qbittorrent - vesktop - ### Office & Productivity ### - aspell - aspellDicts.de - aspellDicts.en - aspellDicts.en-computers - aspellDicts.pt_BR - kwrite - libreoffice-qt - onlyoffice-desktopeditors - rnote - ### Graphics & Design ### - gimp - inkscape - plasticity - ### System Utilities ### - adwaita-icon-theme - colloid-gtk-theme - junction - kara - kde-rounded-corners - libfido2 - mission-center - p7zip - rclone - toggleaudiosink - unrar - ### Media ### - mpv - obs-studio - qview - ] - ++ (with pkgs.kdePackages; [ - ark - dolphin - dolphin-plugins - kolourpaint - ]); - }; - - services = { - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - wireplumber.enable = true; - }; - greetd = { - enable = true; - settings = { - default_session = { - command = "${lib.getExe pkgs.greetd.tuigreet} --time --remember --asterisks --cmd ${lib.getExe pkgs.niri}"; - user = "greeter"; - }; - initial_session = { - command = "${lib.getExe pkgs.niri}"; - user = "user"; - }; - }; - }; - flatpak = { - enable = true; - packages = [ - ### Internet Browsers & Communication ### - "app.zen_browser.zen" - ### Graphics & Design ### - "com.boxy_svg.BoxySVG" - rec { - appId = "io.github.softfever.OrcaSlicer"; - sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; - bundle = "${pkgs.fetchurl { - url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; - inherit sha256; - }}"; - } - ### System Utilities ### - "com.github.tchx84.Flatseal" - "com.rustdesk.RustDesk" - ]; - uninstallUnmanaged = true; - update.auto.enable = true; - }; - }; - - security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority - - users = { - users.greeter = { - isSystemUser = true; - group = "greeter"; - }; - groups.greeter = { }; - }; - - programs = { - niri.enable = true; - dconf.enable = true; - kdeconnect.enable = true; - partition-manager.enable = true; - appimage = { - enable = true; - binfmt = true; - }; - }; - - fonts = { - fontDir.enable = true; - packages = with pkgs; [ - corefonts - inter - nerd-fonts.fira-code - noto-fonts-cjk-sans - noto-fonts-color-emoji - roboto - ]; - }; -} diff --git a/hosts/modules/desktop/nix.nix b/hosts/modules/desktop/nix.nix deleted file mode 100644 index 54a3549..0000000 --- a/hosts/modules/desktop/nix.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ inputs, ... }: - -{ - environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; - - nix = { - registry.nixpkgs.flake = inputs.nixpkgs; - nixPath = [ - "nixpkgs=${inputs.nixpkgs}" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - }; -} diff --git a/hosts/modules/desktop/services.nix b/hosts/modules/desktop/services.nix deleted file mode 100644 index 66b78f1..0000000 --- a/hosts/modules/desktop/services.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ pkgs, ... }: - -{ - services = { - printing.enable = true; - udev.packages = with pkgs; [ yubikey-personalization ]; - keyd = { - enable = true; - keyboards.all = { - ids = [ "*" ]; - settings.main.capslock = "overload(meta, esc)"; - }; - }; - }; -} diff --git a/hosts/modules/dev.nix b/hosts/modules/dev.nix deleted file mode 100644 index 82908f2..0000000 --- a/hosts/modules/dev.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, ... }: - -{ - environment.systemPackages = with pkgs; [ - bat - claude-code - lazygit - fd - fzf - glow - nixfmt-rfc-style - nix-init - nix-output-monitor - ripgrep - ]; - - programs.adb.enable = true; - - users.users.user.extraGroups = [ "adbusers" ]; -} diff --git a/hosts/modules/ephermal.nix b/hosts/modules/ephermal.nix deleted file mode 100644 index adaf5af..0000000 --- a/hosts/modules/ephermal.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.impermanence.nixosModules.impermanence ]; - - boot.initrd.systemd.services.recreate-root = { - description = "Rolling over and creating new filesystem root"; - requires = [ "initrd-root-device.target" ]; - after = [ - "local-fs-pre.target" - "initrd-root-device.target" - ]; - requiredBy = [ "initrd-root-fs.target" ]; - before = [ "sysroot.mount" ]; - unitConfig = { - AssertPathExists = "/etc/initrd-release"; - DefaultDependencies = false; - }; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - mkdir /btrfs_tmp - mount /dev/mapper/cryptroot /btrfs_tmp - - if [[ -e /btrfs_tmp/@root ]]; then - mkdir -p /btrfs_tmp/old_roots - timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/@root)" "+%Y-%m-%-d_%H:%M:%S") - mv /btrfs_tmp/@root "/btrfs_tmp/old_roots/$timestamp" - fi - - delete_subvolume_recursively() { - IFS=$'\n' - for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do - delete_subvolume_recursively "/btrfs_tmp/$i" - done - btrfs subvolume delete "$1" - } - - for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do - delete_subvolume_recursively "$i" - done - - btrfs subvolume create /btrfs_tmp/@root - umount /btrfs_tmp - ''; - }; - - environment.persistence.main = { - persistentStoragePath = "/persistent"; - files = [ - "/etc/machine-id" - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_rsa_key.pub" - ]; - directories = [ - "/etc/NetworkManager/system-connections" - "/etc/nixos" - "/var/lib/bluetooth" - "/var/lib/flatpak" - "/var/lib/lxd" - "/var/lib/nixos" - "/var/lib/systemd/coredump" - "/var/lib/systemd/timers" - "/var/lib/tailscale" - "/var/log" - ]; - }; -} diff --git a/hosts/modules/fwupd.nix b/hosts/modules/fwupd.nix deleted file mode 100644 index 52dc13e..0000000 --- a/hosts/modules/fwupd.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: - -{ - services.fwupd.enable = true; -} diff --git a/hosts/modules/gaming.nix b/hosts/modules/gaming.nix deleted file mode 100644 index cf6217f..0000000 --- a/hosts/modules/gaming.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ pkgs, ... }: - -{ - environment.systemPackages = with pkgs; [ - clonehero - heroic - mangohud - prismlauncher - protonup - steam-run - ]; - - programs = { - steam = { - enable = true; - extraCompatPackages = [ pkgs.proton-ge-bin ]; - }; - gamemode.enable = true; - }; - - hardware = { - xpadneo.enable = true; - steam-hardware.enable = true; # Allow steam client to manage controllers - graphics.enable32Bit = true; # For OpenGL games - }; - - services.flatpak.packages = [ - "com.github.k4zmu2a.spacecadetpinball" - "com.steamgriddb.SGDBoop" - "io.github.Foldex.AdwSteamGtk" - "io.itch.itch" - "io.mrarm.mcpelauncher" - "net.retrodeck.retrodeck" - "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08" - ]; -} diff --git a/hosts/modules/libvirtd.nix b/hosts/modules/libvirtd.nix deleted file mode 100644 index 41cfa27..0000000 --- a/hosts/modules/libvirtd.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ ... }: - -{ - virtualisation.libvirtd.enable = true; - - programs.virt-manager.enable = true; - - users.users.user.extraGroups = [ - "libvirt" - "libvirtd" - ]; -} diff --git a/hosts/modules/networkmanager.nix b/hosts/modules/networkmanager.nix deleted file mode 100644 index 7634116..0000000 --- a/hosts/modules/networkmanager.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ ... }: - -{ - networking.networkmanager = { - enable = true; - wifi.backend = "iwd"; - }; - - users.users.user.extraGroups = [ "networkmanager" ]; -} diff --git a/hosts/modules/podman.nix b/hosts/modules/podman.nix deleted file mode 100644 index 99018cc..0000000 --- a/hosts/modules/podman.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ pkgs, ... }: - -{ - virtualisation.podman = { - enable = true; - autoPrune.enable = true; - extraPackages = [ pkgs.podman-compose ]; - }; - - systemd = { - services.podman-auto-update.enable = true; - timers.podman-auto-update.enable = true; - }; -} diff --git a/hosts/modules/server/boot.nix b/hosts/modules/server/boot.nix deleted file mode 100644 index 5d6e482..0000000 --- a/hosts/modules/server/boot.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ pkgs, ... }: - -{ - boot.kernelPackages = pkgs.linuxPackages_hardened; -} diff --git a/hosts/modules/server/nix.nix b/hosts/modules/server/nix.nix deleted file mode 100644 index af57cae..0000000 --- a/hosts/modules/server/nix.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ inputs, ... }: - -{ - environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; - - nix = { - registry.nixpkgs.flake = inputs.nixpkgs-stable; - nixPath = [ - "nixpkgs=/etc/channels/nixpkgs" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - }; -} diff --git a/hosts/modules/server/tailscale.nix b/hosts/modules/server/tailscale.nix deleted file mode 100644 index 1f105ba..0000000 --- a/hosts/modules/server/tailscale.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: - -{ - services.tailscale = { - extraSetFlags = [ "--advertise-exit-node" ]; - useRoutingFeatures = "server"; - }; - - boot.kernel.sysctl = { - "net.ipv4.ip_forward" = 1; - "net.ipv6.conf.all.forwarding" = 1; - }; -} diff --git a/hosts/trantor/disko.nix b/hosts/trantor/disko.nix deleted file mode 100644 index a70383e..0000000 --- a/hosts/trantor/disko.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.disko.nixosModules.default ]; - - disko.devices = { - disk = { - main = { - type = "disk"; - device = "/dev/disk/by-id/scsi-3605e4addb4c640319c8c03436205530b"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/trantor/hardware-configuration.nix b/hosts/trantor/hardware-configuration.nix deleted file mode 100644 index d5cc31f..0000000 --- a/hosts/trantor/hardware-configuration.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - modulesPath, - ... -}: - -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - boot = { - kernelModules = [ ]; - extraModulePackages = [ ]; - initrd = { - availableKernelModules = [ - "xhci_pci" - "virtio_pci" - "virtio_scsi" - "usbhid" - ]; - kernelModules = [ ]; - }; - }; - - networking.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; -} diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix deleted file mode 100644 index f32f422..0000000 --- a/nixosConfigurations.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ inputs, ... }: -let - lib = inputs.nixpkgs.lib; - utils = import ./utils.nix { inherit inputs lib; }; - inherit (utils) mkHost; -in -{ - flake.nixosConfigurations = { - rotterdam = mkHost { - hostname = "rotterdam"; - tags = [ - "desktop" - "bluetooth" - "dev" - "ephermal" - "fwupd" - "gaming" - "libvirtd" - "networkmanager" - "podman" - ]; - }; - - io = mkHost { - hostname = "io"; - tags = [ - "desktop" - "bluetooth" - "dev" - "ephermal" - "networkmanager" - "podman" - ]; - }; - - alexandria = mkHost { - hostname = "alexandria"; - tags = [ - "fwupd" - "podman" - ]; - }; - - trantor = mkHost { - hostname = "trantor"; - system = "aarch64-linux"; - tags = [ - ]; - }; - }; -} diff --git a/overlays.nix b/overlays.nix deleted file mode 100644 index a5ba76c..0000000 --- a/overlays.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ inputs, ... }: - -{ - flake.overlays = { - default = final: prev: { - toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; - hm-cli = inputs.self.packages.${final.system}.hm-cli; - }; - }; -} diff --git a/packages.nix b/packages.nix deleted file mode 100644 index e83ad26..0000000 --- a/packages.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ ... }: - -{ - perSystem = - { pkgs, system, ... }: - { - packages = { - toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; - hm-cli = pkgs.callPackage ./packages/hm-cli.nix { }; - }; - }; -} diff --git a/packages/base16-schemes.nix b/packages/base16-schemes.nix new file mode 100644 index 0000000..fbb1341 --- /dev/null +++ b/packages/base16-schemes.nix @@ -0,0 +1,35 @@ +{ ... }: + +{ + perSystem = + { pkgs, ... }: + { + packages.base16-schemes = pkgs.stdenv.mkDerivation (finalAttrs: { + pname = "base16-schemes"; + version = "0-unstable-2025-06-04"; + + src = pkgs.fetchFromGitHub { + owner = "tinted-theming"; + repo = "schemes"; + rev = "317a5e10c35825a6c905d912e480dfe8e71c7559"; + hash = "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM="; + }; + + installPhase = '' + runHook preInstall + + mkdir -p $out/share/themes/ + install base16/*.yaml $out/share/themes/ + + runHook postInstall + ''; + + meta = { + description = "All the color schemes for use in base16 packages"; + homepage = "https://github.com/tinted-theming/schemes"; + maintainers = [ pkgs.lib.maintainers.DamienCassou ]; + license = pkgs.lib.licenses.mit; + }; + }); + }; +} diff --git a/packages/fastfetch.nix b/packages/fastfetch.nix new file mode 100644 index 0000000..aa8d616 --- /dev/null +++ b/packages/fastfetch.nix @@ -0,0 +1,84 @@ +{ ... }: + +{ + perSystem = + { pkgs, lib, ... }: + let + fastfetch-logo = pkgs.fetchurl { + url = "https://discourse.nixos.org/uploads/default/original/3X/3/6/36954e6d6aa32c8b00f50ca43f142d898c1ff535.png"; + hash = "sha256-aLHz8jSAFocrn+Pb4vRq0wtkYFJpBpZRevd+VoZC/PQ="; + }; + + fastfetch-config = pkgs.writeText "fastfetch-config.json" ( + builtins.toJSON { + "$schema" = "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json"; + modules = [ + "title" + "separator" + { + type = "os"; + keyWidth = 9; + } + { + type = "kernel"; + keyWidth = 9; + } + { + type = "uptime"; + keyWidth = 9; + } + { + type = "shell"; + keyWidth = 9; + } + "break" + { + type = "cpu"; + keyWidth = 11; + } + { + type = "memory"; + keyWidth = 11; + } + { + type = "swap"; + keyWidth = 11; + } + { + type = "disk"; + folders = "/"; + keyWidth = 11; + } + { + type = "command"; + key = "Systemd"; + keyWidth = 11; + text = "echo \"$(systemctl list-units --state=failed --no-legend | wc -l) failed units, $(systemctl list-jobs --no-legend | wc -l) queued jobs\""; + } + "break" + { + type = "command"; + key = "Public IP"; + keyWidth = 15; + text = "curl -s -4 ifconfig.me 2>/dev/null || echo 'N/A'"; + } + { + type = "command"; + key = "Tailscale IP"; + keyWidth = 15; + text = "tailscale ip -4 2>/dev/null || echo 'N/A'"; + } + { + type = "command"; + key = "Local IP"; + keyWidth = 15; + text = "ip -4 addr show scope global | grep inet | head -n1 | awk '{print $2}' | cut -d/ -f1"; + } + ]; + } + ); + in + { + packages.fastfetch = pkgs.writeShellScriptBin "fastfetch" ''exec ${lib.getExe pkgs.fastfetch} --config ${fastfetch-config} --logo-type kitty --logo ${fastfetch-logo} --logo-padding-right 1 --logo-width 36 "$@" ''; + }; +} diff --git a/packages/hm-cli.nix b/packages/hm-cli.nix index ef3ec30..59f4b4f 100644 --- a/packages/hm-cli.nix +++ b/packages/hm-cli.nix @@ -1,101 +1,107 @@ +{ ... }: + { - pkgs ? import { }, -}: + perSystem = + { pkgs, ... }: + { + packages.hm-cli = pkgs.writeShellScriptBin "hm" '' + HM="${pkgs.lib.getExe pkgs.home-manager}" + FLAKE_PATH="''${HM_PATH:-$HOME/.config/home-manager}" + FLAKE_OUTPUT="''${HM_USER:-$(whoami)@$(hostname)}" -pkgs.writeShellScriptBin "hm" '' - set -e + show_usage() { + cat < [args] - HM="${pkgs.lib.getExe pkgs.home-manager}" - FLAKE_PATH="''${HM_PATH:-$HOME/.config/home-manager}" - FLAKE_OUTPUT="''${HM_USER:-$(whoami)@$(hostname)}" + Commands: + apply Switch to a new generation + generation list List all generations + generation delete ID... Delete specified generation(s) + generation rollback Rollback to the previous generation + generation switch ID Switch to the specified generation + generation cleanup Delete all but the current generation - show_usage() { - cat < [args] + Environment Variables: + HM_PATH Override default flake path (~/.config/home-manager) + Currently set to "''${HM_PATH:-}" + HM_USER Override default user output ("$(whoami)@$(hostname)") + Currently set to "''${HM_USER:-}" + EOF + } - Commands: - apply Switch to a new generation - generation list List all generations - generation delete ID... Delete specified generation(s) - generation rollback Rollback to the previous generation - generation switch ID Switch to the specified generation - generation cleanup Delete all but the current generation - - Environment Variables: - HM_PATH Override default flake path (~/.config/home-manager) - Currently set to "$(echo $HM_PATH)" - HM_USER Override default user output ("$(whoami)@$(hostname)") - Currently set to "$(echo $HM_USER)" - EOF - } - - if [[ $# -eq 0 ]]; then - show_usage - exit 1 - fi - - case "$1" in - apply) - "$HM" switch --flake "$FLAKE_PATH#$FLAKE_OUTPUT" - ;; - generation) - if [[ $# -lt 2 ]]; then - echo "Error: generation command requires a subcommand" + if [[ $# -eq 0 ]]; then show_usage exit 1 fi - case "$2" in - list) - "$HM" generations + case "$1" in + apply) + "$HM" switch --flake "$FLAKE_PATH#$FLAKE_OUTPUT" -b bkp ;; - delete) - if [[ $# -lt 3 ]]; then - echo "Error: delete requires at least one generation ID" + generation) + if [[ $# -lt 2 ]]; then + echo "Error: generation command requires a subcommand" + show_usage exit 1 fi - shift 2 - "$HM" remove-generations "$@" - ;; - rollback) - "$HM" generations | \ - sed -n 's/^[[:space:]]*id \([0-9]\+\).*/\1/p' | \ - head -n 2 | tail -n 1 | \ - xargs -I {} "$HM" switch --flake "$FLAKE_PATH" --switch-generation {} - ;; - switch) - if [[ $# -ne 3 ]]; then - echo "Error: switch requires exactly one generation ID" - exit 1 - fi - "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$3" - ;; - cleanup) - CURRENT_GEN=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .* (current)$/\1/p') - if [[ -z "$CURRENT_GEN" ]]; then - echo "Error: could not determine current generation" - exit 1 - fi - OLD_GENS=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .*/\1/p' | grep -v "^$CURRENT_GEN$") - if [[ -z "$OLD_GENS" ]]; then - echo "No old generations to delete" - else - echo "Deleting generations: $(echo $OLD_GENS | tr '\n' ' ')" - echo "$OLD_GENS" | xargs "$HM" remove-generations - echo "Cleanup complete. Current generation $CURRENT_GEN preserved." - fi + + case "$2" in + list) + "$HM" generations + ;; + delete) + if [[ $# -lt 3 ]]; then + echo "Error: delete requires at least one generation ID" + exit 1 + fi + shift 2 + "$HM" remove-generations "$@" + ;; + rollback) + PREV_GEN=$("$HM" generations | \ + sed -n 's/^[[:space:]]*id \([0-9]\+\).*/\1/p' | \ + head -n 2 | tail -n 1) + if [[ -z "$PREV_GEN" ]]; then + echo "Error: could not determine previous generation (possibly only one generation exists)" + exit 1 + fi + "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$PREV_GEN" -b bkp + ;; + switch) + if [[ $# -ne 3 ]]; then + echo "Error: switch requires exactly one generation ID" + exit 1 + fi + "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$3" -b bkp + ;; + cleanup) + CURRENT_GEN=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .* (current)$/\1/p') + if [[ -z "$CURRENT_GEN" ]]; then + echo "Error: could not determine current generation" + exit 1 + fi + OLD_GENS=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .*/\1/p' | grep -v "^$CURRENT_GEN$") + if [[ -z "$OLD_GENS" ]]; then + echo "No old generations to delete" + else + echo "Deleting generations: $(echo $OLD_GENS | tr '\n' ' ')" + echo "$OLD_GENS" | xargs "$HM" remove-generations + echo "Cleanup complete. Current generation $CURRENT_GEN preserved." + fi + ;; + *) + echo "Error: unknown generation subcommand '$2'" + show_usage + exit 1 + ;; + esac ;; *) - echo "Error: unknown generation subcommand '$2'" + echo "Error: unknown command '$1'" show_usage exit 1 ;; esac - ;; - *) - echo "Error: unknown command '$1'" - show_usage - exit 1 - ;; - esac -'' + ''; + }; +} diff --git a/packages/kwrite.nix b/packages/kwrite.nix new file mode 100644 index 0000000..67ce69e --- /dev/null +++ b/packages/kwrite.nix @@ -0,0 +1,21 @@ +{ ... }: + +{ + perSystem = + { pkgs, ... }: + { + packages.kwrite = pkgs.symlinkJoin { + name = "kwrite"; + paths = [ pkgs.kdePackages.kate ]; + postBuild = '' + rm -rf $out/bin/kate \ + $out/bin/.kate-wrapped \ + $out/share/applications/org.kde.kate.desktop \ + $out/share/man \ + $out/share/icons/hicolor/*/apps/kate.png \ + $out/share/icons/hicolor/scalable/apps/kate.svg \ + $out/share/appdata/org.kde.kate.appdata.xml + ''; + }; + }; +} diff --git a/packages/niri-auto-centre.nix b/packages/niri-auto-centre.nix new file mode 100644 index 0000000..dd7b04c --- /dev/null +++ b/packages/niri-auto-centre.nix @@ -0,0 +1,32 @@ +{ ... }: + +{ + perSystem = + { pkgs, ... }: + { + packages.niri-auto-centre = pkgs.writeShellApplication { + name = "niri-auto-centre"; + runtimeInputs = [ pkgs.jq ]; + text = '' + while true; do + ACTIVE_WORKSPACE=$(niri msg --json workspaces | jq -r '.[] | select(.is_active == true)') + WORKSPACE_ID=$(echo "$ACTIVE_WORKSPACE" | jq -r '.id') + OUTPUT_NAME=$(echo "$ACTIVE_WORKSPACE" | jq -r '.output') + + MONITOR_WIDTH=$(niri msg --json outputs | jq -r ".\"$OUTPUT_NAME\".logical.width") + + SUMMED_TILE_WIDTH=$(niri msg --json windows | jq --argjson wid "$WORKSPACE_ID" -r ' + [.[] | select(.workspace_id == $wid) | {col: .layout.pos_in_scrolling_layout[0], width: .layout.tile_size[0]}] + | group_by(.col) | map(first.width) | add + ') + + if awk "BEGIN {exit !($SUMMED_TILE_WIDTH < $MONITOR_WIDTH)}"; then + niri msg action center-visible-columns + fi + + sleep 0.1 + done + ''; + }; + }; +} diff --git a/packages/overlays.nix b/packages/overlays.nix new file mode 100644 index 0000000..169a67b --- /dev/null +++ b/packages/overlays.nix @@ -0,0 +1,23 @@ +{ inputs, ... }: + +let + packageDir = builtins.readDir ./.; + + # Filter to .nix files, excluding overlays.nix + isPackageFile = name: name != "overlays.nix" && builtins.match ".*\\.nix$" name != null; + + # Extract package name from filename (e.g., "foo-bar.nix" -> "foo-bar") + toPackageName = filename: builtins.head (builtins.match "(.+)\\.nix$" filename); + + packageNames = map toPackageName (builtins.filter isPackageFile (builtins.attrNames packageDir)); +in +{ + flake.overlays.default = + final: prev: + builtins.listToAttrs ( + map (name: { + inherit name; + value = inputs.self.packages.${final.system}.${name}; + }) packageNames + ); +} diff --git a/packages/toggleaudiosink.nix b/packages/toggleaudiosink.nix index 623346f..22e0d44 100644 --- a/packages/toggleaudiosink.nix +++ b/packages/toggleaudiosink.nix @@ -1,48 +1,52 @@ +{ ... }: + { - pkgs ? import { }, -}: + perSystem = + { pkgs, ... }: + { + packages.toggleaudiosink = pkgs.writeShellScriptBin "toggleaudiosink" '' + #!/usr/bin/env bash -pkgs.writeShellScriptBin "toggleaudiosink" '' - #!/usr/bin/env bash + sound_server="pipewire" - sound_server="pipewire" + # Grab a count of how many audio sinks we have + sink_count=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -c "Sink #[[:digit:]]") + # Create an array of the actual sink IDs + sinks=() + mapfile -t sinks < <(${pkgs.pulseaudio}/bin/pactl list sinks | grep 'Sink #[[:digit:]]' | sed -n -e 's/.*Sink #\([[:digit:]]\)/\1/p') + # Get the ID of the active sink + active_sink_name=$(${pkgs.pulseaudio}/bin/pactl info | grep 'Default Sink:' | sed -n -e 's/.*Default Sink:[[:space:]]\+\(.*\)/\1/p') + active_sink=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -B 2 "$active_sink_name" | sed -n -e 's/Sink #\([[:digit:]]\)/\1/p' | head -n 1) - # Grab a count of how many audio sinks we have - sink_count=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -c "Sink #[[:digit:]]") - # Create an array of the actual sink IDs - sinks=() - mapfile -t sinks < <(${pkgs.pulseaudio}/bin/pactl list sinks | grep 'Sink #[[:digit:]]' | sed -n -e 's/.*Sink #\([[:digit:]]\)/\1/p') - # Get the ID of the active sink - active_sink_name=$(${pkgs.pulseaudio}/bin/pactl info | grep 'Default Sink:' | sed -n -e 's/.*Default Sink:[[:space:]]\+\(.*\)/\1/p') - active_sink=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -B 2 "$active_sink_name" | sed -n -e 's/Sink #\([[:digit:]]\)/\1/p' | head -n 1) + # Get the ID of the last sink in the array + final_sink=''${sinks[$((sink_count - 1))]} - # Get the ID of the last sink in the array - final_sink=''${sinks[$((sink_count - 1))]} + # Find the index of the active sink + for index in "''${!sinks[@]}"; do + if [[ "''${sinks[$index]}" == "$active_sink" ]]; then + active_sink_index=$index + fi + done - # Find the index of the active sink - for index in "''${!sinks[@]}"; do - if [[ "''${sinks[$index]}" == "$active_sink" ]]; then - active_sink_index=$index - fi - done + # Default to the first sink in the list + next_sink=''${sinks[0]} + next_sink_index=0 - # Default to the first sink in the list - next_sink=''${sinks[0]} - next_sink_index=0 + # If we're not at the end of the list, move up the list + if [[ $active_sink -ne $final_sink ]]; then + next_sink_index=$((active_sink_index + 1)) + next_sink=''${sinks[$next_sink_index]} + fi - # If we're not at the end of the list, move up the list - if [[ $active_sink -ne $final_sink ]]; then - next_sink_index=$((active_sink_index + 1)) - next_sink=''${sinks[$next_sink_index]} - fi + # Change the default sink + # Get the name of the next sink + next_sink_name=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -C 2 "Sink #$next_sink" | sed -n -e 's/.*Name:[[:space:]]\+\(.*\)/\1/p' | head -n 1) + ${pkgs.pulseaudio}/bin/pactl set-default-sink "$next_sink_name" - # Change the default sink - # Get the name of the next sink - next_sink_name=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -C 2 "Sink #$next_sink" | sed -n -e 's/.*Name:[[:space:]]\+\(.*\)/\1/p' | head -n 1) - ${pkgs.pulseaudio}/bin/pactl set-default-sink "$next_sink_name" - - # Move all inputs to the new sink - for app in $(${pkgs.pulseaudio}/bin/pactl list sink-inputs | sed -n -e 's/.*Sink Input #\([[:digit:]]\)/\1/p'); do - ${pkgs.pulseaudio}/bin/pactl "move-sink-input $app $next_sink" - done -'' + # Move all inputs to the new sink + for app in $(${pkgs.pulseaudio}/bin/pactl list sink-inputs | sed -n -e 's/.*Sink Input #\([[:digit:]]\)/\1/p'); do + ${pkgs.pulseaudio}/bin/pactl "move-sink-input $app $next_sink" + done + ''; + }; +} diff --git a/readme.md b/readme.md index 9f3af1e..e36ccec 100644 --- a/readme.md +++ b/readme.md @@ -1,8 +1,73 @@ -All my personal Nix and NixOS hosts, in a flake. +# NixOS Flake Configuration -|Host|Description|System Version| -|:---|:---:|---:| -|alexandria|Personal server/NAS|NixOS 25.05| -|io|Mobile workstation|NixOS Unstable| -|rotterdam|Workstation|NixOS Unstable| -|trantor|Oracle Cloud VPS|NixOS 25.05| +Modular NixOS configuration using flake-parts with the [dendritic](https://github.com/gytis-ivaskevicius/dendritic) pattern. + +## Structure + +``` +. +├── aspects/ # Reusable NixOS/home-manager modules (dendritic) +│ ├── base/ # Base system configuration +│ ├── hosts/ # Host-specific configurations +│ │ ├── _alexandria/ +│ │ ├── _io/ +│ │ ├── _rotterdam/ +│ │ └── _trantor/ +│ ├── systems/ # System type modules (desktop, server, cli, gaming) +│ └── users/ # User account configurations +├── data/ # Shared host/service definitions +├── packages/ # Custom packages and overlays +├── shells/ # Shell configurations +└── terranix/ # Terraform configurations for cloud resources +``` + +## Hosts + +| Host | Architecture | Type | Description | +|------|--------------|------|-------------| +| trantor | aarch64-linux | server | ARM server running Forgejo | +| alexandria | x86_64-linux | server | x86 server (Kanidm, Vaultwarden, Nextcloud, Jellyfin) | +| rotterdam | x86_64-linux | desktop | Main workstation setup for gaming | +| io | x86_64-linux | desktop | Workstation | + +## Services + +- **git.baduhai.dev** (Forgejo) - Publicly accessible on trantor + +Other services (LAN/Tailscale only): Vaultwarden, Nextcloud, Jellyfin + +## Features + +- **Ephemeral root**: Automatic btrfs subvolume rollover with impermanence +- **Secrets**: Managed via agenix with age encryption +- **Disk management**: disko for declarative disk partitioning +- **Modular architecture**: Each aspect is a separate module imported via import-tree +- **Dendritic pattern**: Aspects are imported as a unified flake module + +## Building + +```bash +# Build specific host +nix build .#nixosConfigurations.trantor.config.system.build.toplevel + +# Rebuild host (if using nixos-cli on the host) +sudo nixos apply +``` + +## Terranix + +Terraform configurations for cloud infrastructure managed via terranix: + +- baduhai.dev DNS on CloudFlare +- VPS provisioning on OCI +- Tailscale subnet routers + +## Key Dependencies + +- nixpkgs (nixos-unstable for workstations, nixos for servers) +- home-manager +- agenix +- disko +- impermanence +- nix-flatpak +- nixos-cli diff --git a/secrets/cloudflare.age b/secrets/cloudflare.age index 11cfac6..028e964 100644 --- a/secrets/cloudflare.age +++ b/secrets/cloudflare.age @@ -1,15 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 Kfdnog HMpl/3mb59SsUvkDXXxO+odBNSc1dZS1nQtC8/BPlGI -4fPk0YtGxOoqXDfTN9kQlH0Pg2iaJXUZE5es6f317L4 --> ssh-ed25519 SP9f6A p1kh6UOFJ4xwulLY9IpbNZIJ7JSouR27j6HgK/XRegM -rJCzN+RCdQgo/xCkAmcdN6GfXsoQhpmE1HuGwYs/2CI --> ssh-ed25519 8YSAiw cCbMOE3PMa3bzGGQSeQZuq074iwt4p4HLDu8uiHhWRY -U6wR/DuBdMKfbmQfUZ8XLdTBxNsUMR2lOueYucR5+bY --> ssh-ed25519 7cojTQ iLDzC79YtZcrqldzCyIFHrpsEapOXYD5AXuNoQ+3ulI -v2NiE3pA+J8Po+PqTTUU9XYKy37AIyj5KWdlh7FOPG8 --> ssh-ed25519 J6tVTA Jw1pSpF1J2Ud46BDhdRCPErgUeim8uwWxiB1E3BiJB8 -hGdGFi46iqKJN0QviG1xRNf2kwlls0rM5k3LkAiw8jY --> ssh-ed25519 Kl5yTQ yXnKCsJNjTSQYiPuv6dAF6raB3EFcg2oag1cBVkdvwk -0hwjrZpclTrFWtr5JqAbwXImYzZwTJOJPkhNnlHmPeo ---- k97ZU6FfTWVqBwNcrF9QeEbnqnuQUQ9pR1qM/Sgjh7A -#L-q﹋hr&*hNbqܦHŠG=@uaku|Er^BOo}:5ju$%".A1qP\2C R_ S=(%sި \ No newline at end of file +-> ssh-ed25519 Kfdnog IHXv4c5we36dCUsB1v8uEF23tIRlDQ/8WR1hX4GQ+Uc +Cwccw64BYBdSZUdkSqKESIU7E17cLNtiAZZ3Y1xV87A +-> ssh-ed25519 8YSAiw Ce3vdMG111ubjcFgd3+q2Qw2+7dsoUz7SiudtuLDr0Y +JUodwFsKfOTZXxFyRrEk/4gxJ4goPkwvYeThi893M0U +-> ssh-ed25519 J6tVTA bExFuITTGXkTvhW25nushN7zT/PJGDoezsqu7fLKemI +4a90v0F4wgcZeqWBQ/EpqOZ9OCgT7qruwVvlGZeFmN8 +-> ssh-ed25519 Qt3Q+A j1oo46pNh1+yPEtxpgj+QPQPf5m82jL0DHGMacY8UFA +vy52Hl1WLTdKNA8+4p7A48Sg9+QkMXbECf/uxVMCLYk +--- 429vzgFnmFbEqDMwdvC0/EYDJlKU64YEGgE0AqPqlBs +b/!8O3Df/&kNQhurt%&]ucjH]_5@D$>N8Ϧ >9:CvѦ69W'X]X^ƻ$}|c/ ߸={uɳs \ No newline at end of file diff --git a/secrets/forgejo-root-password.age b/secrets/forgejo-root-password.age new file mode 100644 index 0000000..90be612 Binary files /dev/null and b/secrets/forgejo-root-password.age differ diff --git a/secrets/nextcloud-adminpass.age b/secrets/nextcloud-adminpass.age new file mode 100644 index 0000000..b4a29fa Binary files /dev/null and b/secrets/nextcloud-adminpass.age differ diff --git a/secrets/nextcloud-secrets.json.age b/secrets/nextcloud-secrets.json.age new file mode 100644 index 0000000..02d170d Binary files /dev/null and b/secrets/nextcloud-secrets.json.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index ba71b7a..a90cd74 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,29 +1,35 @@ let - io-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs"; - io-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCIrKJk5zWzWEHvLMPMK8T3PyeBjsCsqzxPN+OrXfhA"; - io = [ - io-user - io-host - ]; + io-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io"; + io = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCIrKJk5zWzWEHvLMPMK8T3PyeBjsCsqzxPN+OrXfhA root@io"; - rotterdam-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL"; - rotterdam-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIjXcqQqlu03x2VVTdWOyxtKRszXAKX0AxTkGvF1oeJL"; - rotterdam = [ - rotterdam-user - rotterdam-host - ]; + rotterdam-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam"; + rotterdam = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIjXcqQqlu03x2VVTdWOyxtKRszXAKX0AxTkGvF1oeJL root@rotterdam"; - alexandria-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK95QueW+jp1ZmF299Xr3XkgHJ6dL7aZVsfWxqbOKVKA"; - alexandria = [ alexandria-host ]; + alexandria = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK95QueW+jp1ZmF299Xr3XkgHJ6dL7aZVsfWxqbOKVKA root@alexandria"; - trantor-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINkGuGLZPnYJbCGY4BhJ9uTupp6ruuR1NZ7FEYEaLPA7"; - trantor = [ trantor-host ]; - - desktops = io ++ rotterdam; - servers = alexandria ++ trantor; - all-hosts = desktops ++ servers; + trantor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIh/2u5pr/iPVeavlsor5hbTtsgUfP1JpzZVco2YQAo3 root@trantor"; in + { - "cloudflare.age".publicKeys = all-hosts; - "webdav.age".publicKeys = all-hosts; + "cloudflare.age".publicKeys = [ + io-user + rotterdam-user + alexandria + trantor + ]; + "nextcloud-adminpass.age".publicKeys = [ + io-user + rotterdam-user + alexandria + ]; + "nextcloud-secrets.json.age".publicKeys = [ + io-user + rotterdam-user + alexandria + ]; + "forgejo-root-password.age".publicKeys = [ + io-user + rotterdam-user + trantor + ]; } diff --git a/secrets/webdav.age b/secrets/webdav.age deleted file mode 100644 index 93bd850..0000000 --- a/secrets/webdav.age +++ /dev/null @@ -1,15 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 Kfdnog 9oKx6Oz/J/QJ0mmgoLX5AUx0sFdxnPVnjF42bElPSXA -BJ6h4lHGDsf1Npc4bwkvz5htGRT/x/b2bs9WFM2W/pc --> ssh-ed25519 SP9f6A T5t4apynXLYN/4YEvaHRCI28rrKzet4r6LrbAye5VGk -BsXkZYBxG9zcfLYCd9H0+LW078oCDyYx9zG+DPfE7bA --> ssh-ed25519 8YSAiw RY0YR30qyJPvhy7eTJLoj2JXpH9qHP43fJaHilJykXM -E5/P0Egz/LKwEhYLYd5Cnrat47gnYn93yDSeYgLi934 --> ssh-ed25519 7cojTQ qTCTw7CjilThFLmXYph4YhVBhnk1DpnFCGwgioo/XB0 -N31nZ8nInQuddLD3b0bxI5Es/pTvTQD8nz0f/AZtNFg --> ssh-ed25519 J6tVTA 7OawDsWwtVxu76ZgF0dFclMr19sBNdtu7H+Tr7Pd+SQ -hhVKcscIKIH1WChhRo/RYqUWy1rgs/EKnlHr9uY7QrQ --> ssh-ed25519 Kl5yTQ +i2Q3uNHw1jAVH76NHy4QbjCc6sBBYjsbr7w4mLaHW4 -JOJ02zU0+IxlbXMBsW4UrvzvLUbifdzABBNL+bc0bBs ---- W40oEFdBUKbi0teNTc6B1sX0ReHDvkIJcBm1dlROnk8 -zҼCn箱e7{{N6az"EHB/BYbD \ No newline at end of file diff --git a/devShells.nix b/shells/default.nix similarity index 51% rename from devShells.nix rename to shells/default.nix index 254d604..d9eb50b 100644 --- a/devShells.nix +++ b/shells/default.nix @@ -1,13 +1,14 @@ -{ ... }: +{ inputs, ... }: { perSystem = - { pkgs, ... }: + { pkgs, system, ... }: { devShells.default = pkgs.mkShell { packages = with pkgs; [ + inputs.agenix.packages.${stdenv.hostPlatform.system}.default nil - nixfmt-rfc-style + nixfmt ]; }; }; diff --git a/terranix/baduhai.dev.nix b/terranix/baduhai.dev.nix new file mode 100644 index 0000000..cea9f22 --- /dev/null +++ b/terranix/baduhai.dev.nix @@ -0,0 +1,113 @@ +# Required environment variables: +# CLOUDFLARE_API_TOKEN - API token with "Edit zone DNS" permissions +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + +{ ... }: + +{ + perSystem = + { pkgs, ... }: + { + terranix.terranixConfigurations.cloudflare-baduhaidev = { + terraformWrapper.package = pkgs.opentofu; + modules = [ + ( + { config, lib, ... }: + + let + sharedData = import ../data/services.nix; + # Enrich services with host IPs + services = map ( + svc: + let + hostInfo = sharedData.hosts.${svc.host} or { }; + in + svc + // { + lanIP = hostInfo.lanIP or null; + tailscaleIP = hostInfo.tailscaleIP or null; + } + ) sharedData.services; + + # Helper to extract subdomain from full domain (e.g., "git.baduhai.dev" -> "git") + getSubdomain = domain: lib.head (lib.splitString "." domain); + + # Generate DNS records for services + # Public services point to trantor's public IP + # Private services point to their tailscale IP + mkServiceRecords = lib.listToAttrs ( + lib.imap0 ( + i: svc: + let + subdomain = getSubdomain svc.domain; + targetIP = + if svc.public or false then + config.data.terraform_remote_state.trantor "outputs.instance_public_ip" + else + svc.tailscaleIP; + in + { + name = "service_${toString i}"; + value = { + zone_id = config.variable.zone_id.default; + name = subdomain; + type = "A"; + content = targetIP; + proxied = false; + ttl = 3600; + }; + } + ) services + ); + in + + { + terraform.required_providers.cloudflare = { + source = "cloudflare/cloudflare"; + version = "~> 5.0"; + }; + + terraform.backend.s3 = { + bucket = "terraform-state"; + key = "cloudflare/baduhai.dev.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + + variable = { + zone_id = { + default = "c63a8332fdddc4a8e5612ddc54557044"; + type = "string"; + }; + }; + + data = { + terraform_remote_state.trantor = { + backend = "s3"; + config = { + bucket = "terraform-state"; + key = "oci/trantor.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + }; + }; + + resource.cloudflare_dns_record = mkServiceRecords; + } + ) + ]; + }; + }; +} diff --git a/terranix/kernelpanic.space.nix b/terranix/kernelpanic.space.nix new file mode 100644 index 0000000..91b615e --- /dev/null +++ b/terranix/kernelpanic.space.nix @@ -0,0 +1,20 @@ +# Cloudflare kernelpanic.space configuration placeholder +{ ... }: + +{ + perSystem = + { pkgs, ... }: + { + terranix.terranixConfigurations.cloudflare-kernelpanicspace = { + terraformWrapper.package = pkgs.opentofu; + modules = [ + ( + { config, ... }: + { + # Terraform config goes here + } + ) + ]; + }; + }; +} diff --git a/terranix/tailnet.nix b/terranix/tailnet.nix new file mode 100644 index 0000000..4e01ab9 --- /dev/null +++ b/terranix/tailnet.nix @@ -0,0 +1,57 @@ +# Required environment variables: +# TAILSCALE_API_KEY - Tailscale API key with appropriate permissions +# TAILSCALE_TAILNET - Your tailnet name (e.g., "user@example.com" or "example.org.github") +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + +{ ... }: + +{ + perSystem = + { pkgs, ... }: + { + terranix.terranixConfigurations.tailscale-tailnet = { + terraformWrapper.package = pkgs.opentofu; + modules = [ + ( + { config, ... }: + { + terraform.required_providers.tailscale = { + source = "tailscale/tailscale"; + version = "~> 0.17"; + }; + + terraform.backend.s3 = { + bucket = "terraform-state"; + key = "tailscale/tailnet.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + + variable = { + trantor_tailscale_ip = { + default = "100.108.5.90"; + type = "string"; + }; + }; + + resource = { + tailscale_dns_nameservers.global = { + nameservers = [ + config.variable.trantor_tailscale_ip.default + "1.1.1.1" + "1.0.0.1" + ]; + }; + }; + } + ) + ]; + }; + }; +} diff --git a/terranix/terminus.nix b/terranix/terminus.nix new file mode 100644 index 0000000..d7689f9 --- /dev/null +++ b/terranix/terminus.nix @@ -0,0 +1,20 @@ +# OCI Terminus configuration placeholder +{ ... }: + +{ + perSystem = + { pkgs, ... }: + { + terranix.terranixConfigurations.oci-terminus = { + terraformWrapper.package = pkgs.opentofu; + modules = [ + ( + { config, ... }: + { + # Terraform config goes here + } + ) + ]; + }; + }; +} diff --git a/terranix/trantor.nix b/terranix/trantor.nix new file mode 100644 index 0000000..5f19e22 --- /dev/null +++ b/terranix/trantor.nix @@ -0,0 +1,272 @@ +# Required environment variables: +# instead of OCI variables, ~/.oci/config may also be used +# OCI_TENANCY_OCID - Oracle tenancy OCID (or use TF_VAR_* to override variables) +# OCI_USER_OCID - Oracle user OCID +# OCI_FINGERPRINT - API key fingerprint +# OCI_PRIVATE_KEY_PATH - Path to OCI API private key +# AWS variables are required +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + +{ ... }: + +{ + perSystem = + { pkgs, ... }: + { + terranix.terranixConfigurations.oci-trantor = { + terraformWrapper.package = pkgs.opentofu; + modules = [ + ( + { config, ... }: + { + terraform.required_providers.oci = { + source = "oracle/oci"; + version = "~> 7.0"; + }; + + provider.oci.region = "sa-saopaulo-1"; + + terraform.backend.s3 = { + bucket = "terraform-state"; + key = "oci/trantor.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + + variable = { + tenancy_ocid = { + default = "ocid1.tenancy.oc1..aaaaaaaap3vfdz4piygqza6e6zqunbcuso43ddqfo3ydmpmnomidyghh7rvq"; + type = "string"; + }; + + compartment_name = { + default = "trantor"; + type = "string"; + }; + + vcn_cidr = { + default = "10.0.0.0/24"; + type = "string"; + }; + + instance_name = { + default = "trantor"; + type = "string"; + }; + + ssh_public_keys = { + default = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + ]; + type = "list(string)"; + }; + }; + + data = { + oci_identity_availability_domains.ads = { + compartment_id = config.variable.tenancy_ocid.default; + }; + + oci_core_images.ubuntu_arm = { + compartment_id = config.variable.tenancy_ocid.default; + operating_system = "Canonical Ubuntu"; + operating_system_version = "24.04"; + shape = "VM.Standard.A1.Flex"; + sort_by = "TIMECREATED"; + sort_order = "DESC"; + }; + }; + + resource = { + oci_identity_compartment.trantor = { + compartment_id = config.variable.tenancy_ocid.default; + description = "trantor infrastructure compartment"; + name = config.variable.compartment_name.default; + }; + + oci_core_vcn.vcn = { + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + cidr_blocks = [ config.variable.vcn_cidr.default ]; + display_name = "trantor-vcn"; + dns_label = "trantor"; + }; + + oci_core_internet_gateway.ig = { + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + display_name = "trantor-ig"; + enabled = true; + }; + + oci_core_route_table.rt = { + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + display_name = "trantor-rt"; + + route_rules = [ + { + network_entity_id = config.resource.oci_core_internet_gateway.ig "id"; + destination = "0.0.0.0/0"; + destination_type = "CIDR_BLOCK"; + } + ]; + }; + + oci_core_security_list.sl = { + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + display_name = "trantor-sl"; + + egress_security_rules = [ + { + destination = "0.0.0.0/0"; + protocol = "all"; + stateless = false; + } + ]; + + ingress_security_rules = [ + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 22; + max = 22; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 80; + max = 80; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 443; + max = 443; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 25565; + max = 25565; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 19132; + max = 19133; + }; + } + { + protocol = "17"; # UDP + source = "0.0.0.0/0"; + stateless = false; + udp_options = { + min = 19132; + max = 19133; + }; + } + ]; + }; + + oci_core_subnet.subnet = { + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + cidr_block = config.variable.vcn_cidr.default; + display_name = "trantor-subnet"; + dns_label = "subnet"; + route_table_id = config.resource.oci_core_route_table.rt "id"; + security_list_ids = [ (config.resource.oci_core_security_list.sl "id") ]; + prohibit_public_ip_on_vnic = false; + }; + + oci_core_instance.trantor = { + availability_domain = config.data.oci_identity_availability_domains.ads "availability_domains[0].name"; + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + display_name = config.variable.instance_name.default; + shape = "VM.Standard.A1.Flex"; + + shape_config = { + ocpus = 2; + memory_in_gbs = 12; + }; + + source_details = { + source_type = "image"; + source_id = config.data.oci_core_images.ubuntu_arm "images[0].id"; + boot_volume_size_in_gbs = 100; + }; + + create_vnic_details = { + subnet_id = config.resource.oci_core_subnet.subnet "id"; + display_name = "trantor-vnic"; + assign_public_ip = true; + hostname_label = config.variable.instance_name.default; + }; + + metadata = { + ssh_authorized_keys = builtins.concatStringsSep "\n" config.variable.ssh_public_keys.default; + }; + + preserve_boot_volume = false; + }; + + oci_budget_budget.trantor_budget = { + compartment_id = config.variable.tenancy_ocid.default; + targets = [ (config.resource.oci_identity_compartment.trantor "id") ]; + amount = 1; + reset_period = "MONTHLY"; + display_name = "trantor-budget"; + description = "Monthly budget for trantor compartment"; + target_type = "COMPARTMENT"; + }; + + oci_budget_alert_rule.daily_spend_alert = { + budget_id = config.resource.oci_budget_budget.trantor_budget "id"; + type = "ACTUAL"; + threshold = 5; + threshold_type = "PERCENTAGE"; + display_name = "daily-spend-alert"; + recipients = "baduhai@proton.me"; + description = "Alert when daily spending exceeds $0.05"; + message = "Daily spending has exceeded $0.05 in the trantor compartment"; + }; + }; + + output = { + compartment_id = { + value = config.resource.oci_identity_compartment.trantor "id"; + }; + + instance_public_ip = { + value = config.resource.oci_core_instance.trantor "public_ip"; + }; + }; + } + ) + ]; + }; + }; +} diff --git a/users/modules/btop.nix b/users/modules/btop.nix deleted file mode 100644 index c19c4bb..0000000 --- a/users/modules/btop.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ pkgs, ... }: - -{ - programs.btop = { - enable = true; - settings = { - theme_background = false; - proc_sorting = "cpu direct"; - update_ms = 500; - }; - }; -} \ No newline at end of file diff --git a/users/modules/common/bash.nix b/users/modules/common/bash.nix deleted file mode 100644 index a5a0823..0000000 --- a/users/modules/common/bash.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: - -{ - programs.bash = { - enable = true; - historyFile = "~/.cache/bash_history"; - }; -} \ No newline at end of file diff --git a/users/modules/common/fish.nix b/users/modules/common/fish.nix deleted file mode 100644 index 8de52c3..0000000 --- a/users/modules/common/fish.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ pkgs, lib, ... }: - -{ - programs.fish = { - enable = true; - interactiveShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; - loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; - plugins = [ - { - name = "bang-bang"; - src = pkgs.fetchFromGitHub { - owner = "oh-my-fish"; - repo = "plugin-bang-bang"; - rev = "f969c618301163273d0a03d002614d9a81952c1e"; - sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; - }; - } - { - name = "sponge"; - src = pkgs.fetchFromGitHub { - owner = "meaningful-ooo"; - repo = "sponge"; - rev = "384299545104d5256648cee9d8b117aaa9a6d7be"; - sha256 = "sha256-MdcZUDRtNJdiyo2l9o5ma7nAX84xEJbGFhAVhK+Zm1w="; - }; - } - { - name = "z"; - src = pkgs.fetchFromGitHub { - owner = "jethrokuan"; - repo = "z"; - rev = "85f863f20f24faf675827fb00f3a4e15c7838d76"; - sha256 = "sha256-+FUBM7CodtZrYKqU542fQD+ZDGrd2438trKM0tIESs0="; - }; - } - ]; - }; -} \ No newline at end of file diff --git a/users/modules/common/hm-cli.nix b/users/modules/common/hm-cli.nix deleted file mode 100644 index d2ed715..0000000 --- a/users/modules/common/hm-cli.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, ... }: - -{ - home = { - packages = with pkgs; [ hm-cli ]; - sessionVariables = { - HM_PATH = "/etc/nixos"; - }; - }; -} diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix deleted file mode 100644 index 1873cc7..0000000 --- a/users/modules/desktop.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ inputs, pkgs, ... }: - -{ - imports = [ inputs.dms.homeModules.dankMaterialShell.default ]; - - fonts.fontconfig.enable = true; - - programs = { - dankMaterialShell = { - enable = true; - enableVPN = false; - }; - - rio = { - enable = true; - settings = { - theme = "catppuccin-mocha"; - fonts = { - family = "FiraCode Nerd Font"; - size = 16.0; - emoji.family = "Noto Color Emoji"; - }; - confirm-before-quit = false; - window = { - width = 1121; - height = 633; - }; - }; - }; - - password-store = { - enable = true; - package = pkgs.pass-wayland; - }; - }; - - xdg.portal = { - enable = true; - xdgOpenUsePortal = true; - extraPortals = with pkgs; [ - kdePackages.xdg-desktop-portal-kde - xdg-desktop-portal-gtk - xdg-desktop-portal-gnome - ]; - }; - - gtk = { - enable = true; - gtk3.extraConfig = { - gtk-decoration-layout = "appmenu:"; - }; - gtk4.extraConfig = { - gtk-decoration-layout = "appmenu:"; - }; - }; -} diff --git a/users/modules/direnv.nix b/users/modules/direnv.nix deleted file mode 100644 index c91d0af..0000000 --- a/users/modules/direnv.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: - -{ - programs.direnv = { - enable = true; - nix-direnv.enable = true; - }; -} \ No newline at end of file diff --git a/users/modules/gaming.nix b/users/modules/gaming.nix deleted file mode 100644 index df33b11..0000000 --- a/users/modules/gaming.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: - -{ - programs.mangohud.enable = true; -} diff --git a/users/modules/helix.nix b/users/modules/helix.nix deleted file mode 100644 index b71799b..0000000 --- a/users/modules/helix.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ pkgs, ... }: - -{ - home.sessionVariables = { - EDITOR = "hx"; - }; - - programs.helix = { - enable = true; - settings = { - theme = "base16_transparent"; - editor = { - file-picker.hidden = false; - idle-timeout = 0; - line-number = "relative"; - cursor-shape = { - normal = "block"; - insert = "bar"; - select = "underline"; - }; - soft-wrap.enable = true; - auto-format = true; - indent-guides.render = true; - }; - keys.normal = { - space = { - o = "file_picker_in_current_buffer_directory"; - esc = [ - "collapse_selection" - "keep_primary_selection" - ]; - }; - }; - }; - languages = { - language = [ - { - name = "nix"; - auto-format = true; - formatter.command = "nixfmt"; - } - { - name = "typst"; - auto-format = true; - formatter.command = "typstyle -c 1000 -i"; - } - ]; - }; - }; -} \ No newline at end of file diff --git a/users/modules/obs-studio.nix b/users/modules/obs-studio.nix deleted file mode 100644 index 67e3b8b..0000000 --- a/users/modules/obs-studio.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ pkgs, ... }: - -{ - programs.obs-studio = { - enable = true; - plugins = [ - pkgs.obs-studio-plugins.obs-vkcapture - pkgs.obs-studio-plugins.obs-backgroundremoval - pkgs.obs-studio-plugins.obs-pipewire-audio-capture - ]; - }; - -} diff --git a/users/modules/starship.nix b/users/modules/starship.nix deleted file mode 100644 index 8b9a14c..0000000 --- a/users/modules/starship.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ pkgs, ... }: - -{ - programs.starship = { - enable = true; - enableBashIntegration = true; - enableFishIntegration = true; - settings = { - add_newline = false; - format = '' - $hostname$directory$git_branch$git_status$nix_shell - [ ❯ ](bold green) - ''; - right_format = "$cmd_duration$character"; - hostname = { - ssh_symbol = " "; - }; - character = { - error_symbol = "[](red)"; - success_symbol = "[󱐋](green)"; - }; - cmd_duration = { - format = "[󰄉 $duration ]($style)"; - style = "yellow"; - min_time = 500; - }; - git_branch = { - symbol = " "; - style = "purple"; - }; - git_status.style = "red"; - nix_shell = { - format = "via [$symbol$state]($style)"; - heuristic = true; - style = "blue"; - symbol = "󱄅 "; - }; - }; - }; -} \ No newline at end of file diff --git a/users/modules/tmux.nix b/users/modules/tmux.nix deleted file mode 100644 index 4268e7a..0000000 --- a/users/modules/tmux.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ pkgs, ... }: - -{ - programs.tmux = { - enable = true; - clock24 = true; - terminal = "xterm-256color"; - mouse = true; - keyMode = "vi"; - }; -} \ No newline at end of file diff --git a/users/user/git.nix b/users/user/git.nix deleted file mode 100644 index fcafc00..0000000 --- a/users/user/git.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, ... }: - -{ - programs.git = { - enable = true; - diff-so-fancy.enable = true; - userName = "William"; - userEmail = "baduhai@proton.me"; - }; -} \ No newline at end of file diff --git a/utils.nix b/utils.nix deleted file mode 100644 index f25a821..0000000 --- a/utils.nix +++ /dev/null @@ -1,190 +0,0 @@ -{ inputs, lib }: -let - inherit (inputs) - self - nixpkgs - nixpkgs-stable - home-manager - agenix - ; -in -{ - # Tag-based host configuration system - mkHost = - { - hostname, - tags ? [ ], - system ? "x86_64-linux", - extraModules ? [ ], - }: - let - # Validate that server and desktop tags are mutually exclusive - hasServer = builtins.elem "server" tags; - hasDesktop = builtins.elem "desktop" tags; - - # Always include "common" tag implicitly - allTags = - if hasServer && hasDesktop then - throw "Error: 'server' and 'desktop' tags are mutually exclusive for host '${hostname}'" - else - [ "common" ] ++ tags; - - # Choose nixpkgs based on server tag - pkgs = if builtins.elem "server" allTags then nixpkgs-stable else nixpkgs; - - # Tag-specific modules: each tag can be either: - # 1. A file: hosts/modules/${tag}.nix - # 2. A directory: hosts/modules/${tag}/*.nix (all .nix files imported) - tagModuleFiles = builtins.concatMap ( - tag: - let - filePath = ./hosts/modules/${tag}.nix; - dirPath = ./hosts/modules/${tag}; - in - # Check if it's a file first - if builtins.pathExists filePath then - [ filePath ] - # Then check if it's a directory - else if builtins.pathExists dirPath then - let - entries = builtins.readDir dirPath; - nixFiles = pkgs.lib.filterAttrs ( - name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name - ) entries; - in - map (name: dirPath + "/${name}") (builtins.attrNames nixFiles) - else - [ ] - ) allTags; - - # Automatically import all .nix files from hosts/${hostname}/ - hostModulePath = ./hosts/${hostname}; - hostModuleFiles = - if builtins.pathExists hostModulePath then - let - entries = builtins.readDir hostModulePath; - nixFiles = pkgs.lib.filterAttrs ( - name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name && name != "${hostname}.nix" - ) entries; - in - map (name: hostModulePath + "/${name}") (builtins.attrNames nixFiles) - else - [ ]; - - # Combine all modules - allModules = [ - agenix.nixosModules.default - { - networking.hostName = hostname; - nix.nixPath = [ "nixos-config=${self.outPath}/nixosConfigurations/${hostname}" ]; - nixpkgs.overlays = [ - agenix.overlays.default - self.overlays.default - ]; - } - ] - ++ tagModuleFiles - ++ hostModuleFiles - ++ extraModules; - in - pkgs.lib.nixosSystem { - inherit system; - specialArgs = { - inherit inputs; - hostTags = allTags; - }; - modules = allModules; - }; - - # Tag-based user configuration system - mkUser = - { - username, - homeDirectory ? "/home/${username}", - tags ? [ ], - extraModules ? [ ], - }: - let - pkgs = nixpkgs.legacyPackages.x86_64-linux; - - # Always include "common" tag implicitly - allTags = [ "common" ] ++ tags; - - # Tag-specific modules: each tag maps to users/modules/${tag}.nix if it exists - tagModuleFiles = builtins.concatMap ( - tag: - let - filePath = ./users/modules/${tag}.nix; - dirPath = ./users/modules/${tag}; - in - # Check if it's a file first - if builtins.pathExists filePath then - [ filePath ] - # Then check if it's a directory - else if builtins.pathExists dirPath then - let - entries = builtins.readDir dirPath; - nixFiles = pkgs.lib.filterAttrs ( - name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name - ) entries; - in - map (name: dirPath + "/${name}") (builtins.attrNames nixFiles) - else - [ ] - ) allTags; - - # Automatically import all .nix files from users/${username}/ - userModulePath = ./users/${username}; - userModuleFiles = - if builtins.pathExists userModulePath then - let - entries = builtins.readDir userModulePath; - nixFiles = pkgs.lib.filterAttrs ( - name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name - ) entries; - in - map (name: userModulePath + "/${name}") (builtins.attrNames nixFiles) - else - [ ]; - - # Combine all modules - allModules = [ - { - home = { - inherit username homeDirectory; - stateVersion = "22.05"; - }; - } - ] - ++ tagModuleFiles - ++ userModuleFiles - ++ extraModules; - in - home-manager.lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { - inherit inputs; - userTags = allTags; - }; - modules = allModules ++ [ - { - nixpkgs.overlays = [ self.overlays.default ]; - } - ]; - }; - - # Nginx virtual host utilities - mkNginxVHosts = - { - acmeHost, - domains, - }: - let - commonVHostConfig = { - useACMEHost = acmeHost; - forceSSL = true; - kTLS = true; - }; - in - lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) domains; -}