From 5edad8b9576958a8b0d39387484217089fcc9f92 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 19:59:31 -0300 Subject: [PATCH 001/206] ephemeral is now a nixosModule --- flake.nix | 1 + hosts/modules/ephemeral.nix | 37 +++++++++++++++++++ hosts/modules/ephermal.nix | 72 ------------------------------------ modules/ephemeral.nix | 74 +++++++++++++++++++++++++++++++++++++ nixosConfigurations.nix | 4 +- nixosModules.nix | 7 ++++ 6 files changed, 121 insertions(+), 74 deletions(-) create mode 100644 hosts/modules/ephemeral.nix delete mode 100644 hosts/modules/ephermal.nix create mode 100644 modules/ephemeral.nix create mode 100644 nixosModules.nix diff --git a/flake.nix b/flake.nix index 0d826a1..693b17a 100644 --- a/flake.nix +++ b/flake.nix @@ -50,6 +50,7 @@ ./devShells.nix ./homeConfigurations.nix ./nixosConfigurations.nix + ./nixosModules.nix ./overlays.nix ./packages.nix ]; diff --git a/hosts/modules/ephemeral.nix b/hosts/modules/ephemeral.nix new file mode 100644 index 0000000..a759cf4 --- /dev/null +++ b/hosts/modules/ephemeral.nix @@ -0,0 +1,37 @@ +{ inputs, ... }: + +{ + imports = [ + inputs.impermanence.nixosModules.impermanence + inputs.self.nixosModules.ephemeral + ]; + + ephemeral = { + enable = true; + rootDevice = "/dev/mapper/cryptroot"; + rootSubvolume = "@root"; + }; + + environment.persistence.main = { + persistentStoragePath = "/persistent"; + files = [ + "/etc/machine-id" + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + ]; + directories = [ + "/etc/NetworkManager/system-connections" + "/etc/nixos" + "/var/lib/bluetooth" + "/var/lib/flatpak" + "/var/lib/lxd" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + "/var/lib/systemd/timers" + "/var/lib/tailscale" + "/var/log" + ]; + }; +} diff --git a/hosts/modules/ephermal.nix b/hosts/modules/ephermal.nix deleted file mode 100644 index adaf5af..0000000 --- a/hosts/modules/ephermal.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.impermanence.nixosModules.impermanence ]; - - boot.initrd.systemd.services.recreate-root = { - description = "Rolling over and creating new filesystem root"; - requires = [ "initrd-root-device.target" ]; - after = [ - "local-fs-pre.target" - "initrd-root-device.target" - ]; - requiredBy = [ "initrd-root-fs.target" ]; - before = [ "sysroot.mount" ]; - unitConfig = { - AssertPathExists = "/etc/initrd-release"; - DefaultDependencies = false; - }; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - mkdir /btrfs_tmp - mount /dev/mapper/cryptroot /btrfs_tmp - - if [[ -e /btrfs_tmp/@root ]]; then - mkdir -p /btrfs_tmp/old_roots - timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/@root)" "+%Y-%m-%-d_%H:%M:%S") - mv /btrfs_tmp/@root "/btrfs_tmp/old_roots/$timestamp" - fi - - delete_subvolume_recursively() { - IFS=$'\n' - for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do - delete_subvolume_recursively "/btrfs_tmp/$i" - done - btrfs subvolume delete "$1" - } - - for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do - delete_subvolume_recursively "$i" - done - - btrfs subvolume create /btrfs_tmp/@root - umount /btrfs_tmp - ''; - }; - - environment.persistence.main = { - persistentStoragePath = "/persistent"; - files = [ - "/etc/machine-id" - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_rsa_key.pub" - ]; - directories = [ - "/etc/NetworkManager/system-connections" - "/etc/nixos" - "/var/lib/bluetooth" - "/var/lib/flatpak" - "/var/lib/lxd" - "/var/lib/nixos" - "/var/lib/systemd/coredump" - "/var/lib/systemd/timers" - "/var/lib/tailscale" - "/var/log" - ]; - }; -} diff --git a/modules/ephemeral.nix b/modules/ephemeral.nix new file mode 100644 index 0000000..be6fc6b --- /dev/null +++ b/modules/ephemeral.nix @@ -0,0 +1,74 @@ +{ lib, config, ... }: + +let + cfg = config.ephemeral; +in +{ + options.ephemeral = { + enable = lib.mkEnableOption "ephemeral root with automatic rollback"; + + rootDevice = lib.mkOption { + type = lib.types.str; + example = "/dev/mapper/cryptroot"; + description = "Device path for the root btrfs filesystem"; + }; + + rootSubvolume = lib.mkOption { + type = lib.types.str; + example = "@root"; + description = "Name of the root btrfs subvolume"; + }; + + oldRootRetentionDays = lib.mkOption { + type = lib.types.int; + default = 30; + description = "Number of days to keep old root snapshots before deletion"; + }; + }; + + config = lib.mkIf cfg.enable { + boot.initrd.systemd.services.recreate-root = { + description = "Rolling over and creating new filesystem root"; + requires = [ "initrd-root-device.target" ]; + after = [ + "local-fs-pre.target" + "initrd-root-device.target" + ]; + requiredBy = [ "initrd-root-fs.target" ]; + before = [ "sysroot.mount" ]; + unitConfig = { + AssertPathExists = "/etc/initrd-release"; + DefaultDependencies = false; + }; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + mkdir /btrfs_tmp + mount ${cfg.rootDevice} /btrfs_tmp + + if [[ -e /btrfs_tmp/${cfg.rootSubvolume} ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/${cfg.rootSubvolume})" "+%Y-%m-%-d_%H:%M:%S") + mv /btrfs_tmp/${cfg.rootSubvolume} "/btrfs_tmp/old_roots/$timestamp" + fi + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +${toString cfg.oldRootRetentionDays}); do + delete_subvolume_recursively "$i" + done + + btrfs subvolume create /btrfs_tmp/${cfg.rootSubvolume} + umount /btrfs_tmp + ''; + }; + }; +} diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index 65a9e14..6c9cfb9 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -11,7 +11,7 @@ in "desktop" "bluetooth" "dev" - "ephermal" + "ephemeral" "fwupd" "gaming" "libvirtd" @@ -26,7 +26,7 @@ in "desktop" "bluetooth" "dev" - "ephermal" + "ephemeral" "networkmanager" "podman" ]; diff --git a/nixosModules.nix b/nixosModules.nix new file mode 100644 index 0000000..5fd416b --- /dev/null +++ b/nixosModules.nix @@ -0,0 +1,7 @@ +{ ... }: + +{ + flake.nixosModules = { + ephemeral = import ./modules/ephemeral.nix; + }; +} From 4b5426885c87d4675e49cae2b454ef9339b86440 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 20:02:47 -0300 Subject: [PATCH 002/206] added null check to hm-cli --- packages/hm-cli.nix | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/packages/hm-cli.nix b/packages/hm-cli.nix index ef3ec30..614f287 100644 --- a/packages/hm-cli.nix +++ b/packages/hm-cli.nix @@ -23,9 +23,9 @@ pkgs.writeShellScriptBin "hm" '' Environment Variables: HM_PATH Override default flake path (~/.config/home-manager) - Currently set to "$(echo $HM_PATH)" + Currently set to "''${HM_PATH:-}" HM_USER Override default user output ("$(whoami)@$(hostname)") - Currently set to "$(echo $HM_USER)" + Currently set to "''${HM_USER:-}" EOF } @@ -58,10 +58,14 @@ pkgs.writeShellScriptBin "hm" '' "$HM" remove-generations "$@" ;; rollback) - "$HM" generations | \ + PREV_GEN=$("$HM" generations | \ sed -n 's/^[[:space:]]*id \([0-9]\+\).*/\1/p' | \ - head -n 2 | tail -n 1 | \ - xargs -I {} "$HM" switch --flake "$FLAKE_PATH" --switch-generation {} + head -n 2 | tail -n 1) + if [[ -z "$PREV_GEN" ]]; then + echo "Error: could not determine previous generation (possibly only one generation exists)" + exit 1 + fi + "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$PREV_GEN" ;; switch) if [[ $# -ne 3 ]]; then From d655099d76de16c93302fabaae1ef7e3584b547d Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 20:07:51 -0300 Subject: [PATCH 003/206] added error handling to ephemeral.nix --- modules/ephemeral.nix | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/modules/ephemeral.nix b/modules/ephemeral.nix index be6fc6b..7403aac 100644 --- a/modules/ephemeral.nix +++ b/modules/ephemeral.nix @@ -45,8 +45,13 @@ in RemainAfterExit = true; }; script = '' + set -euo pipefail + mkdir /btrfs_tmp - mount ${cfg.rootDevice} /btrfs_tmp + if ! mount ${cfg.rootDevice} /btrfs_tmp; then + echo "ERROR: Failed to mount ${cfg.rootDevice}" + exit 1 + fi if [[ -e /btrfs_tmp/${cfg.rootSubvolume} ]]; then mkdir -p /btrfs_tmp/old_roots @@ -66,7 +71,12 @@ in delete_subvolume_recursively "$i" done - btrfs subvolume create /btrfs_tmp/${cfg.rootSubvolume} + if ! btrfs subvolume create /btrfs_tmp/${cfg.rootSubvolume}; then + echo "ERROR: Failed to create subvolume ${cfg.rootSubvolume}" + umount /btrfs_tmp + exit 1 + fi + umount /btrfs_tmp ''; }; From 8ebab3907ff5e43ab77b9e7714e715df288bf3cd Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 20:10:06 -0300 Subject: [PATCH 004/206] moved kwrite to its own package definition --- hosts/modules/desktop/desktop.nix | 15 --------------- overlays.nix | 1 + packages.nix | 1 + packages/kwrite.nix | 15 +++++++++++++++ 4 files changed, 17 insertions(+), 15 deletions(-) create mode 100644 packages/kwrite.nix diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 2afd7ea..f4c4570 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -5,21 +5,6 @@ ... }: -let - kwrite = pkgs.symlinkJoin { - name = "kwrite"; - paths = [ pkgs.kdePackages.kate ]; - postBuild = '' - rm -rf $out/bin/kate \ - $out/bin/.kate-wrapped \ - $out/share/applications/org.kde.kate.desktop \ - $out/share/man \ - $out/share/icons/hicolor/*/apps/kate.png \ - $out/share/icons/hicolor/scalable/apps/kate.svg \ - $out/share/appdata/org.kde.kate.appdata.xml - ''; - }; -in { imports = [ inputs.nix-flatpak.nixosModules.nix-flatpak ]; diff --git a/overlays.nix b/overlays.nix index a5ba76c..5e83cc5 100644 --- a/overlays.nix +++ b/overlays.nix @@ -5,6 +5,7 @@ default = final: prev: { toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; hm-cli = inputs.self.packages.${final.system}.hm-cli; + kwrite = inputs.self.packages.${final.system}.kwrite; }; }; } diff --git a/packages.nix b/packages.nix index e83ad26..cb17332 100644 --- a/packages.nix +++ b/packages.nix @@ -7,6 +7,7 @@ packages = { toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; hm-cli = pkgs.callPackage ./packages/hm-cli.nix { }; + kwrite = pkgs.callPackage ./packages/kwrite.nix { }; }; }; } diff --git a/packages/kwrite.nix b/packages/kwrite.nix new file mode 100644 index 0000000..14ebce1 --- /dev/null +++ b/packages/kwrite.nix @@ -0,0 +1,15 @@ +{ pkgs }: + +pkgs.symlinkJoin { + name = "kwrite"; + paths = [ pkgs.kdePackages.kate ]; + postBuild = '' + rm -rf $out/bin/kate \ + $out/bin/.kate-wrapped \ + $out/share/applications/org.kde.kate.desktop \ + $out/share/man \ + $out/share/icons/hicolor/*/apps/kate.png \ + $out/share/icons/hicolor/scalable/apps/kate.svg \ + $out/share/appdata/org.kde.kate.appdata.xml + ''; +} From edd0b5ca9cd7ed69521d6cd984f099187c9fb1d7 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 20:15:11 -0300 Subject: [PATCH 005/206] remove fish plugin sponge; updated fish plugin z --- users/modules/common/fish.nix | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/users/modules/common/fish.nix b/users/modules/common/fish.nix index 8de52c3..d95db24 100644 --- a/users/modules/common/fish.nix +++ b/users/modules/common/fish.nix @@ -15,24 +15,15 @@ sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; }; } - { - name = "sponge"; - src = pkgs.fetchFromGitHub { - owner = "meaningful-ooo"; - repo = "sponge"; - rev = "384299545104d5256648cee9d8b117aaa9a6d7be"; - sha256 = "sha256-MdcZUDRtNJdiyo2l9o5ma7nAX84xEJbGFhAVhK+Zm1w="; - }; - } { name = "z"; src = pkgs.fetchFromGitHub { owner = "jethrokuan"; repo = "z"; - rev = "85f863f20f24faf675827fb00f3a4e15c7838d76"; - sha256 = "sha256-+FUBM7CodtZrYKqU542fQD+ZDGrd2438trKM0tIESs0="; + rev = "067e867debee59aee231e789fc4631f80fa5788e"; + sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU="; }; } ]; }; -} \ No newline at end of file +} From f62f34e98faa66a4b39852264fe70ba1fa374f51 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 20:31:20 -0300 Subject: [PATCH 006/206] fix warnings --- hosts/modules/desktop/desktop.nix | 2 +- users/modules/desktop.nix | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index f4c4570..b046031 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -74,7 +74,7 @@ enable = true; settings = { default_session = { - command = "${lib.getExe pkgs.greetd.tuigreet} --time --remember --asterisks --cmd ${lib.getExe pkgs.niri}"; + command = "${lib.getExe pkgs.tuigreet} --time --remember --asterisks --cmd ${lib.getExe pkgs.niri}"; user = "greeter"; }; initial_session = { diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix index 1873cc7..f7d35d0 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop.nix @@ -42,6 +42,7 @@ xdg-desktop-portal-gtk xdg-desktop-portal-gnome ]; + config = "*"; }; gtk = { From 5e686f5bfff1452309acce1f4c063903d4323b1b Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 20:32:40 -0300 Subject: [PATCH 007/206] fix xdg portal config --- users/modules/desktop.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix index f7d35d0..8d62aa4 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop.nix @@ -42,7 +42,7 @@ xdg-desktop-portal-gtk xdg-desktop-portal-gnome ]; - config = "*"; + config.common.default = "*"; }; gtk = { From d8661561ef8ad4b675cab30582f9d5be96fcb8c4 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 20:42:00 -0300 Subject: [PATCH 008/206] minor changes to starship --- users/modules/starship.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/users/modules/starship.nix b/users/modules/starship.nix index 8b9a14c..1147f48 100644 --- a/users/modules/starship.nix +++ b/users/modules/starship.nix @@ -13,10 +13,10 @@ ''; right_format = "$cmd_duration$character"; hostname = { - ssh_symbol = " "; + ssh_symbol = "󰖟 "; }; character = { - error_symbol = "[](red)"; + error_symbol = "[](red)"; success_symbol = "[󱐋](green)"; }; cmd_duration = { @@ -37,4 +37,4 @@ }; }; }; -} \ No newline at end of file +} From 9d2804674717475b57307b443ac103817c85368e Mon Sep 17 00:00:00 2001 From: William Date: Wed, 15 Oct 2025 21:37:53 -0300 Subject: [PATCH 009/206] starship symbols --- users/modules/desktop.nix | 5 +++++ users/modules/starship.nix | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix index 8d62aa4..b482894 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop.nix @@ -28,6 +28,11 @@ }; }; + ghostty = { + enable = true; + enableFishIntegration = true; + enableBashIntegration = true; + }; password-store = { enable = true; package = pkgs.pass-wayland; diff --git a/users/modules/starship.nix b/users/modules/starship.nix index 1147f48..c836c51 100644 --- a/users/modules/starship.nix +++ b/users/modules/starship.nix @@ -25,7 +25,7 @@ min_time = 500; }; git_branch = { - symbol = " "; + symbol = " "; style = "purple"; }; git_status.style = "red"; From 79ee8905cd80f35d34411c46142c98555ec17bd5 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 09:47:43 -0300 Subject: [PATCH 010/206] some new stuff in gitignore --- .gitignore | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 2a47a91..928efae 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,10 @@ -result/ +# Nix build outputs result +result-* .direnv/ -.pre-commit-config.yaml + +# Personal notes and temporary files +todo.md +notes.md +scratch/ +tmp/ From 02eb626d336c933d92cfabd24aaaa431c367444c Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 10:03:29 -0300 Subject: [PATCH 011/206] ghostty settings in hm --- users/modules/desktop.nix | 29 ++++++++++++----------------- 1 file changed, 12 insertions(+), 17 deletions(-) diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix index b482894..b2661bf 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop.nix @@ -11,27 +11,22 @@ enableVPN = false; }; - rio = { - enable = true; - settings = { - theme = "catppuccin-mocha"; - fonts = { - family = "FiraCode Nerd Font"; - size = 16.0; - emoji.family = "Noto Color Emoji"; - }; - confirm-before-quit = false; - window = { - width = 1121; - height = 633; - }; - }; - }; - ghostty = { enable = true; enableFishIntegration = true; enableBashIntegration = true; + settings = { + cursor-style = "block"; + shell-integration-features = "no-cursor"; + cursor-style-blink = false; + custom-shader = "${builtins.fetchurl { + url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; + sha256 = "sha256-0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; + }}"; + theme = "Banana Blueberry"; + window-theme = "ghostty"; + bell-features = "border"; + }; }; password-store = { enable = true; From ecb290a98984d24dc1f3f49f9e622f71f037f7a8 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 10:14:47 -0300 Subject: [PATCH 012/206] renamed mkUser to mkHome --- homeConfigurations.nix | 6 +++--- utils.nix | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/homeConfigurations.nix b/homeConfigurations.nix index 3d3a950..7f50059 100644 --- a/homeConfigurations.nix +++ b/homeConfigurations.nix @@ -1,11 +1,11 @@ { inputs, ... }: let utils = import ./utils.nix { inherit inputs; }; - inherit (utils) mkUser; + inherit (utils) mkHome; in { flake.homeConfigurations = { - "user@rotterdam" = mkUser { + "user@rotterdam" = mkHome { username = "user"; tags = [ "btop" @@ -19,7 +19,7 @@ in ]; }; - "user@io" = mkUser { + "user@io" = mkHome { username = "user"; tags = [ "btop" diff --git a/utils.nix b/utils.nix index e56e3c2..0e51125 100644 --- a/utils.nix +++ b/utils.nix @@ -97,7 +97,7 @@ in }; # Tag-based user configuration system - mkUser = + mkHome = { username, homeDirectory ? "/home/${username}", From 9c909ba079e048ffab455ddb1c41d411f28791d5 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 10:30:05 -0300 Subject: [PATCH 013/206] hm-cli now backups files before applying --- packages/hm-cli.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/hm-cli.nix b/packages/hm-cli.nix index 614f287..f6034ea 100644 --- a/packages/hm-cli.nix +++ b/packages/hm-cli.nix @@ -36,7 +36,7 @@ pkgs.writeShellScriptBin "hm" '' case "$1" in apply) - "$HM" switch --flake "$FLAKE_PATH#$FLAKE_OUTPUT" + "$HM" switch --flake "$FLAKE_PATH#$FLAKE_OUTPUT" -b bkp ;; generation) if [[ $# -lt 2 ]]; then @@ -65,14 +65,14 @@ pkgs.writeShellScriptBin "hm" '' echo "Error: could not determine previous generation (possibly only one generation exists)" exit 1 fi - "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$PREV_GEN" + "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$PREV_GEN" -b bkp ;; switch) if [[ $# -ne 3 ]]; then echo "Error: switch requires exactly one generation ID" exit 1 fi - "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$3" + "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$3" -b bkp ;; cleanup) CURRENT_GEN=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .* (current)$/\1/p') From 3f2672e4689943dabdacbd6ae626a62f14f5ac28 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 10:31:25 -0300 Subject: [PATCH 014/206] ghostty shader --- users/modules/desktop.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix index b2661bf..e914cc0 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop.nix @@ -13,15 +13,13 @@ ghostty = { enable = true; - enableFishIntegration = true; - enableBashIntegration = true; settings = { cursor-style = "block"; shell-integration-features = "no-cursor"; cursor-style-blink = false; custom-shader = "${builtins.fetchurl { url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; - sha256 = "sha256-0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; + sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; }}"; theme = "Banana Blueberry"; window-theme = "ghostty"; From 8e5a0ff6206197f347e35d48ed3304871dbdd842 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 11:44:11 -0300 Subject: [PATCH 015/206] stylix on hm --- flake.lock | 310 +++++++++++++++++++++++++++++++++++- flake.nix | 2 + homeConfigurations.nix | 2 + overlays.nix | 1 + packages.nix | 1 + packages/base16-schemes.nix | 32 ++++ users/modules/desktop.nix | 3 +- users/modules/helix.nix | 5 +- users/modules/stylix.nix | 57 +++++++ 9 files changed, 407 insertions(+), 6 deletions(-) create mode 100644 packages/base16-schemes.nix create mode 100644 users/modules/stylix.nix diff --git a/flake.lock b/flake.lock index b19b2ca..17a379b 100644 --- a/flake.lock +++ b/flake.lock @@ -23,6 +23,74 @@ "type": "github" } }, + "base16": { + "inputs": { + "fromYaml": "fromYaml" + }, + "locked": { + "lastModified": 1755819240, + "narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=", + "owner": "SenchoPens", + "repo": "base16.nix", + "rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "base16.nix", + "type": "github" + } + }, + "base16-fish": { + "flake": false, + "locked": { + "lastModified": 1754405784, + "narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=", + "owner": "tomyun", + "repo": "base16-fish", + "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", + "type": "github" + }, + "original": { + "owner": "tomyun", + "repo": "base16-fish", + "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", + "type": "github" + } + }, + "base16-helix": { + "flake": false, + "locked": { + "lastModified": 1752979451, + "narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=", + "owner": "tinted-theming", + "repo": "base16-helix", + "rev": "27cf1e66e50abc622fb76a3019012dc07c678fac", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-helix", + "type": "github" + } + }, + "base16-vim": { + "flake": false, + "locked": { + "lastModified": 1732806396, + "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -131,6 +199,22 @@ "type": "github" } }, + "firefox-gnome-theme": { + "flake": false, + "locked": { + "lastModified": 1758112371, + "narHash": "sha256-lizRM2pj6PHrR25yimjyFn04OS4wcdbc38DCdBVa2rk=", + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "rev": "0909cfe4a2af8d358ad13b20246a350e14c2473d", + "type": "github" + }, + "original": { + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -165,6 +249,27 @@ "type": "github" } }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "4524271976b625a4a605beefd893f270620fd751", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems_2" @@ -183,6 +288,39 @@ "type": "github" } }, + "fromYaml": { + "flake": false, + "locked": { + "lastModified": 1731966426, + "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", + "owner": "SenchoPens", + "repo": "fromYaml", + "rev": "106af9e2f715e2d828df706c386a685698f3223b", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "fromYaml", + "type": "github" + } + }, + "gnome-shell": { + "flake": false, + "locked": { + "lastModified": 1748186689, + "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", + "owner": "GNOME", + "repo": "gnome-shell", + "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", + "type": "github" + }, + "original": { + "owner": "GNOME", + "ref": "48.2", + "repo": "gnome-shell", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -397,6 +535,47 @@ "type": "github" } }, + "nixpkgs_4": { + "locked": { + "lastModified": 1760524057, + "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nur": { + "inputs": { + "flake-parts": [ + "stylix", + "flake-parts" + ], + "nixpkgs": [ + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758998580, + "narHash": "sha256-VLx0z396gDCGSiowLMFz5XRO/XuNV+4EnDYjdJhHvUk=", + "owner": "nix-community", + "repo": "NUR", + "rev": "ba8d9c98f5f4630bcb0e815ab456afd90c930728", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, "quickshell": { "inputs": { "nixpkgs": [ @@ -430,7 +609,8 @@ "nix-flatpak": "nix-flatpak", "nixos-cli": "nixos-cli", "nixpkgs": "nixpkgs_3", - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs-stable": "nixpkgs-stable", + "stylix": "stylix" } }, "rust-overlay": { @@ -455,6 +635,38 @@ "type": "github" } }, + "stylix": { + "inputs": { + "base16": "base16", + "base16-fish": "base16-fish", + "base16-helix": "base16-helix", + "base16-vim": "base16-vim", + "firefox-gnome-theme": "firefox-gnome-theme", + "flake-parts": "flake-parts_2", + "gnome-shell": "gnome-shell", + "nixpkgs": "nixpkgs_4", + "nur": "nur", + "systems": "systems_3", + "tinted-foot": "tinted-foot", + "tinted-kitty": "tinted-kitty", + "tinted-schemes": "tinted-schemes", + "tinted-tmux": "tinted-tmux", + "tinted-zed": "tinted-zed" + }, + "locked": { + "lastModified": 1760472212, + "narHash": "sha256-4C3I/ssFsq8EgaUmZP0xv5V7RV0oCHgL/Rx+MUkuE+E=", + "owner": "danth", + "repo": "stylix", + "rev": "8d008296a1b3be9b57ad570f7acea00dd2fc92db", + "type": "github" + }, + "original": { + "owner": "danth", + "repo": "stylix", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -484,6 +696,102 @@ "repo": "default", "type": "github" } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "tinted-foot": { + "flake": false, + "locked": { + "lastModified": 1726913040, + "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + } + }, + "tinted-kitty": { + "flake": false, + "locked": { + "lastModified": 1735730497, + "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", + "owner": "tinted-theming", + "repo": "tinted-kitty", + "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-kitty", + "type": "github" + } + }, + "tinted-schemes": { + "flake": false, + "locked": { + "lastModified": 1757716333, + "narHash": "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM=", + "owner": "tinted-theming", + "repo": "schemes", + "rev": "317a5e10c35825a6c905d912e480dfe8e71c7559", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "schemes", + "type": "github" + } + }, + "tinted-tmux": { + "flake": false, + "locked": { + "lastModified": 1757811970, + "narHash": "sha256-n5ZJgmzGZXOD9pZdAl1OnBu3PIqD+X3vEBUGbTi4JiI=", + "owner": "tinted-theming", + "repo": "tinted-tmux", + "rev": "d217ba31c846006e9e0ae70775b0ee0f00aa6b1e", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-tmux", + "type": "github" + } + }, + "tinted-zed": { + "flake": false, + "locked": { + "lastModified": 1757811247, + "narHash": "sha256-4EFOUyLj85NRL3OacHoLGEo0wjiRJzfsXtR4CZWAn6w=", + "owner": "tinted-theming", + "repo": "base16-zed", + "rev": "824fe0aacf82b3c26690d14e8d2cedd56e18404e", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-zed", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 693b17a..d74d9ba 100644 --- a/flake.nix +++ b/flake.nix @@ -31,6 +31,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + stylix.url = "github:danth/stylix"; + nixos-cli.url = "github:nix-community/nixos-cli"; nix-flatpak.url = "github:gmodena/nix-flatpak/main"; diff --git a/homeConfigurations.nix b/homeConfigurations.nix index 7f50059..db44b76 100644 --- a/homeConfigurations.nix +++ b/homeConfigurations.nix @@ -15,6 +15,7 @@ in "helix" "obs-studio" "starship" + "stylix" "tmux" ]; }; @@ -27,6 +28,7 @@ in "direnv" "helix" "starship" + "stylix" "tmux" ]; }; diff --git a/overlays.nix b/overlays.nix index 5e83cc5..2732f0e 100644 --- a/overlays.nix +++ b/overlays.nix @@ -6,6 +6,7 @@ toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; hm-cli = inputs.self.packages.${final.system}.hm-cli; kwrite = inputs.self.packages.${final.system}.kwrite; + base16-schemes = inputs.self.packages.${final.system}.base16-schemes; }; }; } diff --git a/packages.nix b/packages.nix index cb17332..2cd7661 100644 --- a/packages.nix +++ b/packages.nix @@ -8,6 +8,7 @@ toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; hm-cli = pkgs.callPackage ./packages/hm-cli.nix { }; kwrite = pkgs.callPackage ./packages/kwrite.nix { }; + base16-schemes = pkgs.callPackage ./packages/base16-schemes.nix { }; }; }; } diff --git a/packages/base16-schemes.nix b/packages/base16-schemes.nix new file mode 100644 index 0000000..ffd6c04 --- /dev/null +++ b/packages/base16-schemes.nix @@ -0,0 +1,32 @@ +{ + lib, + stdenv, + fetchFromGitHub, +}: +stdenv.mkDerivation (finalAttrs: { + pname = "base16-schemes"; + version = "0-unstable-2025-06-04"; + + src = fetchFromGitHub { + owner = "tinted-theming"; + repo = "schemes"; + rev = "317a5e10c35825a6c905d912e480dfe8e71c7559"; + hash = "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM="; + }; + + installPhase = '' + runHook preInstall + + mkdir -p $out/share/themes/ + install base16/*.yaml $out/share/themes/ + + runHook postInstall + ''; + + meta = { + description = "All the color schemes for use in base16 packages"; + homepage = "https://github.com/tinted-theming/schemes"; + maintainers = [ lib.maintainers.DamienCassou ]; + license = lib.licenses.mit; + }; +}) diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix index e914cc0..a1f8df1 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop.nix @@ -21,9 +21,8 @@ url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; }}"; - theme = "Banana Blueberry"; - window-theme = "ghostty"; bell-features = "border"; + keybind = [ "shift+enter=esc:\\x1b[13;2u" ]; }; }; password-store = { diff --git a/users/modules/helix.nix b/users/modules/helix.nix index b71799b..e6e1cd1 100644 --- a/users/modules/helix.nix +++ b/users/modules/helix.nix @@ -8,13 +8,12 @@ programs.helix = { enable = true; settings = { - theme = "base16_transparent"; editor = { file-picker.hidden = false; idle-timeout = 0; line-number = "relative"; cursor-shape = { - normal = "block"; + normal = "bar"; insert = "bar"; select = "underline"; }; @@ -47,4 +46,4 @@ ]; }; }; -} \ No newline at end of file +} diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix new file mode 100644 index 0000000..5ab0431 --- /dev/null +++ b/users/modules/stylix.nix @@ -0,0 +1,57 @@ +{ + config, + inputs, + pkgs, + ... +}: + +{ + imports = [ inputs.stylix.homeModules.stylix ]; + + stylix = { + enable = true; + polarity = "dark"; + base16Scheme = "${pkgs.base16-schemes}/share/themes/hardhacker.yaml"; + cursor = { + package = pkgs.kdePackages.breeze-icons; + name = "Breeze_Light"; + size = 24; + }; + icons = { + enable = true; + package = pkgs.morewaita-icon-theme; + light = "adwaita"; + dark = "adwaita-dark"; + }; + opacity = { + applications = 1.0; + desktop = 0.8; + popups = config.stylix.opacity.desktop; + terminal = 1.0; + }; + fonts = { + serif = { + package = pkgs.source-serif; + name = "Source Serif 4 Display"; + }; + sansSerif = { + package = pkgs.inter; + name = "Inter"; + }; + monospace = { + package = pkgs.nerd-fonts.fira-code; + name = "FiraCode Nerd Font"; + }; + emoji = { + package = pkgs.noto-fonts-emoji; + name = "Noto Color Emoji"; + }; + sizes = { + applications = 10; + desktop = config.stylix.fonts.sizes.applications; + popups = config.stylix.fonts.sizes.applications; + terminal = 12; + }; + }; + }; +} From a34c15d72fbd21d5b4eebfcc2bc70930a022816b Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 13:44:52 -0300 Subject: [PATCH 016/206] stylix and zen-browser --- flake.lock | 59 +++++++++++++++++++- flake.nix | 2 + hosts/modules/desktop/desktop.nix | 89 ++++++++++++++----------------- users/modules/desktop.nix | 12 +++-- users/modules/helix.nix | 2 +- users/modules/stylix.nix | 4 ++ 6 files changed, 114 insertions(+), 54 deletions(-) diff --git a/flake.lock b/flake.lock index 17a379b..e319173 100644 --- a/flake.lock +++ b/flake.lock @@ -384,6 +384,27 @@ "type": "github" } }, + "home-manager_3": { + "inputs": { + "nixpkgs": [ + "zen-browser", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1752603129, + "narHash": "sha256-S+wmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR+kw=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "e8c19a3cec2814c754f031ab3ae7316b64da085b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "impermanence": { "locked": { "lastModified": 1737831083, @@ -551,6 +572,22 @@ "type": "github" } }, + "nixpkgs_5": { + "locked": { + "lastModified": 1755615617, + "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "20075955deac2583bb12f07151c2df830ef346b4", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nur": { "inputs": { "flake-parts": [ @@ -610,7 +647,8 @@ "nixos-cli": "nixos-cli", "nixpkgs": "nixpkgs_3", "nixpkgs-stable": "nixpkgs-stable", - "stylix": "stylix" + "stylix": "stylix", + "zen-browser": "zen-browser" } }, "rust-overlay": { @@ -792,6 +830,25 @@ "repo": "base16-zed", "type": "github" } + }, + "zen-browser": { + "inputs": { + "home-manager": "home-manager_3", + "nixpkgs": "nixpkgs_5" + }, + "locked": { + "lastModified": 1760588585, + "narHash": "sha256-NufqXao2i6d7N1HFKp8hM8XAD8Q6s/zU2wNd065Ybus=", + "owner": "0xc000022070", + "repo": "zen-browser-flake", + "rev": "5a651a6a3bb5c9bd694adbd2c34f55b4abff9a2c", + "type": "github" + }, + "original": { + "owner": "0xc000022070", + "repo": "zen-browser-flake", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index d74d9ba..4ec8da1 100644 --- a/flake.nix +++ b/flake.nix @@ -37,6 +37,8 @@ nix-flatpak.url = "github:gmodena/nix-flatpak/main"; + zen-browser.url = "github:0xc000022070/zen-browser-flake"; + impermanence.url = "github:nix-community/impermanence"; }; diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index b046031..5012d7e 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -13,52 +13,46 @@ KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland }; - systemPackages = - with pkgs; - [ - ### Web ### - bitwarden-desktop - brave - tor-browser - qbittorrent - vesktop - ### Office & Productivity ### - aspell - aspellDicts.de - aspellDicts.en - aspellDicts.en-computers - aspellDicts.pt_BR - kwrite - libreoffice-qt - onlyoffice-desktopeditors - rnote - ### Graphics & Design ### - gimp - inkscape - plasticity - ### System Utilities ### - adwaita-icon-theme - colloid-gtk-theme - junction - kara - kde-rounded-corners - libfido2 - mission-center - p7zip - rclone - toggleaudiosink - unrar - ### Media ### - mpv - obs-studio - qview - ] - ++ (with pkgs.kdePackages; [ - ark - dolphin - dolphin-plugins - kolourpaint - ]); + systemPackages = with pkgs; [ + ### Web ### + bitwarden-desktop + brave + tor-browser + qbittorrent + vesktop + inputs.zen-browser.packages."${system}".default + ### Office & Productivity ### + aspell + aspellDicts.de + aspellDicts.en + aspellDicts.en-computers + aspellDicts.pt_BR + libreoffice + onlyoffice-desktopeditors + papers + rnote + ### Graphics & Design ### + gimp + inkscape + loupe + plasticity + ### System Utilities ### + adwaita-icon-theme + ghostty + gnome-disk-utility + junction + libfido2 + mission-center + nautilus + p7zip + rclone + toggleaudiosink + unrar + ### Media ### + mpv + obs-studio + qview + ]; }; services = { @@ -86,8 +80,6 @@ flatpak = { enable = true; packages = [ - ### Internet Browsers & Communication ### - "app.zen_browser.zen" ### Graphics & Design ### "com.boxy_svg.BoxySVG" rec { @@ -121,7 +113,6 @@ niri.enable = true; dconf.enable = true; kdeconnect.enable = true; - partition-manager.enable = true; appimage = { enable = true; binfmt = true; diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix index a1f8df1..3f7545a 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop.nix @@ -1,7 +1,10 @@ { inputs, pkgs, ... }: { - imports = [ inputs.dms.homeModules.dankMaterialShell.default ]; + imports = [ + inputs.dms.homeModules.dankMaterialShell.default + inputs.zen-browser.homeModules.beta + ]; fonts.fontconfig.enable = true; @@ -11,6 +14,11 @@ enableVPN = false; }; + zen-browser = { + enable = true; + profiles.william = { }; + }; + ghostty = { enable = true; settings = { @@ -35,9 +43,7 @@ enable = true; xdgOpenUsePortal = true; extraPortals = with pkgs; [ - kdePackages.xdg-desktop-portal-kde xdg-desktop-portal-gtk - xdg-desktop-portal-gnome ]; config.common.default = "*"; }; diff --git a/users/modules/helix.nix b/users/modules/helix.nix index e6e1cd1..a72ead3 100644 --- a/users/modules/helix.nix +++ b/users/modules/helix.nix @@ -13,7 +13,7 @@ idle-timeout = 0; line-number = "relative"; cursor-shape = { - normal = "bar"; + normal = "underline"; insert = "bar"; select = "underline"; }; diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix index 5ab0431..1c3712a 100644 --- a/users/modules/stylix.nix +++ b/users/modules/stylix.nix @@ -53,5 +53,9 @@ terminal = 12; }; }; + targets.zen-browser = { + enable = true; + profileNames = [ "william" ]; + }; }; } From b03a6f141046f6b1dc204fe305cc64c4d610c36a Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 14:28:08 -0300 Subject: [PATCH 017/206] nextcloud in; radicale+rclone out --- hosts/alexandria/nextcloud.nix | 91 ++++++++++++++++++++++++++++++ hosts/alexandria/nginx.nix | 27 ++------- hosts/alexandria/radicale.nix | 17 ------ hosts/alexandria/rclone-webdav.nix | 82 --------------------------- secrets/nextcloud-adminpass.age | 13 +++++ secrets/nextcloud-secrets.json.age | 13 +++++ 6 files changed, 122 insertions(+), 121 deletions(-) create mode 100644 hosts/alexandria/nextcloud.nix delete mode 100644 hosts/alexandria/radicale.nix delete mode 100644 hosts/alexandria/rclone-webdav.nix create mode 100644 secrets/nextcloud-adminpass.age create mode 100644 secrets/nextcloud-secrets.json.age diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix new file mode 100644 index 0000000..4392323 --- /dev/null +++ b/hosts/alexandria/nextcloud.nix @@ -0,0 +1,91 @@ +{ + lib, + config, + pkgs, + ... +}: + +{ + services = { + nextcloud = { + enable = true; + package = pkgs.nextcloud30; + datadir = "/data/nextcloud"; + hostName = "cloud.baduhai.dev"; + configureRedis = true; + https = true; + autoUpdateApps.enable = true; + secretFile = config.age.secrets."nextcloud-secrets.json".path; + database.createLocally = true; + maxUploadSize = "16G"; + caching = { + apcu = true; + redis = true; + }; + settings = { + trusted_proxies = [ "127.0.0.1" ]; + default_phone_region = "BR"; + maintenance_window_start = "4"; + enabledPreviewProviders = [ + "OC\\Preview\\BMP" + "OC\\Preview\\EMF" + "OC\\Preview\\Font" + "OC\\Preview\\GIF" + "OC\\Preview\\HEIC" + "OC\\Preview\\Illustrator" + "OC\\Preview\\JPEG" + "OC\\Preview\\Krita" + "OC\\Preview\\MarkDown" + "OC\\Preview\\Movie" + "OC\\Preview\\MP3" + "OC\\Preview\\MSOffice2003" + "OC\\Preview\\MSOffice2007" + "OC\\Preview\\MSOfficeDoc" + "OC\\Preview\\OpenDocument" + "OC\\Preview\\PDF" + "OC\\Preview\\Photoshop" + "OC\\Preview\\PNG" + "OC\\Preview\\Postscript" + "OC\\Preview\\SVG" + "OC\\Preview\\TIFF" + "OC\\Preview\\TXT" + "OC\\Preview\\XBitmap" + ]; + }; + config = { + dbtype = "pgsql"; + adminpassFile = config.age.secrets.nextcloud-adminpass.path; + }; + phpOptions = { + "opcache.interned_strings_buffer" = "16"; + }; + }; + + collabora-online = { + enable = true; + settings = { + ssl = { + enable = false; + termination = true; + }; + net = { + listen = "unix"; + frame_ancestors = "cloud.baduhai.dev"; + }; + }; + }; + }; + + age.secrets = { + "nextcloud-secrets.json" = { + file = ../../../secrets/nextcloud-secrets.json.age; + owner = "nextcloud"; + group = "hosted"; + }; + nextcloud-adminpass = { + file = ../../../secrets/nextcloud-adminpass.age; + owner = "nextcloud"; + group = "hosted"; + }; + }; +} diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix index 8c20d5d..654035b 100644 --- a/hosts/alexandria/nginx.nix +++ b/hosts/alexandria/nginx.nix @@ -36,31 +36,14 @@ in lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) { "_".locations."/".return = "444"; - "dav.baduhai.dev".locations = { - "/caldav" = { - proxyPass = "http://unix:/run/radicale/radicale.sock:/"; - extraConfig = '' - proxy_set_header X-Script-Name /caldav; - proxy_pass_header Authorization; - ''; - }; - "/webdav" = { - proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/webdav/"; - extraConfig = '' - proxy_set_header X-Script-Name /webdav; - proxy_pass_header Authorization; - proxy_connect_timeout 300; # Increase timeouts for large file uploads - proxy_send_timeout 300; - proxy_read_timeout 300; - client_max_body_size 10G; # Allow large file uploads - proxy_buffering off; # Buffer settings for better performance - proxy_request_buffering off; - ''; - }; - }; + "cloud.baduhai.dev" = { }; "git.baduhai.dev".locations."/".proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; "jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; + "office.baduhai.dev".locations."/" = { + proxyPass = "http://unix:/run/coolwsd/coolwsd.sock"; + proxyWebsockets = true; + }; "pass.baduhai.dev".locations."/".proxyPass = "http://unix:${config.services.vaultwarden.config.ROCKET_ADDRESS}:/"; "speedtest.baduhai.dev".locations."/".proxyPass = "http://librespeed:80/"; diff --git a/hosts/alexandria/radicale.nix b/hosts/alexandria/radicale.nix deleted file mode 100644 index d81a228..0000000 --- a/hosts/alexandria/radicale.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ ... }: - -{ - services.radicale = { - enable = true; - settings = { - server = { - hosts = [ "/run/radicale/radicale.sock" ]; - }; - auth = { - type = "htpasswd"; - htpasswd_filename = "/etc/radicale/users"; - htpasswd_encryption = "bcrypt"; - }; - }; - }; -} diff --git a/hosts/alexandria/rclone-webdav.nix b/hosts/alexandria/rclone-webdav.nix deleted file mode 100644 index 8324d31..0000000 --- a/hosts/alexandria/rclone-webdav.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ config, pkgs, ... }: - -let - rclone-webdav-start = pkgs.writeShellScript "rclone-webdav-start.sh" '' - #!/bin/bash - - # Configuration - CREDS_FILE="/run/agenix/webdav" - SERVE_DIR="/data/webdav" - SOCKET_PATH="/run/rclone-webdav/webdav.sock" - - # Check if credentials file exists - if [ ! -f "$CREDS_FILE" ]; then - echo "Error: Credentials file $CREDS_FILE not found" - exit 1 - fi - - # Read credentials from file (format: username:password) - CREDENTIALS=$(cat "$CREDS_FILE") - USERNAME=$(echo "$CREDENTIALS" | cut -d':' -f1) - PASSWORD=$(echo "$CREDENTIALS" | cut -d':' -f2) - - # Validate credentials - if [ -z "$USERNAME" ] || [ -z "$PASSWORD" ]; then - echo "Error: Invalid credentials format. Expected username:password" - exit 1 - fi - - # Ensure serve directory exists - mkdir -p "$SERVE_DIR" - - # Remove existing socket if it exists - rm -f "$SOCKET_PATH" - - # Start rclone serve webdav - exec ${pkgs.rclone}/bin/rclone serve webdav "$SERVE_DIR" \ - --addr unix://"$SOCKET_PATH" \ - --user "$USERNAME" \ - --pass "$PASSWORD" \ - --config="" \ - --baseurl "/webdav" \ - --verbose - ''; -in - -{ - age.secrets.webdav = { - file = ../../secrets/webdav.age; - owner = "user"; - group = "users"; - }; - - systemd.services.rclone-webdav = { - description = "RClone WebDAV Server"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "exec"; - User = "user"; - Group = "nginx"; - ExecStart = "${rclone-webdav-start}"; - Restart = "always"; - RestartSec = "10"; - NoNewPrivileges = true; - PrivateTmp = true; - ProtectSystem = "strict"; - ProtectHome = true; - ReadWritePaths = [ - "/data/webdav" - "/run" - ]; - RuntimeDirectory = "rclone-webdav"; - RuntimeDirectoryMode = "0750"; - UMask = "0002"; - }; - preStart = '' - mkdir -p /data/webdav - chown user:users /data/webdav - chmod 755 /data/webdav - ''; - }; -} diff --git a/secrets/nextcloud-adminpass.age b/secrets/nextcloud-adminpass.age new file mode 100644 index 0000000..4adb2b1 --- /dev/null +++ b/secrets/nextcloud-adminpass.age @@ -0,0 +1,13 @@ +age-encryption.org/v1 +-> ssh-ed25519 hi+lKA KUVC7m5ch8uuseBHHPCspWWdSAs+3YK+LvBL7h14UT8 +8h5Tu47UJ/6wJZaEjB0KhUKZ8yw3FgwWv9Dem4ivgVI +-> ssh-ed25519 SP9f6A IDnNmcjBKTiNWnBPw7mAuycOfzvj1bGi30OLi/mN+AA +xE9drPCFvOi8v74zqUuCOc9DOFnzfwFfoa0O84JHonA +-> ssh-ed25519 8YSAiw vWnYElIL2jh/LmxZKFFGE/8H1o+bOnGsGxQ3UZ02FE8 +c6e/c1a1cUa6FPDaUYHeY50WB5E1cq398AgwVs421EA +-> ssh-ed25519 3Chb7w iDSXb9BYJ/2EUJx77Uch3eFYukxTD5nHbdU+iTBWXkk +QBrCOSmjKeX0giQxYGMHinOeTrDs9ZGmdjThxEvyXn0 +-> ssh-ed25519 J6tVTA tZ5yMoYaLdgs0WoaRju3h+zfKSCrYoYO7aDcmnNta3s +seYPrbd8PmVZJKSltp4qI7i137be01ydWhkdOPP7Zzw +--- LElLg1Mrmw0iExirSvb6KWSA8bugbVggM2RwZSWlWGM +]͠l0dNnݾ0578qƈKƌ_# ̓agXDC:L6̾R魧 \ No newline at end of file diff --git a/secrets/nextcloud-secrets.json.age b/secrets/nextcloud-secrets.json.age new file mode 100644 index 0000000..3860d4e --- /dev/null +++ b/secrets/nextcloud-secrets.json.age @@ -0,0 +1,13 @@ +age-encryption.org/v1 +-> ssh-ed25519 hi+lKA dt/gmE1ljEV6eiU4cyqy+v49mtjlm/qnkV3D5OCbUFI +LkRedLe6Qf8J5MeH+DNVmeuFyHHjDeYyrjoyzPmqZyI +-> ssh-ed25519 SP9f6A rossSD9Dk/BE9ujDcJY/CdVu5Pm5mLyKBFLpBERu+g0 +g6bnR5N9eC50gbd48rijisF6WLYBtoDi4CSLPBkfiw0 +-> ssh-ed25519 8YSAiw s+i/kWBUvnSEDN93MCO9QSIXnQi02zT+vdBVB8rbAV4 +n4mWFllh8dCW8DVP9R/m6KIuprZnLRbGQ/wjFmhEZx8 +-> ssh-ed25519 3Chb7w c0WkS3MPTAmcHTKMsfoL2mZKF9rJ/oU48noL00UEAjc +AL0b7xrfd9Ll4v/o0dLkic+YsKBiQxyFFKggXsQfM04 +-> ssh-ed25519 J6tVTA ZM+AOwYRTovNJnwe2wdUm9KU6Lj44rgBvthwHSFwDng +DJweE//ogMciRmy0GTj8zDRzItRtlfTkBynRSBDr3ks +--- dNCLx3d9i125QQqdsQVnwdN9QMLU+MWx2KjYFKFv5lU +{ 6EjrTg+I?*xu'$>U4QBDĠ"SIqA|v5xJdHھI6$'7(q{[.I*P <Ĭ/_|yx͙p*xX \ No newline at end of file From 3f9e2e384484014c0c11362076a757e7656df6f5 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 15:05:42 -0300 Subject: [PATCH 018/206] add deploy-rs --- deploy.nix | 41 +++++++++++++ flake.lock | 168 ++++++++++++++++++++++++++++++++++++++++------------- flake.nix | 3 + 3 files changed, 171 insertions(+), 41 deletions(-) create mode 100644 deploy.nix diff --git a/deploy.nix b/deploy.nix new file mode 100644 index 0000000..865e4c9 --- /dev/null +++ b/deploy.nix @@ -0,0 +1,41 @@ +{ inputs, self, ... }: +{ + flake.deploy.nodes = { + alexandria = { + hostname = "alexandria"; + profiles.system = { + sshUser = "root"; + path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; + user = "root"; + }; + }; + + trantor = { + hostname = "trantor"; + profiles.system = { + sshUser = "root"; + path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.trantor; + user = "root"; + }; + }; + + io = { + hostname = "io"; + profiles = { + system = { + sshUser = "root"; + path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.io; + user = "root"; + }; + user = { + sshUser = "user"; + path = inputs.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations."user@io"; + user = "user"; + }; + }; + }; + }; + + # Optional: Add deploy-rs checks + flake.checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib; +} diff --git a/flake.lock b/flake.lock index e319173..3e04b70 100644 --- a/flake.lock +++ b/flake.lock @@ -113,6 +113,26 @@ "type": "github" } }, + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": "nixpkgs", + "utils": "utils" + }, + "locked": { + "lastModified": 1756719547, + "narHash": "sha256-N9gBKUmjwRKPxAafXEk1EGadfk2qDZPBQp4vXWPHINQ=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "125ae9e3ecf62fb2c0fd4f2d894eb971f1ecaed2", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, "dgop": { "inputs": { "nixpkgs": [ @@ -165,11 +185,11 @@ "quickshell": "quickshell" }, "locked": { - "lastModified": 1760401338, - "narHash": "sha256-aN4qiI9R4ByEucFE/zvJFF8Y456nDe1IXCKu0hvEP+U=", + "lastModified": 1760637129, + "narHash": "sha256-ZNIieGgeSRcaok5W0Vre6fOtXVoebkoyBR2yrvhwues=", "owner": "AvengeMedia", "repo": "DankMaterialShell", - "rev": "07fe2ca4072eb987c8090f388d4979f5006cef52", + "rev": "5c816463973d52010839a882d95ea1a44d80c52a", "type": "github" }, "original": { @@ -216,6 +236,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1747046372, @@ -272,7 +308,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1731533236, @@ -370,11 +406,11 @@ ] }, "locked": { - "lastModified": 1760033152, - "narHash": "sha256-e2g07P6SBJrYdRWw5JEJgh8ssccr+jigYR9p4GS0tME=", + "lastModified": 1760500983, + "narHash": "sha256-zfY4F4CpeUjTGgecIJZ+M7vFpwLc0Gm9epM/iMQd4w8=", "owner": "nix-community", "repo": "home-manager", - "rev": "5d61767c8dee7f9c66991335795dbca9e801c25a", + "rev": "c53e65ec92f38d30e3c14f8d628ab55d462947aa", "type": "github" }, "original": { @@ -439,7 +475,7 @@ "nix-options-doc": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "rust-overlay": "rust-overlay" }, "locked": { @@ -459,9 +495,9 @@ }, "nixos-cli": { "inputs": { - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "nix-options-doc": "nix-options-doc", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1759846470, @@ -479,16 +515,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1740695751, - "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", - "owner": "nixos", + "lastModified": 1743014863, + "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "6313551cd05425cd5b3e63fe47dbc324eabb15e4", + "rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable", + "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -510,11 +546,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1759735786, - "narHash": "sha256-a0+h02lyP2KwSNrZz4wLJTu9ikujNsTWIC874Bv7IJ0=", + "lastModified": 1760423683, + "narHash": "sha256-Tb+NYuJhWZieDZUxN6PgglB16yuqBYQeMJyYBGCXlt8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "20c4598c84a671783f741e02bf05cbfaf4907cff", + "rev": "a493e93b4a259cd9fea8073f89a7ed9b1c5a1da2", "type": "github" }, "original": { @@ -525,6 +561,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1740695751, + "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "6313551cd05425cd5b3e63fe47dbc324eabb15e4", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -540,39 +592,39 @@ "type": "github" } }, - "nixpkgs_3": { - "locked": { - "lastModified": 1759831965, - "narHash": "sha256-vgPm2xjOmKdZ0xKA6yLXPJpjOtQPHfaZDRtH+47XEBo=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "c9b6fb798541223bbb396d287d16f43520250518", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_4": { "locked": { "lastModified": 1760524057, "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", - "owner": "NixOS", + "owner": "nixos", "repo": "nixpkgs", "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "nixos", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_5": { + "locked": { + "lastModified": 1758690382, + "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e643668fd71b949c53f8626614b21ff71a07379d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { "locked": { "lastModified": 1755615617, "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", @@ -637,6 +689,7 @@ "root": { "inputs": { "agenix": "agenix", + "deploy-rs": "deploy-rs", "disko": "disko", "dms": "dms", "flake-parts": "flake-parts", @@ -645,7 +698,7 @@ "impermanence": "impermanence", "nix-flatpak": "nix-flatpak", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nixpkgs-stable": "nixpkgs-stable", "stylix": "stylix", "zen-browser": "zen-browser" @@ -682,9 +735,9 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_2", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nur": "nur", - "systems": "systems_3", + "systems": "systems_4", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -750,6 +803,21 @@ "type": "github" } }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tinted-foot": { "flake": false, "locked": { @@ -831,10 +899,28 @@ "type": "github" } }, + "utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "zen-browser": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1760588585, diff --git a/flake.nix b/flake.nix index 4ec8da1..4f3fac0 100644 --- a/flake.nix +++ b/flake.nix @@ -40,6 +40,8 @@ zen-browser.url = "github:0xc000022070/zen-browser-flake"; impermanence.url = "github:nix-community/impermanence"; + + deploy-rs.url = "github:serokell/deploy-rs"; }; outputs = @@ -57,6 +59,7 @@ ./nixosModules.nix ./overlays.nix ./packages.nix + ./deploy.nix ]; }; } From af7467554f8a605b521aae47238d19cfb40b17b5 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 15:05:58 -0300 Subject: [PATCH 019/206] update nextcloud --- hosts/alexandria/nextcloud.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 4392323..2b7670d 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -9,7 +9,7 @@ services = { nextcloud = { enable = true; - package = pkgs.nextcloud30; + package = pkgs.nextcloud32; datadir = "/data/nextcloud"; hostName = "cloud.baduhai.dev"; configureRedis = true; @@ -78,12 +78,12 @@ age.secrets = { "nextcloud-secrets.json" = { - file = ../../../secrets/nextcloud-secrets.json.age; + file = ../../secrets/nextcloud-secrets.json.age; owner = "nextcloud"; group = "hosted"; }; nextcloud-adminpass = { - file = ../../../secrets/nextcloud-adminpass.age; + file = ../../secrets/nextcloud-adminpass.age; owner = "nextcloud"; group = "hosted"; }; From 3792c11bf0a5ac033b63e795b2b23a7a3284ae09 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 15:07:49 -0300 Subject: [PATCH 020/206] add deploy-rs to devshell --- devShells.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/devShells.nix b/devShells.nix index 254d604..25ee80d 100644 --- a/devShells.nix +++ b/devShells.nix @@ -1,4 +1,4 @@ -{ ... }: +{ inputs, ... }: { perSystem = @@ -8,6 +8,7 @@ packages = with pkgs; [ nil nixfmt-rfc-style + inputs.deploy-rs.packages.${pkgs.system}.default ]; }; }; From 0cf06f8541ef62a5a15f6b51e92c4ed96752d9b4 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 15:30:01 -0300 Subject: [PATCH 021/206] som more deploy-rs mods --- deploy.nix | 15 +++++++++------ devShells.nix | 4 +++- hosts/modules/common/nix.nix | 12 +++++------- 3 files changed, 17 insertions(+), 14 deletions(-) diff --git a/deploy.nix b/deploy.nix index 865e4c9..2e69377 100644 --- a/deploy.nix +++ b/deploy.nix @@ -1,10 +1,11 @@ { inputs, self, ... }: { flake.deploy.nodes = { + remoteBuild = true; alexandria = { hostname = "alexandria"; profiles.system = { - sshUser = "root"; + sshUser = "user"; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; user = "root"; }; @@ -13,7 +14,7 @@ trantor = { hostname = "trantor"; profiles.system = { - sshUser = "root"; + sshUser = "user"; path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.trantor; user = "root"; }; @@ -23,7 +24,7 @@ hostname = "io"; profiles = { system = { - sshUser = "root"; + sshUser = "user"; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.io; user = "root"; }; @@ -35,7 +36,9 @@ }; }; }; - - # Optional: Add deploy-rs checks - flake.checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib; + perSystem = + { system, ... }: + { + checks = inputs.deploy-rs.lib.${system}.deployChecks self.deploy; + }; } diff --git a/devShells.nix b/devShells.nix index 25ee80d..82f97e9 100644 --- a/devShells.nix +++ b/devShells.nix @@ -8,8 +8,10 @@ packages = with pkgs; [ nil nixfmt-rfc-style - inputs.deploy-rs.packages.${pkgs.system}.default ]; + shellHook = '' + alias deploy='${inputs.deploy-rs.packages.${pkgs.system}.default}/bin/deploy --skip-checks' + ''; }; }; } diff --git a/hosts/modules/common/nix.nix b/hosts/modules/common/nix.nix index ff0b474..5ef9c4c 100644 --- a/hosts/modules/common/nix.nix +++ b/hosts/modules/common/nix.nix @@ -26,13 +26,11 @@ buildDocs = false; }; - services = { - nixos-cli = { - enable = true; - config = { - use_nvd = true; - ignore_dirty_tree = true; - }; + services.nixos-cli = { + enable = true; + config = { + use_nvd = true; + ignore_dirty_tree = true; }; }; From c8f1b3a5e0f894584cf8bcf08b46f6eeddcffabb Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 08:37:09 -0300 Subject: [PATCH 022/206] fix mkNginxVHosts usage; fix librespeed proxy; fix vaultwarden proxy --- hosts/alexandria/librespeed.nix | 25 ++++++++++++++++++++++++- hosts/alexandria/nextcloud.nix | 4 ++-- hosts/alexandria/nginx.nix | 14 ++++++++------ hosts/alexandria/vaultwarden.nix | 5 +++-- utils.nix | 2 ++ 5 files changed, 39 insertions(+), 11 deletions(-) diff --git a/hosts/alexandria/librespeed.nix b/hosts/alexandria/librespeed.nix index 79353bd..aeb8db3 100644 --- a/hosts/alexandria/librespeed.nix +++ b/hosts/alexandria/librespeed.nix @@ -1,14 +1,37 @@ -{ lib, inputs, ... }: +{ + config, + lib, + inputs, + ... +}: + let utils = import ../../utils.nix { inherit inputs lib; }; inherit (utils) mkNginxVHosts; in + { + systemd.services.init-librespeed-network = { + description = "Create the network bridge for librespeed."; + after = [ "network.target" ]; + wantedBy = [ "podman-librespeed.service" ]; + serviceConfig.Type = "oneshot"; + script = '' + check=$(${config.virtualisation.podman.package}/bin/podman network ls | grep "librespeed" || true) + if [ -z "$check" ]; then + ${config.virtualisation.podman.package}/bin/podman network create librespeed + else + echo "librespeed network already exists" + fi + ''; + }; + virtualisation.oci-containers.containers."librespeed" = { image = "lscr.io/linuxserver/librespeed:latest"; environment = { TZ = "America/Bahia"; }; + networks = [ "librespeed" ]; extraOptions = [ "--pull=newer" "--label=io.containers.autoupdate=registry" diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 2b7670d..b097616 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -80,12 +80,12 @@ "nextcloud-secrets.json" = { file = ../../secrets/nextcloud-secrets.json.age; owner = "nextcloud"; - group = "hosted"; + group = "nextcloud"; }; nextcloud-adminpass = { file = ../../secrets/nextcloud-adminpass.age; owner = "nextcloud"; - group = "hosted"; + group = "nextcloud"; }; }; } diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix index 192dbda..0a0a261 100644 --- a/hosts/alexandria/nginx.nix +++ b/hosts/alexandria/nginx.nix @@ -4,10 +4,12 @@ inputs, ... }: + let utils = import ../../utils.nix { inherit inputs lib; }; inherit (utils) mkNginxVHosts; in + { security.acme = { acceptTerms = true; @@ -22,12 +24,6 @@ in }; }; - age.secrets.cloudflare = { - file = ../../secrets/cloudflare.age; - owner = "nginx"; - group = "nginx"; - }; - services.nginx = { enable = true; recommendedGzipSettings = true; @@ -41,4 +37,10 @@ in }; users.users.nginx.extraGroups = [ "acme" ]; + + age.secrets.cloudflare = { + file = ../../secrets/cloudflare.age; + owner = "nginx"; + group = "nginx"; + }; } diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix index 21f7d46..fd10d6b 100644 --- a/hosts/alexandria/vaultwarden.nix +++ b/hosts/alexandria/vaultwarden.nix @@ -14,13 +14,14 @@ in config = { DOMAIN = "https://pass.baduhai.dev"; SIGNUPS_ALLOWED = false; - ROCKET_ADDRESS = "/run/vaultwarden/vaultwarden.sock"; + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 58222; }; }; services.nginx.virtualHosts = mkNginxVHosts { acmeHost = "baduhai.dev"; domains."pass.baduhai.dev".locations."/".proxyPass = - "http://unix:${config.services.vaultwarden.config.ROCKET_ADDRESS}:/"; + "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; }; } diff --git a/utils.nix b/utils.nix index 7b8e502..1f2c66c 100644 --- a/utils.nix +++ b/utils.nix @@ -1,4 +1,5 @@ { inputs, lib }: + let inherit (inputs) self @@ -8,6 +9,7 @@ let agenix ; in + { # Tag-based host configuration system mkHost = From 681f68d7903101de8dcc05a8bcf07a244eef59eb Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 09:47:40 -0300 Subject: [PATCH 023/206] nexcloud on 25.05 is still at version 31 --- hosts/alexandria/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index b097616..603c85f 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -9,7 +9,7 @@ services = { nextcloud = { enable = true; - package = pkgs.nextcloud32; + package = pkgs.nextcloud31; datadir = "/data/nextcloud"; hostName = "cloud.baduhai.dev"; configureRedis = true; From 6d41eeaf885090d66eaac60e1659e7f4b9d6a9be Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 09:51:49 -0300 Subject: [PATCH 024/206] mkHome instead of mkUser --- homeConfigurations.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/homeConfigurations.nix b/homeConfigurations.nix index cbd1e6c..422681d 100644 --- a/homeConfigurations.nix +++ b/homeConfigurations.nix @@ -3,12 +3,12 @@ let lib = inputs.nixpkgs.lib; utils = import ./utils.nix { inherit inputs lib; }; - inherit (utils) mkUser; + inherit (utils) mkHome; in { flake.homeConfigurations = { - "user@rotterdam" = mkUser { + "user@rotterdam" = mkHome { username = "user"; tags = [ "btop" @@ -23,7 +23,7 @@ in ]; }; - "user@io" = mkUser { + "user@io" = mkHome { username = "user"; tags = [ "btop" From 64379d7ab48da9269f6c628473f50b3bcbbc1080 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 11:01:11 -0300 Subject: [PATCH 025/206] fixed some stuff --- deploy.nix | 6 ++++-- devShells.nix | 6 ++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/deploy.nix b/deploy.nix index 2e69377..40a21e9 100644 --- a/deploy.nix +++ b/deploy.nix @@ -1,8 +1,9 @@ { inputs, self, ... }: { - flake.deploy.nodes = { + flake.deploy = { remoteBuild = true; - alexandria = { + nodes = { + alexandria = { hostname = "alexandria"; profiles.system = { sshUser = "user"; @@ -36,6 +37,7 @@ }; }; }; +}; perSystem = { system, ... }: { diff --git a/devShells.nix b/devShells.nix index 82f97e9..e5c4a33 100644 --- a/devShells.nix +++ b/devShells.nix @@ -1,4 +1,4 @@ -{ inputs, ... }: +{ ... }: { perSystem = @@ -8,10 +8,8 @@ packages = with pkgs; [ nil nixfmt-rfc-style + deploy-rs ]; - shellHook = '' - alias deploy='${inputs.deploy-rs.packages.${pkgs.system}.default}/bin/deploy --skip-checks' - ''; }; }; } From c6b5cc16c13c9b972d12adafff8719ce821a319d Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 11:01:23 -0300 Subject: [PATCH 026/206] don't touch nextcloud apps --- hosts/alexandria/nextcloud.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 603c85f..84853dc 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -14,7 +14,6 @@ hostName = "cloud.baduhai.dev"; configureRedis = true; https = true; - autoUpdateApps.enable = true; secretFile = config.age.secrets."nextcloud-secrets.json".path; database.createLocally = true; maxUploadSize = "16G"; From d0793fb1256d32607005479f8f8ea7588a6bc41e Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 11:07:55 -0300 Subject: [PATCH 027/206] I'm forced to map a port in librespeed --- hosts/alexandria/librespeed.nix | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/hosts/alexandria/librespeed.nix b/hosts/alexandria/librespeed.nix index aeb8db3..e36a81d 100644 --- a/hosts/alexandria/librespeed.nix +++ b/hosts/alexandria/librespeed.nix @@ -11,27 +11,12 @@ let in { - systemd.services.init-librespeed-network = { - description = "Create the network bridge for librespeed."; - after = [ "network.target" ]; - wantedBy = [ "podman-librespeed.service" ]; - serviceConfig.Type = "oneshot"; - script = '' - check=$(${config.virtualisation.podman.package}/bin/podman network ls | grep "librespeed" || true) - if [ -z "$check" ]; then - ${config.virtualisation.podman.package}/bin/podman network create librespeed - else - echo "librespeed network already exists" - fi - ''; - }; - virtualisation.oci-containers.containers."librespeed" = { image = "lscr.io/linuxserver/librespeed:latest"; environment = { TZ = "America/Bahia"; }; - networks = [ "librespeed" ]; + ports = [ "127.0.0.1:58080:80" ]; extraOptions = [ "--pull=newer" "--label=io.containers.autoupdate=registry" @@ -40,6 +25,6 @@ in services.nginx.virtualHosts = mkNginxVHosts { acmeHost = "baduhai.dev"; - domains."speedtest.baduhai.dev".locations."/".proxyPass = "http://librespeed:80/"; + domains."speedtest.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:58080/"; }; } From f9874296ae3b06a744633cc1632f63d29b6724a1 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 11:47:04 -0300 Subject: [PATCH 028/206] expose nextcloud and collabora on proxy --- hosts/alexandria/nextcloud.nix | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 84853dc..373b0e5 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -2,9 +2,15 @@ lib, config, pkgs, + inputs, ... }: +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in + { services = { nextcloud = { @@ -62,17 +68,35 @@ collabora-online = { enable = true; + port = 9980; settings = { ssl = { enable = false; termination = true; }; net = { - listen = "unix"; + listen = "loopback"; frame_ancestors = "cloud.baduhai.dev"; }; }; }; + + nginx.virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; + domains = { + "cloud.baduhai.dev" = { }; + "office.baduhai.dev".locations = { + "/".proxyPass = "http://127.0.0.1:${toString config.services.collabora-online.port}"; + "~ ^/cool/(.*)/ws$".proxyPass = "http://127.0.0.1:${toString config.services.collabora-online.port}"; + "~ ^/cool/(.*)/ws$".extraConfig = '' + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_read_timeout 36000s; + ''; + }; + }; + }; }; age.secrets = { From f5a7377b1f5c88ba29f3bb56deea3bed1eb9e2ef Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 11:49:44 -0300 Subject: [PATCH 029/206] nextcloud desktop client --- hosts/modules/desktop/desktop.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 5012d7e..ebffd49 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -17,6 +17,7 @@ ### Web ### bitwarden-desktop brave + nextcloud-client tor-browser qbittorrent vesktop From 265dc9947650bebfc4c6068752152280218d18e8 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 15:23:13 -0300 Subject: [PATCH 030/206] add agenix to shell --- devShells.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/devShells.nix b/devShells.nix index e5c4a33..acf63f8 100644 --- a/devShells.nix +++ b/devShells.nix @@ -6,9 +6,10 @@ { devShells.default = pkgs.mkShell { packages = with pkgs; [ + agenix + deploy-rs nil nixfmt-rfc-style - deploy-rs ]; }; }; From 7e02970b56c5da72ce06e9e44eba86054fc63b0f Mon Sep 17 00:00:00 2001 From: William Date: Fri, 17 Oct 2025 15:39:56 -0300 Subject: [PATCH 031/206] fix up secrets --- secrets/cloudflare.age | 22 ++++++--------- secrets/nextcloud-adminpass.age | 20 ++++++------- secrets/nextcloud-secrets.json.age | Bin 757 -> 537 bytes secrets/secrets.nix | 44 ++++++++++++++--------------- secrets/webdav.age | 15 ---------- 5 files changed, 38 insertions(+), 63 deletions(-) delete mode 100644 secrets/webdav.age diff --git a/secrets/cloudflare.age b/secrets/cloudflare.age index 11cfac6..9e989ec 100644 --- a/secrets/cloudflare.age +++ b/secrets/cloudflare.age @@ -1,15 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 Kfdnog HMpl/3mb59SsUvkDXXxO+odBNSc1dZS1nQtC8/BPlGI -4fPk0YtGxOoqXDfTN9kQlH0Pg2iaJXUZE5es6f317L4 --> ssh-ed25519 SP9f6A p1kh6UOFJ4xwulLY9IpbNZIJ7JSouR27j6HgK/XRegM -rJCzN+RCdQgo/xCkAmcdN6GfXsoQhpmE1HuGwYs/2CI --> ssh-ed25519 8YSAiw cCbMOE3PMa3bzGGQSeQZuq074iwt4p4HLDu8uiHhWRY -U6wR/DuBdMKfbmQfUZ8XLdTBxNsUMR2lOueYucR5+bY --> ssh-ed25519 7cojTQ iLDzC79YtZcrqldzCyIFHrpsEapOXYD5AXuNoQ+3ulI -v2NiE3pA+J8Po+PqTTUU9XYKy37AIyj5KWdlh7FOPG8 --> ssh-ed25519 J6tVTA Jw1pSpF1J2Ud46BDhdRCPErgUeim8uwWxiB1E3BiJB8 -hGdGFi46iqKJN0QviG1xRNf2kwlls0rM5k3LkAiw8jY --> ssh-ed25519 Kl5yTQ yXnKCsJNjTSQYiPuv6dAF6raB3EFcg2oag1cBVkdvwk -0hwjrZpclTrFWtr5JqAbwXImYzZwTJOJPkhNnlHmPeo ---- k97ZU6FfTWVqBwNcrF9QeEbnqnuQUQ9pR1qM/Sgjh7A -#L-q﹋hr&*hNbqܦHŠG=@uaku|Er^BOo}:5ju$%".A1qP\2C R_ S=(%sި \ No newline at end of file +-> ssh-ed25519 Kfdnog gEZvRtLBhGslmS97VaRqoucgExvOopsHAAne4lCmEEY +NkIeFYuQFntDOBqd3k0/OVYMcM7h73uO0jPXaHzEcZc +-> ssh-ed25519 8YSAiw bVV4jIDbBKxsr6mQ4Tv0rP6ylrAEOJWkqjpyvXjnQRU +6kUe5Syw7sd+aF2QEgr6Yj+fOPL5zSJN1PJvY9Kdhlg +-> ssh-ed25519 J6tVTA 4JMlJmhHAYUgjiWwB1Q278TSjJypwecALmfnosxan0s +WIubcIFrjMV0GpyU1ZGc48YwrqOtSmJxweonw1KnR+U +--- 78A7re4LLB/0n5AXLRlVqiMNFMAQ2ZvjjK21YGRveRE +_4pkVCKm#~kI8Em3kp|0^tSk s/΅?=l,7~̈́c{ȞAݭ>ZlGTJsGY //B4e'IIc ,"< \ No newline at end of file diff --git a/secrets/nextcloud-adminpass.age b/secrets/nextcloud-adminpass.age index 4adb2b1..3b6ff2a 100644 --- a/secrets/nextcloud-adminpass.age +++ b/secrets/nextcloud-adminpass.age @@ -1,13 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 hi+lKA KUVC7m5ch8uuseBHHPCspWWdSAs+3YK+LvBL7h14UT8 -8h5Tu47UJ/6wJZaEjB0KhUKZ8yw3FgwWv9Dem4ivgVI --> ssh-ed25519 SP9f6A IDnNmcjBKTiNWnBPw7mAuycOfzvj1bGi30OLi/mN+AA -xE9drPCFvOi8v74zqUuCOc9DOFnzfwFfoa0O84JHonA --> ssh-ed25519 8YSAiw vWnYElIL2jh/LmxZKFFGE/8H1o+bOnGsGxQ3UZ02FE8 -c6e/c1a1cUa6FPDaUYHeY50WB5E1cq398AgwVs421EA --> ssh-ed25519 3Chb7w iDSXb9BYJ/2EUJx77Uch3eFYukxTD5nHbdU+iTBWXkk -QBrCOSmjKeX0giQxYGMHinOeTrDs9ZGmdjThxEvyXn0 --> ssh-ed25519 J6tVTA tZ5yMoYaLdgs0WoaRju3h+zfKSCrYoYO7aDcmnNta3s -seYPrbd8PmVZJKSltp4qI7i137be01ydWhkdOPP7Zzw ---- LElLg1Mrmw0iExirSvb6KWSA8bugbVggM2RwZSWlWGM -]͠l0dNnݾ0578qƈKƌ_# ̓agXDC:L6̾R魧 \ No newline at end of file +-> ssh-ed25519 Kfdnog aE5/4P3r4e4fh7fFYI+0ci4n5egCI9XxMUsVUQJvmjE +ILlTNB342CLNpdX8SEnSnzEqjvSj8smDjGBQXjQ3pVc +-> ssh-ed25519 8YSAiw tedtmECa3YP0wjOZsCJKAU/izbPcPHWnL++PRSjBIA4 +Rk4E8SbG5ThaBKvtOEe+MWB1JrzFnQAgH/TJGv3+hT8 +-> ssh-ed25519 J6tVTA gozo087SB3PrKK3dTRpmLfUH+pWA67TEHJOmgj1+ASY +pdLnZWvQHyN9lZuS4jjvsnGne+TMZ0PagvfvQJXJW2w +--- hJpVSU9xNlac99VD26i0uW6Jw/U/CoOcAwHSUCk0acs +?hš) IסЇKx::<J BVMx0L \ No newline at end of file diff --git a/secrets/nextcloud-secrets.json.age b/secrets/nextcloud-secrets.json.age index 3860d4e3352a711b3c6e1aa60cdbc562c6ca04ae..473f3cb97a38fcb01d2d7512306b9576963b2754 100644 GIT binary patch delta 472 zcmey$I+JCBYMggkN?v}tLZ(@Xu}g@*Wrc4^Vy=m0L{7e^aX_YJd8J#5lbL~uNw7g! zZit6jVUAlmSDJp7e_CpAQAJ|0e~M3vg-d3Yb4iXzwo6u|Z$@!}r%|$HX1IG!fwrON z#E;_PMme6DrNud=j-}ylmZ_!5sgWjm#znzCrRB~!hNU?LrYQxU{t+4Bx!JBmgg;!YQIcFpmhoo6#dKpzDyLpDY`(^nh=ll3NSGlEgm75g>hI)kM>05?*>KAyL zn-=?)Rg{~0N9dOaW(Ow~8s_*{xFi|`g(oL->FVk#xETb8mgbeEMOnIO=jVB(yZV}% zl^XfFRX7EES_JwQ8wQxwJEjGsmFb&>a(!53p;qHcGzOhHdr?!)Yy?)B}jRjm0}ob&b+NbC~!2$`=~ U*|Bd)>My+|#f!Ip+dAn605j{k7XSbN delta 713 zcmbQq@|AUhYJEngc8<5BLQ08#dakQsPL^w!S!!meNpfXjrFNN#Wo}7UPOg4oUUrzV zi>beJQmC6Jmrr(3YKl*)Szwxlm#J^6hqjAfSZ->mTcw9bmP=}6Wl>gsWmQ0KVN|6j zm#&>cadC!jYKoDmsiCDpaDZi+nWI8cesOWIi=|7pe!Y{cWoed6vR9-_Qkg1<#sE|1y_+)1$YeyD)J7oq|RJyr&r>9302d4QNm`waAULWPF z?dV?~85ELV=I51Ho@!K{5}Ir29ct#2Wnxm4?o?KiQSK4!R_>CQ&gJ4&p6aTvpP%lV zoEel`Y2Y4`Wl`l4ROML`RFabxlI>KP7ZmK|Qe>Q6%%!WVtB~U7>{DT!Vwq`ZWEvP) zm{J@VmRFwQXBp`06RPbSUSZ^&RUhf*?N(-*6UsGfMfL0LylgMbT(gQoezZ5IKhYNJ zy!hU8=c@UicG+*cc1nw}g0)nAi^?mzP&t#CZvvfMjx10L_MBKan_t?o=GBif({C01 zUVJGJyZ?CH+UIE|d-SZzYV|Jj#Ts`CtG~?r7X5vS-m|uco>~EIJ63Qv*c@4N@wmS5 YR{r>!%HJXtXJ>X5X#Ja0vFm390H{Fzn*aa+ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index ba71b7a..d47309f 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,29 +1,29 @@ let - io-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs"; - io-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCIrKJk5zWzWEHvLMPMK8T3PyeBjsCsqzxPN+OrXfhA"; - io = [ - io-user - io-host - ]; + io-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io"; + io = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCIrKJk5zWzWEHvLMPMK8T3PyeBjsCsqzxPN+OrXfhA root@io"; - rotterdam-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL"; - rotterdam-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIjXcqQqlu03x2VVTdWOyxtKRszXAKX0AxTkGvF1oeJL"; - rotterdam = [ - rotterdam-user - rotterdam-host - ]; + rotterdam-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam"; + rotterdam = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIjXcqQqlu03x2VVTdWOyxtKRszXAKX0AxTkGvF1oeJL root@rotterdam"; - alexandria-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK95QueW+jp1ZmF299Xr3XkgHJ6dL7aZVsfWxqbOKVKA"; - alexandria = [ alexandria-host ]; + alexandria = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK95QueW+jp1ZmF299Xr3XkgHJ6dL7aZVsfWxqbOKVKA root@alexandria"; - trantor-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINkGuGLZPnYJbCGY4BhJ9uTupp6ruuR1NZ7FEYEaLPA7"; - trantor = [ trantor-host ]; - - desktops = io ++ rotterdam; - servers = alexandria ++ trantor; - all-hosts = desktops ++ servers; + trantor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINkGuGLZPnYJbCGY4BhJ9uTupp6ruuR1NZ7FEYEaLPA7 root@alexandria"; in + { - "cloudflare.age".publicKeys = all-hosts; - "webdav.age".publicKeys = all-hosts; + "cloudflare.age".publicKeys = [ + io-user + rotterdam-user + alexandria + ]; + "nextcloud-adminpass.age".publicKeys = [ + io-user + rotterdam-user + alexandria + ]; + "nextcloud-secrets.json.age".publicKeys = [ + io-user + rotterdam-user + alexandria + ]; } diff --git a/secrets/webdav.age b/secrets/webdav.age deleted file mode 100644 index 93bd850..0000000 --- a/secrets/webdav.age +++ /dev/null @@ -1,15 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 Kfdnog 9oKx6Oz/J/QJ0mmgoLX5AUx0sFdxnPVnjF42bElPSXA -BJ6h4lHGDsf1Npc4bwkvz5htGRT/x/b2bs9WFM2W/pc --> ssh-ed25519 SP9f6A T5t4apynXLYN/4YEvaHRCI28rrKzet4r6LrbAye5VGk -BsXkZYBxG9zcfLYCd9H0+LW078oCDyYx9zG+DPfE7bA --> ssh-ed25519 8YSAiw RY0YR30qyJPvhy7eTJLoj2JXpH9qHP43fJaHilJykXM -E5/P0Egz/LKwEhYLYd5Cnrat47gnYn93yDSeYgLi934 --> ssh-ed25519 7cojTQ qTCTw7CjilThFLmXYph4YhVBhnk1DpnFCGwgioo/XB0 -N31nZ8nInQuddLD3b0bxI5Es/pTvTQD8nz0f/AZtNFg --> ssh-ed25519 J6tVTA 7OawDsWwtVxu76ZgF0dFclMr19sBNdtu7H+Tr7Pd+SQ -hhVKcscIKIH1WChhRo/RYqUWy1rgs/EKnlHr9uY7QrQ --> ssh-ed25519 Kl5yTQ +i2Q3uNHw1jAVH76NHy4QbjCc6sBBYjsbr7w4mLaHW4 -JOJ02zU0+IxlbXMBsW4UrvzvLUbifdzABBNL+bc0bBs ---- W40oEFdBUKbi0teNTc6B1sX0ReHDvkIJcBm1dlROnk8 -zҼCn箱e7{{N6az"EHB/BYbD \ No newline at end of file From 7da7b7167aa9bef30232bc03a9098575e62ccc52 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 18 Oct 2025 15:26:32 -0300 Subject: [PATCH 032/206] i give up on nextcloud office --- hosts/alexandria/nextcloud.nix | 39 +++++++++------------------------- 1 file changed, 10 insertions(+), 29 deletions(-) diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 373b0e5..84de9fc 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -15,7 +15,7 @@ in services = { nextcloud = { enable = true; - package = pkgs.nextcloud31; + package = pkgs.nextcloud32; datadir = "/data/nextcloud"; hostName = "cloud.baduhai.dev"; configureRedis = true; @@ -23,6 +23,14 @@ in secretFile = config.age.secrets."nextcloud-secrets.json".path; database.createLocally = true; maxUploadSize = "16G"; + extraApps = { + inherit (config.services.nextcloud.package.packages.apps) + calendar + contacts + notes + ; + }; + extraAppsEnable = true; caching = { apcu = true; redis = true; @@ -66,36 +74,9 @@ in }; }; - collabora-online = { - enable = true; - port = 9980; - settings = { - ssl = { - enable = false; - termination = true; - }; - net = { - listen = "loopback"; - frame_ancestors = "cloud.baduhai.dev"; - }; - }; - }; - nginx.virtualHosts = mkNginxVHosts { acmeHost = "baduhai.dev"; - domains = { - "cloud.baduhai.dev" = { }; - "office.baduhai.dev".locations = { - "/".proxyPass = "http://127.0.0.1:${toString config.services.collabora-online.port}"; - "~ ^/cool/(.*)/ws$".proxyPass = "http://127.0.0.1:${toString config.services.collabora-online.port}"; - "~ ^/cool/(.*)/ws$".extraConfig = '' - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - proxy_read_timeout 36000s; - ''; - }; - }; + domains."cloud.baduhai.dev" = { }; }; }; From 14457d1ec21d93672c84a95047fab7c6febc022b Mon Sep 17 00:00:00 2001 From: William Date: Sat, 18 Oct 2025 15:55:37 -0300 Subject: [PATCH 033/206] modifications to nextcloud apps --- hosts/alexandria/nextcloud.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 84de9fc..599b832 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -24,13 +24,10 @@ in database.createLocally = true; maxUploadSize = "16G"; extraApps = { - inherit (config.services.nextcloud.package.packages.apps) - calendar - contacts - notes - ; + inherit (config.services.nextcloud.package.packages.apps) calendar contacts notes; }; extraAppsEnable = true; + appstoreEnable = true; caching = { apcu = true; redis = true; From 3164e1ebf2874d2ae01f46e9334e158d0df8a1b4 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 18 Oct 2025 15:55:52 -0300 Subject: [PATCH 034/206] add helix editor to all systems --- hosts/modules/common/programs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/common/programs.nix b/hosts/modules/common/programs.nix index 9820149..e0cc2c9 100644 --- a/hosts/modules/common/programs.nix +++ b/hosts/modules/common/programs.nix @@ -7,6 +7,7 @@ git ### System Utilities ### btop + helix nixos-firewall-tool nvd sysz From 0b17f03ddea318d0062819dcc1c1b9a452418379 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 18 Oct 2025 16:17:08 -0300 Subject: [PATCH 035/206] disable nextcloud appstore --- hosts/alexandria/nextcloud.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 599b832..68d4875 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -27,7 +27,6 @@ in inherit (config.services.nextcloud.package.packages.apps) calendar contacts notes; }; extraAppsEnable = true; - appstoreEnable = true; caching = { apcu = true; redis = true; From 1b1f30180ee1fd5d96e1abe38bd15fd16b51aeb3 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 18 Oct 2025 16:20:43 -0300 Subject: [PATCH 036/206] fix agenix in devshell --- devShells.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devShells.nix b/devShells.nix index acf63f8..72b2695 100644 --- a/devShells.nix +++ b/devShells.nix @@ -6,7 +6,7 @@ { devShells.default = pkgs.mkShell { packages = with pkgs; [ - agenix + agenix-cli deploy-rs nil nixfmt-rfc-style From ce1af87bdfa210ec34cb382f263f8b8f271030e1 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 18 Oct 2025 18:43:23 -0300 Subject: [PATCH 037/206] finally, niri is finished --- flake.lock | 142 +++++++++++++++++++++++++++--- flake.nix | 2 + hosts/modules/desktop/desktop.nix | 14 ++- users/modules/desktop.nix | 12 +-- users/modules/stylix.nix | 8 +- 5 files changed, 152 insertions(+), 26 deletions(-) diff --git a/flake.lock b/flake.lock index 3e04b70..64bae33 100644 --- a/flake.lock +++ b/flake.lock @@ -456,6 +456,62 @@ "type": "github" } }, + "niri": { + "inputs": { + "niri-stable": "niri-stable", + "niri-unstable": "niri-unstable", + "nixpkgs": "nixpkgs_2", + "nixpkgs-stable": "nixpkgs-stable", + "xwayland-satellite-stable": "xwayland-satellite-stable", + "xwayland-satellite-unstable": "xwayland-satellite-unstable" + }, + "locked": { + "lastModified": 1760774008, + "narHash": "sha256-NchPYxFkN9XOOuocGXBmRFAh9NVFybmAev62zG1nL2A=", + "owner": "sodiboo", + "repo": "niri-flake", + "rev": "27e012b4cd49e9ac438573ec7a6db3e5835828c3", + "type": "github" + }, + "original": { + "owner": "sodiboo", + "repo": "niri-flake", + "type": "github" + } + }, + "niri-stable": { + "flake": false, + "locked": { + "lastModified": 1756556321, + "narHash": "sha256-RLD89dfjN0RVO86C/Mot0T7aduCygPGaYbog566F0Qo=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "01be0e65f4eb91a9cd624ac0b76aaeab765c7294", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "ref": "v25.08", + "repo": "niri", + "type": "github" + } + }, + "niri-unstable": { + "flake": false, + "locked": { + "lastModified": 1760768097, + "narHash": "sha256-RvlONuKFKu+v7h/MorLONcPzXMMe6zs8aJUDOsfjr1I=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "8c8447918f4fd7bc6c86a8622b1db52417fbbbbd", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "repo": "niri", + "type": "github" + } + }, "nix-flatpak": { "locked": { "lastModified": 1754777568, @@ -475,7 +531,7 @@ "nix-options-doc": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "rust-overlay": "rust-overlay" }, "locked": { @@ -497,7 +553,7 @@ "inputs": { "flake-compat": "flake-compat_2", "nix-options-doc": "nix-options-doc", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1759846470, @@ -545,6 +601,22 @@ } }, "nixpkgs-stable": { + "locked": { + "lastModified": 1760580664, + "narHash": "sha256-/YdfibIrnqXAL8p5kqCU345mzpHoOtuVIkMiI2pF4Dc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "98ff3f9af2684f6136c24beef08f5e2033fc5389", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { "locked": { "lastModified": 1760423683, "narHash": "sha256-Tb+NYuJhWZieDZUxN6PgglB16yuqBYQeMJyYBGCXlt8=", @@ -561,6 +633,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1760524057, + "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1740695751, "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", @@ -576,7 +664,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -592,7 +680,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1760524057, "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", @@ -608,7 +696,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1758690382, "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", @@ -624,7 +712,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1755615617, "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", @@ -696,10 +784,11 @@ "home-manager": "home-manager_2", "home-manager-stable": "home-manager-stable", "impermanence": "impermanence", + "niri": "niri", "nix-flatpak": "nix-flatpak", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_4", - "nixpkgs-stable": "nixpkgs-stable", + "nixpkgs": "nixpkgs_5", + "nixpkgs-stable": "nixpkgs-stable_2", "stylix": "stylix", "zen-browser": "zen-browser" } @@ -735,7 +824,7 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_2", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "nur": "nur", "systems": "systems_4", "tinted-foot": "tinted-foot", @@ -917,10 +1006,43 @@ "type": "github" } }, + "xwayland-satellite-stable": { + "flake": false, + "locked": { + "lastModified": 1755491097, + "narHash": "sha256-m+9tUfsmBeF2Gn4HWa6vSITZ4Gz1eA1F5Kh62B0N4oE=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "388d291e82ffbc73be18169d39470f340707edaa", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "ref": "v0.7", + "repo": "xwayland-satellite", + "type": "github" + } + }, + "xwayland-satellite-unstable": { + "flake": false, + "locked": { + "lastModified": 1759707084, + "narHash": "sha256-0pkftKs6/LReNvxw7DVTN2AJEheZVgyeK0Aarbagi70=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "a9188e70bd748118b4d56a529871b9de5adb9988", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "type": "github" + } + }, "zen-browser": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1760588585, diff --git a/flake.nix b/flake.nix index 4f3fac0..b9ca962 100644 --- a/flake.nix +++ b/flake.nix @@ -42,6 +42,8 @@ impermanence.url = "github:nix-community/impermanence"; deploy-rs.url = "github:serokell/deploy-rs"; + + niri.url = "github:sodiboo/niri-flake"; }; outputs = diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index ebffd49..045c088 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -6,7 +6,10 @@ }: { - imports = [ inputs.nix-flatpak.nixosModules.nix-flatpak ]; + imports = [ + inputs.niri.nixosModules.niri + inputs.nix-flatpak.nixosModules.nix-flatpak + ]; environment = { sessionVariables = { @@ -69,7 +72,7 @@ enable = true; settings = { default_session = { - command = "${lib.getExe pkgs.tuigreet} --time --remember --asterisks --cmd ${lib.getExe pkgs.niri}"; + command = "${lib.getExe pkgs.tuigreet} --time --remember --asterisks --cmd ${pkgs.niri}/bin/niri-session"; user = "greeter"; }; initial_session = { @@ -111,7 +114,10 @@ }; programs = { - niri.enable = true; + niri = { + enable = true; + package = pkgs.niri; + }; dconf.enable = true; kdeconnect.enable = true; appimage = { @@ -120,6 +126,8 @@ }; }; + niri-flake.cache.enable = false; + fonts = { fontDir.enable = true; packages = with pkgs; [ diff --git a/users/modules/desktop.nix b/users/modules/desktop.nix index 3f7545a..f2517f3 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop.nix @@ -8,6 +8,8 @@ fonts.fontconfig.enable = true; + home.packages = with pkgs; [ xwayland-satellite ]; + programs = { dankMaterialShell = { enable = true; @@ -33,21 +35,13 @@ keybind = [ "shift+enter=esc:\\x1b[13;2u" ]; }; }; + password-store = { enable = true; package = pkgs.pass-wayland; }; }; - xdg.portal = { - enable = true; - xdgOpenUsePortal = true; - extraPortals = with pkgs; [ - xdg-desktop-portal-gtk - ]; - config.common.default = "*"; - }; - gtk = { enable = true; gtk3.extraConfig = { diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix index 1c3712a..2c2d39f 100644 --- a/users/modules/stylix.nix +++ b/users/modules/stylix.nix @@ -13,15 +13,15 @@ polarity = "dark"; base16Scheme = "${pkgs.base16-schemes}/share/themes/hardhacker.yaml"; cursor = { - package = pkgs.kdePackages.breeze-icons; - name = "Breeze_Light"; + package = pkgs.kdePackages.breeze; + name = "breeze_cursors"; size = 24; }; icons = { enable = true; package = pkgs.morewaita-icon-theme; - light = "adwaita"; - dark = "adwaita-dark"; + light = "MoreWaita"; + dark = "MoreWaita"; }; opacity = { applications = 1.0; From f2921c030b794230d869ec939b097c2d2ce6d18c Mon Sep 17 00:00:00 2001 From: William Date: Mon, 20 Oct 2025 10:08:52 -0300 Subject: [PATCH 038/206] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/9edb1787864c4f59ae5074ad498b6272b3ec308d?narHash=sha256-NA/FT2hVhKDftbHSwVnoRTFhes62%2B7dxZbxj5Gxvghs%3D' (2025-08-05) → 'github:ryantm/agenix/2f0f812f69f3eb4140157fe15e12739adf82e32a?narHash=sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L%2BVSybPfiIgzU8lbQ%3D' (2025-10-19) • Updated input 'dms': 'github:AvengeMedia/DankMaterialShell/5c816463973d52010839a882d95ea1a44d80c52a?narHash=sha256-ZNIieGgeSRcaok5W0Vre6fOtXVoebkoyBR2yrvhwues%3D' (2025-10-16) → 'github:AvengeMedia/DankMaterialShell/d38b98459a157a854cdcb14b8493a517c6416bac?narHash=sha256-mBK9Gwbslo7HASfFkfi%2B5RUEAYJ3SLeEdSZvpRBbsWM%3D' (2025-10-20) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/758cf7296bee11f1706a574c77d072b8a7baa881?narHash=sha256-wfG0S7pltlYyZTM%2BqqlhJ7GMw2fTF4mLKCIVhLii/4M%3D' (2025-10-01) → 'github:hercules-ci/flake-parts/864599284fc7c0ba6357ed89ed5e2cd5040f0c04?narHash=sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4%3D' (2025-10-20) • Updated input 'home-manager': 'github:nix-community/home-manager/c53e65ec92f38d30e3c14f8d628ab55d462947aa?narHash=sha256-zfY4F4CpeUjTGgecIJZ%2BM7vFpwLc0Gm9epM/iMQd4w8%3D' (2025-10-15) → 'github:nix-community/home-manager/189c21cf879669008ccf06e78a553f17e88d8ef0?narHash=sha256-nZh6uvc71nVNaf/y%2BwesnjwsmJ6IZZUnP2EzpZe48To%3D' (2025-10-20) • Updated input 'nixos-cli': 'github:nix-community/nixos-cli/437b586743c3d06b0a72893097395b10e70a2b7b?narHash=sha256-cFA87F149mDeogKjty5Kbk6Qy/RhMBr1fM3qEFbdTIg%3D' (2025-10-07) → 'github:nix-community/nixos-cli/c8f5ce1fd9bf151df74328795b6b2720e2e22d75?narHash=sha256-N%2BF4n1WYE3AWc/kmdqIz67GNX7PgyKosnmGYYx8vR9k%3D' (2025-10-19) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/544961dfcce86422ba200ed9a0b00dd4b1486ec5?narHash=sha256-EVAqOteLBFmd7pKkb0%2BFIUyzTF61VKi7YmvP1tw4nEw%3D' (2025-10-15) → 'github:nixos/nixpkgs/5e2a59a5b1a82f89f2c7e598302a9cacebb72a67?narHash=sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs%3D' (2025-10-19) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/a493e93b4a259cd9fea8073f89a7ed9b1c5a1da2?narHash=sha256-Tb%2BNYuJhWZieDZUxN6PgglB16yuqBYQeMJyYBGCXlt8%3D' (2025-10-14) → 'github:nixos/nixpkgs/33c6dca0c0cb31d6addcd34e90a63ad61826b28c?narHash=sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0%3D' (2025-10-19) • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/5a651a6a3bb5c9bd694adbd2c34f55b4abff9a2c?narHash=sha256-NufqXao2i6d7N1HFKp8hM8XAD8Q6s/zU2wNd065Ybus%3D' (2025-10-16) → 'github:0xc000022070/zen-browser-flake/596c3ac14be576b93f5db9252a1b0581e453ec9f?narHash=sha256-RehxVjBRC9EiBO36EPZROLHhVVSWFe3KEROhaEapboM%3D' (2025-10-20) --- flake.lock | 154 ++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 106 insertions(+), 48 deletions(-) diff --git a/flake.lock b/flake.lock index 64bae33..d5792a2 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1754433428, - "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", + "lastModified": 1760836749, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", + "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", "type": "github" }, "original": { @@ -185,11 +185,11 @@ "quickshell": "quickshell" }, "locked": { - "lastModified": 1760637129, - "narHash": "sha256-ZNIieGgeSRcaok5W0Vre6fOtXVoebkoyBR2yrvhwues=", + "lastModified": 1760965677, + "narHash": "sha256-mBK9Gwbslo7HASfFkfi+5RUEAYJ3SLeEdSZvpRBbsWM=", "owner": "AvengeMedia", "repo": "DankMaterialShell", - "rev": "5c816463973d52010839a882d95ea1a44d80c52a", + "rev": "d38b98459a157a854cdcb14b8493a517c6416bac", "type": "github" }, "original": { @@ -272,11 +272,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1759362264, - "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", + "lastModified": 1760948891, + "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "758cf7296bee11f1706a574c77d072b8a7baa881", + "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", "type": "github" }, "original": { @@ -406,11 +406,11 @@ ] }, "locked": { - "lastModified": 1760500983, - "narHash": "sha256-zfY4F4CpeUjTGgecIJZ+M7vFpwLc0Gm9epM/iMQd4w8=", + "lastModified": 1760929667, + "narHash": "sha256-nZh6uvc71nVNaf/y+wesnjwsmJ6IZZUnP2EzpZe48To=", "owner": "nix-community", "repo": "home-manager", - "rev": "c53e65ec92f38d30e3c14f8d628ab55d462947aa", + "rev": "189c21cf879669008ccf06e78a553f17e88d8ef0", "type": "github" }, "original": { @@ -457,20 +457,40 @@ } }, "niri": { + "inputs": { + "nixpkgs": "nixpkgs_2", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1760963745, + "narHash": "sha256-FVf9YFw2wQnMAxvMxEk+vFakXhPQUSapDpGmlLzAxjg=", + "owner": "baduhai", + "repo": "niri", + "rev": "dd3e3d1009991ecd87ab7253c9e7696acf2bc943", + "type": "github" + }, + "original": { + "owner": "baduhai", + "ref": "auto-center-when-space-available", + "repo": "niri", + "type": "github" + } + }, + "niri-flake": { "inputs": { "niri-stable": "niri-stable", "niri-unstable": "niri-unstable", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "nixpkgs-stable": "nixpkgs-stable", "xwayland-satellite-stable": "xwayland-satellite-stable", "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1760774008, - "narHash": "sha256-NchPYxFkN9XOOuocGXBmRFAh9NVFybmAev62zG1nL2A=", + "lastModified": 1760950171, + "narHash": "sha256-E2ySTu/oK7cYBdAI3tlGP9zVjF4mZgWJ1OZInBCMb00=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "27e012b4cd49e9ac438573ec7a6db3e5835828c3", + "rev": "f851a923137c0a54719412146fd63d24b3214e60", "type": "github" }, "original": { @@ -499,11 +519,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1760768097, - "narHash": "sha256-RvlONuKFKu+v7h/MorLONcPzXMMe6zs8aJUDOsfjr1I=", + "lastModified": 1760940149, + "narHash": "sha256-KbM47vD6E0cx+v4jYQZ8mD5N186AKm2CQlyh34TW58U=", "owner": "YaLTeR", "repo": "niri", - "rev": "8c8447918f4fd7bc6c86a8622b1db52417fbbbbd", + "rev": "b3245b81a6ed8edfaf5388a74d2e0a23c24941e5", "type": "github" }, "original": { @@ -531,8 +551,8 @@ "nix-options-doc": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_3", - "rust-overlay": "rust-overlay" + "nixpkgs": "nixpkgs_4", + "rust-overlay": "rust-overlay_2" }, "locked": { "lastModified": 1742115705, @@ -553,14 +573,14 @@ "inputs": { "flake-compat": "flake-compat_2", "nix-options-doc": "nix-options-doc", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1759846470, - "narHash": "sha256-cFA87F149mDeogKjty5Kbk6Qy/RhMBr1fM3qEFbdTIg=", + "lastModified": 1760856139, + "narHash": "sha256-N+F4n1WYE3AWc/kmdqIz67GNX7PgyKosnmGYYx8vR9k=", "owner": "nix-community", "repo": "nixos-cli", - "rev": "437b586743c3d06b0a72893097395b10e70a2b7b", + "rev": "c8f5ce1fd9bf151df74328795b6b2720e2e22d75", "type": "github" }, "original": { @@ -602,11 +622,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1760580664, - "narHash": "sha256-/YdfibIrnqXAL8p5kqCU345mzpHoOtuVIkMiI2pF4Dc=", + "lastModified": 1760862643, + "narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "98ff3f9af2684f6136c24beef08f5e2033fc5389", + "rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c", "type": "github" }, "original": { @@ -618,11 +638,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1760423683, - "narHash": "sha256-Tb+NYuJhWZieDZUxN6PgglB16yuqBYQeMJyYBGCXlt8=", + "lastModified": 1760862643, + "narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a493e93b4a259cd9fea8073f89a7ed9b1c5a1da2", + "rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c", "type": "github" }, "original": { @@ -634,11 +654,27 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1760524057, - "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "lastModified": 1757967192, + "narHash": "sha256-/aA9A/OBmnuOMgwfzdsXRusqzUpd8rQnQY8jtrHK+To=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", + "rev": "0d7c15863b251a7a50265e57c1dca1a7add2e291", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1760878510, + "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", "type": "github" }, "original": { @@ -648,7 +684,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1740695751, "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", @@ -664,7 +700,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -680,13 +716,13 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { - "lastModified": 1760524057, - "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "lastModified": 1760878510, + "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", + "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", "type": "github" }, "original": { @@ -696,7 +732,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1758690382, "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", @@ -712,7 +748,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1755615617, "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", @@ -785,15 +821,37 @@ "home-manager-stable": "home-manager-stable", "impermanence": "impermanence", "niri": "niri", + "niri-flake": "niri-flake", "nix-flatpak": "nix-flatpak", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "nixpkgs-stable": "nixpkgs-stable_2", "stylix": "stylix", "zen-browser": "zen-browser" } }, "rust-overlay": { + "inputs": { + "nixpkgs": [ + "niri", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1757989933, + "narHash": "sha256-9cpKYWWPCFhgwQTww8S94rTXgg8Q8ydFv9fXM6I8xQM=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "8249aa3442fb9b45e615a35f39eca2fe5510d7c3", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_2": { "inputs": { "nixpkgs": [ "nixos-cli", @@ -824,7 +882,7 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_2", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "nur": "nur", "systems": "systems_4", "tinted-foot": "tinted-foot", @@ -1042,14 +1100,14 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_8" }, "locked": { - "lastModified": 1760588585, - "narHash": "sha256-NufqXao2i6d7N1HFKp8hM8XAD8Q6s/zU2wNd065Ybus=", + "lastModified": 1760934351, + "narHash": "sha256-RehxVjBRC9EiBO36EPZROLHhVVSWFe3KEROhaEapboM=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "5a651a6a3bb5c9bd694adbd2c34f55b4abff9a2c", + "rev": "596c3ac14be576b93f5db9252a1b0581e453ec9f", "type": "github" }, "original": { From 0758864078ceed3b767efb0e7997de933201d267 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 20 Oct 2025 10:29:16 -0300 Subject: [PATCH 039/206] niri fully in home manager now --- flake.nix | 4 +- homeConfigurations.nix | 2 + hosts/modules/desktop/desktop.nix | 10 +- users/modules/{ => desktop}/desktop.nix | 19 +- users/modules/desktop/niri.nix | 222 ++++++++++++++++++++++++ users/modules/stylix.nix | 10 +- utils.nix | 3 +- 7 files changed, 248 insertions(+), 22 deletions(-) rename users/modules/{ => desktop}/desktop.nix (78%) create mode 100644 users/modules/desktop/niri.nix diff --git a/flake.nix b/flake.nix index b9ca962..fc1c117 100644 --- a/flake.nix +++ b/flake.nix @@ -43,7 +43,9 @@ deploy-rs.url = "github:serokell/deploy-rs"; - niri.url = "github:sodiboo/niri-flake"; + niri-flake.url = "github:sodiboo/niri-flake"; + + niri.url = "github:baduhai/niri/auto-center-when-space-available"; }; outputs = diff --git a/homeConfigurations.nix b/homeConfigurations.nix index 422681d..a6866c8 100644 --- a/homeConfigurations.nix +++ b/homeConfigurations.nix @@ -10,6 +10,7 @@ in flake.homeConfigurations = { "user@rotterdam" = mkHome { username = "user"; + hostname = "rotterdam"; tags = [ "btop" "desktop" @@ -25,6 +26,7 @@ in "user@io" = mkHome { username = "user"; + hostname = "io"; tags = [ "btop" "desktop" diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 045c088..f3a9f3a 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -1,4 +1,5 @@ { + config, inputs, lib, pkgs, @@ -7,7 +8,7 @@ { imports = [ - inputs.niri.nixosModules.niri + inputs.niri-flake.nixosModules.niri inputs.nix-flatpak.nixosModules.nix-flatpak ]; @@ -72,11 +73,11 @@ enable = true; settings = { default_session = { - command = "${lib.getExe pkgs.tuigreet} --time --remember --asterisks --cmd ${pkgs.niri}/bin/niri-session"; + command = "${lib.getExe pkgs.tuigreet} --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; user = "greeter"; }; initial_session = { - command = "${lib.getExe pkgs.niri}"; + command = "${config.programs.niri.package}/bin/niri-session"; user = "user"; }; }; @@ -116,10 +117,9 @@ programs = { niri = { enable = true; - package = pkgs.niri; + package = inputs.niri.packages.${pkgs.system}.niri; }; dconf.enable = true; - kdeconnect.enable = true; appimage = { enable = true; binfmt = true; diff --git a/users/modules/desktop.nix b/users/modules/desktop/desktop.nix similarity index 78% rename from users/modules/desktop.nix rename to users/modules/desktop/desktop.nix index f2517f3..ab84c77 100644 --- a/users/modules/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -1,25 +1,11 @@ { inputs, pkgs, ... }: { - imports = [ - inputs.dms.homeModules.dankMaterialShell.default - inputs.zen-browser.homeModules.beta - ]; - fonts.fontconfig.enable = true; home.packages = with pkgs; [ xwayland-satellite ]; programs = { - dankMaterialShell = { - enable = true; - enableVPN = false; - }; - - zen-browser = { - enable = true; - profiles.william = { }; - }; ghostty = { enable = true; @@ -42,6 +28,11 @@ }; }; + services.kdeconnect = { + enable = true; + indicator = true; + }; + gtk = { enable = true; gtk3.extraConfig = { diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix new file mode 100644 index 0000000..07ce11e --- /dev/null +++ b/users/modules/desktop/niri.nix @@ -0,0 +1,222 @@ +{ + inputs, + pkgs, + hostname ? null, + ... +}: + +let + isRotterdam = hostname == "rotterdam"; +in + +{ + imports = [ + inputs.dms.homeModules.dankMaterialShell.default + ]; + + home.packages = with pkgs; [ xwayland-satellite ]; + + programs.dankMaterialShell = { + enable = true; + enableVPN = false; + }; + + xdg.configFile."niri/config.kdl".text = '' + input { + keyboard { + xkb { + layout "us" + variant "altgr-intl" + } + } + touchpad { + tap + dwt + drag true + drag-lock + natural-scroll + accel-speed 0.2 + accel-profile "flat" + scroll-method "two-finger" + middle-emulation + } + mouse { + natural-scroll + accel-speed 0.2 + accel-profile "flat" + } + warp-mouse-to-focus mode="center-xy" + focus-follows-mouse + } + + layout { + gaps 8 + center-focused-column "never" + auto-center-when-space-available + preset-column-widths { + ${ + if isRotterdam then + '' + proportion 0.33333 + proportion 0.5 + proportion 0.66667 + '' + else + '' + proportion 0.5 + proportion 1 + '' + } + } + default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } + focus-ring { + off + } + border { + width 4 + active-color "#ffc87f" + inactive-color "#505050" + urgent-color "#9b0000" + } + tab-indicator { + width 4 + gap 4 + place-within-column + } + struts { + left 8 + right 8 + } + } + + overview { + zoom 0.65 + } + + spawn-at-startup "bash" "-c" "wl-paste --watch cliphist store &" + spawn-at-startup "dms" "run" + layer-rule { + match namespace="^wallpaper$" + place-within-backdrop true + } + + spawn-at-startup "xwayland-satellite" + environment { + DISPLAY ":0" + } + + hotkey-overlay { + skip-at-startup + } + + prefer-no-csd + screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" + + animations { + slowdown 0.3 + } + + // open zen at half window width + window-rule { + match app-id="zen" + default-column-width { proportion ${if isRotterdam then "0.5" else "1"}; } + } + + window-rule { + geometry-corner-radius 12 + clip-to-geometry true + } + + config-notification { + disable-failed + } + + binds { + Mod+Return { spawn "ghostty"; } + Alt+Space { spawn "dms" "ipc" "call" "spotlight" "toggle"; } + XF86AudioRaiseVolume allow-when-locked=true { spawn "dms" "ipc" "call" "audio" "increment" "5"; } + XF86AudioLowerVolume allow-when-locked=true { spawn "dms" "ipc" "call" "audio" "decrement" "5"; } + XF86AudioMute allow-when-locked=true { spawn "dms" "ipc" "call" "audio" "mute"; } + XF86AudioMicMute allow-when-locked=true { spawn "dms" "ipc" "call" "audio" "micmute"; } + XF86MonBrightnessUp allow-when-locked=true { spawn "dms" "ipc" "call" "brightness" "increment" "5" ""; } + XF86MonBrightnessDown allow-when-locked=true { spawn "dms" "ipc" "call" "brightness" "decrement" "5" ""; } + Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } + Mod+W repeat=false { toggle-overview; } + Mod+Q { close-window; } + Super+Shift+L hotkey-overlay-title="Lock Screen" { spawn "dms" "ipc" "call" "lock" "lock"; } + Mod+Shift+Q { close-window; } + Mod+V hotkey-overlay-title="Clipboard Manager" { spawn "dms" "ipc" "call" "clipboard" "toggle"; } + Mod+M hotkey-overlay-title="Task Manager" { spawn "dms" "ipc" "call" "processlist" "toggle"; } + Alt+F4 { close-window; } + Mod+Left { focus-column-left; } + Mod+Down { focus-window-down; } + Mod+Up { focus-window-up; } + Mod+Right { focus-column-right; } + Mod+H { focus-column-left; } + Mod+L { focus-column-right; } + Mod+J { focus-window-down; } + Mod+K { focus-window-up; } + Ctrl+Alt+J { focus-workspace-down; } + Ctrl+Alt+K { focus-workspace-up; } + Ctrl+Alt+Down { focus-workspace-down; } + Ctrl+Alt+Up { focus-workspace-up; } + Mod+Ctrl+Left { move-column-left; } + Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } + Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } + Mod+Ctrl+Right { move-column-right; } + Mod+Ctrl+H { move-column-left; } + Mod+Ctrl+J { move-window-down-or-to-workspace-down; } + Mod+Ctrl+K { move-window-up-or-to-workspace-up; } + Mod+Ctrl+L { move-column-right; } + Mod+Home { focus-column-first; } + Mod+End { focus-column-last; } + Mod+Ctrl+Home { move-column-to-first; } + Mod+Ctrl+End { move-column-to-last; } + Mod+Alt+Left { focus-monitor-left; } + Mod+Alt+Down { focus-monitor-down; } + Mod+Alt+Up { focus-monitor-up; } + Mod+Alt+Right { focus-monitor-right; } + Mod+Alt+H { focus-monitor-left; } + Mod+Alt+J { focus-monitor-down; } + Mod+Alt+K { focus-monitor-up; } + Mod+Alt+L { focus-monitor-right; } + Mod+Alt+Ctrl+Left { move-column-to-monitor-left; } + Mod+Alt+Ctrl+Down { move-column-to-monitor-down; } + Mod+Alt+Ctrl+Up { move-column-to-monitor-up; } + Mod+Alt+Ctrl+Right { move-column-to-monitor-right; } + Mod+Alt+Ctrl+H { move-column-to-monitor-left; } + Mod+Alt+Ctrl+J { move-column-to-monitor-down; } + Mod+Alt+Ctrl+K { move-column-to-monitor-up; } + Mod+Alt+Ctrl+L { move-column-to-monitor-right; } + Mod+Ctrl+U { move-workspace-down; } + Mod+Ctrl+I { move-workspace-up; } + Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; } + Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; } + Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; } + Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; } + Mod+Shift+WheelScrollDown { focus-column-right; } + Mod+Shift+WheelScrollUp { focus-column-left; } + Mod+Ctrl+Shift+WheelScrollDown { move-column-right; } + Mod+Ctrl+Shift+WheelScrollUp { move-column-left; } + Mod+BracketLeft { consume-or-expel-window-left; } + Mod+BracketRight { consume-or-expel-window-right; } + Mod+Comma { consume-window-into-column; } + Mod+Period { expel-window-from-column; } + Mod+R { switch-preset-column-width; } + Mod+F { maximize-column; } + Mod+Ctrl+F { fullscreen-window; } + Mod+C { center-visible-columns; } + Mod+Ctrl+C { center-column; } + Mod+Space { toggle-window-floating; } + Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; } + Mod+T { toggle-column-tabbed-display; } + Print { screenshot-screen; } + Mod+Print { screenshot; } + Ctrl+Print { screenshot-window; } + Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } + Mod+Shift+E { spawn "dms" "ipc" "call" "powermenu" "toggle"; } + Ctrl+Alt+Delete { spawn "dms" "ipc" "call" "powermenu" "toggle"; } + Mod+Ctrl+P { power-off-monitors; } + } + ''; +} diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix index 2c2d39f..d59e355 100644 --- a/users/modules/stylix.nix +++ b/users/modules/stylix.nix @@ -6,7 +6,10 @@ }: { - imports = [ inputs.stylix.homeModules.stylix ]; + imports = [ + inputs.stylix.homeModules.stylix + inputs.zen-browser.homeModules.beta + ]; stylix = { enable = true; @@ -58,4 +61,9 @@ profileNames = [ "william" ]; }; }; + + programs.zen-browser = { + enable = true; + profiles.william = { }; + }; } diff --git a/utils.nix b/utils.nix index 1f2c66c..38cf968 100644 --- a/utils.nix +++ b/utils.nix @@ -102,6 +102,7 @@ in mkHome = { username, + hostname ? null, homeDirectory ? "/home/${username}", tags ? [ ], extraModules ? [ ], @@ -165,7 +166,7 @@ in home-manager.lib.homeManagerConfiguration { inherit pkgs; extraSpecialArgs = { - inherit inputs; + inherit inputs hostname; userTags = allTags; }; modules = allModules ++ [ From d931282a3575dd1e7432b55a11caf8d5b967cccc Mon Sep 17 00:00:00 2001 From: William Date: Mon, 20 Oct 2025 10:34:38 -0300 Subject: [PATCH 040/206] fix niri config spacing --- users/modules/desktop/niri.nix | 7 +++---- users/user/git.nix | 19 +++++++++++++------ 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 07ce11e..321f701 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -58,13 +58,13 @@ in if isRotterdam then '' proportion 0.33333 - proportion 0.5 - proportion 0.66667 + proportion 0.5 + proportion 0.66667 '' else '' proportion 0.5 - proportion 1 + proportion 1 '' } } @@ -116,7 +116,6 @@ in slowdown 0.3 } - // open zen at half window width window-rule { match app-id="zen" default-column-width { proportion ${if isRotterdam then "0.5" else "1"}; } diff --git a/users/user/git.nix b/users/user/git.nix index fcafc00..9c1fb20 100644 --- a/users/user/git.nix +++ b/users/user/git.nix @@ -1,10 +1,17 @@ { pkgs, ... }: { - programs.git = { - enable = true; - diff-so-fancy.enable = true; - userName = "William"; - userEmail = "baduhai@proton.me"; + programs = { + git = { + enable = true; + settings.user = { + name = "William"; + email = "baduhai@proton.me"; + }; + }; + diff-so-fancy = { + enable = true; + enableGitIntegration = true; + }; }; -} \ No newline at end of file +} From 5006f6fc95b9b4a00e660cbceeca075d6e5d6b51 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 20 Oct 2025 11:41:15 -0300 Subject: [PATCH 041/206] local build on io deploy --- deploy.nix | 54 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 28 insertions(+), 26 deletions(-) diff --git a/deploy.nix b/deploy.nix index 40a21e9..187c92f 100644 --- a/deploy.nix +++ b/deploy.nix @@ -4,40 +4,42 @@ remoteBuild = true; nodes = { alexandria = { - hostname = "alexandria"; - profiles.system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; - user = "root"; - }; - }; - - trantor = { - hostname = "trantor"; - profiles.system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.trantor; - user = "root"; - }; - }; - - io = { - hostname = "io"; - profiles = { - system = { + hostname = "alexandria"; + profiles.system = { sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.io; + path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; user = "root"; }; - user = { + }; + + trantor = { + hostname = "trantor"; + profiles.system = { sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations."user@io"; - user = "user"; + path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.trantor; + user = "root"; + }; + }; + + io = { + hostname = "io"; + profiles = { + system = { + sshUser = "user"; + path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.io; + user = "root"; + remoteBuild = false; + }; + user = { + sshUser = "user"; + path = inputs.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations."user@io"; + user = "user"; + remoteBuild = false; + }; }; }; }; }; -}; perSystem = { system, ... }: { From 8600145275f81860d1e4074ad89735061f12097d Mon Sep 17 00:00:00 2001 From: William Date: Mon, 20 Oct 2025 11:58:43 -0300 Subject: [PATCH 042/206] niri proportions and scaling --- users/modules/desktop/niri.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 321f701..d7c4df2 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -22,6 +22,14 @@ in }; xdg.configFile."niri/config.kdl".text = '' + output "eDP-1" { + scale 1.0 + } + + output "DP-3" { + scale 1.0 + } + input { keyboard { xkb { @@ -64,7 +72,7 @@ in else '' proportion 0.5 - proportion 1 + proportion 1.0 '' } } @@ -118,7 +126,7 @@ in window-rule { match app-id="zen" - default-column-width { proportion ${if isRotterdam then "0.5" else "1"}; } + default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; } } window-rule { From 6d3ceccf934762ace497e0e80032579c0c99c82e Mon Sep 17 00:00:00 2001 From: William Date: Mon, 20 Oct 2025 14:10:18 -0300 Subject: [PATCH 043/206] finalising niri config on io --- flake.lock | 21 +++++++++++++++++++++ flake.nix | 5 +++++ homeConfigurations.nix | 6 ++++-- hosts/modules/desktop/desktop.nix | 1 + users/modules/comma.nix | 7 +++++++ users/modules/desktop/desktop.nix | 13 ++++++++++++- users/modules/desktop/niri.nix | 1 + 7 files changed, 51 insertions(+), 3 deletions(-) create mode 100644 users/modules/comma.nix diff --git a/flake.lock b/flake.lock index d5792a2..a742089 100644 --- a/flake.lock +++ b/flake.lock @@ -548,6 +548,26 @@ "type": "github" } }, + "nix-index-database": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1760846226, + "narHash": "sha256-xmU8kAsRprJiTGBTaGrwmjBP3AMA9ltlrxHKFuy5JWc=", + "owner": "nix-community", + "repo": "nix-index-database", + "rev": "5024e1901239a76b7bf94a4cd27f3507e639d49e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-index-database", + "type": "github" + } + }, "nix-options-doc": { "inputs": { "flake-utils": "flake-utils", @@ -823,6 +843,7 @@ "niri": "niri", "niri-flake": "niri-flake", "nix-flatpak": "nix-flatpak", + "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", "nixpkgs": "nixpkgs_6", "nixpkgs-stable": "nixpkgs-stable_2", diff --git a/flake.nix b/flake.nix index fc1c117..07e2353 100644 --- a/flake.nix +++ b/flake.nix @@ -46,6 +46,11 @@ niri-flake.url = "github:sodiboo/niri-flake"; niri.url = "github:baduhai/niri/auto-center-when-space-available"; + + nix-index-database = { + url = "github:nix-community/nix-index-database"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = diff --git a/homeConfigurations.nix b/homeConfigurations.nix index a6866c8..296abfa 100644 --- a/homeConfigurations.nix +++ b/homeConfigurations.nix @@ -12,8 +12,9 @@ in username = "user"; hostname = "rotterdam"; tags = [ - "btop" "desktop" + "btop" + "comma" "direnv" "gaming" "helix" @@ -28,8 +29,9 @@ in username = "user"; hostname = "io"; tags = [ - "btop" "desktop" + "btop" + "comma" "direnv" "helix" "starship" diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index f3a9f3a..1c1b6c9 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -102,6 +102,7 @@ uninstallUnmanaged = true; update.auto.enable = true; }; + gvfs.enable = true; }; security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority diff --git a/users/modules/comma.nix b/users/modules/comma.nix new file mode 100644 index 0000000..0aad530 --- /dev/null +++ b/users/modules/comma.nix @@ -0,0 +1,7 @@ +{ inputs, ... }: + +{ + imports = [ inputs.nix-index-database.homeModules.nix-index ]; + + programs.nix-index-database.comma.enable = true; +} diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index ab84c77..21a9451 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -1,4 +1,9 @@ -{ inputs, pkgs, ... }: +{ + config, + inputs, + pkgs, + ... +}: { fonts.fontconfig.enable = true; @@ -18,6 +23,7 @@ sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; }}"; bell-features = "border"; + gtk-titlebar-style = "tabs"; keybind = [ "shift+enter=esc:\\x1b[13;2u" ]; }; }; @@ -42,4 +48,9 @@ gtk-decoration-layout = "appmenu:"; }; }; + + xdg = { + enable = true; + userDirs.enable = true; + }; } diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index d7c4df2..4bab001 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -150,6 +150,7 @@ in Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } Mod+W repeat=false { toggle-overview; } Mod+Q { close-window; } + Alt+Shift+Q { close-window;} Super+Shift+L hotkey-overlay-title="Lock Screen" { spawn "dms" "ipc" "call" "lock" "lock"; } Mod+Shift+Q { close-window; } Mod+V hotkey-overlay-title="Clipboard Manager" { spawn "dms" "ipc" "call" "clipboard" "toggle"; } From 831b9c95cdd4d9b27218045ebdd7b121550d778d Mon Sep 17 00:00:00 2001 From: William Date: Mon, 20 Oct 2025 17:38:05 -0300 Subject: [PATCH 044/206] better-control for desktops --- hosts/modules/desktop/desktop.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 1c1b6c9..d3e8083 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -43,6 +43,7 @@ plasticity ### System Utilities ### adwaita-icon-theme + better-control ghostty gnome-disk-utility junction From a6aa171a4d8fb9e2ec954ac5af85971428e7c7a5 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 20 Oct 2025 19:49:28 -0300 Subject: [PATCH 045/206] nocatlia > dankMaterialShell --- flake.lock | 120 +++++++++++++-------------------- flake.nix | 4 +- users/modules/desktop/niri.nix | 39 +++++------ 3 files changed, 65 insertions(+), 98 deletions(-) diff --git a/flake.lock b/flake.lock index a742089..8271d66 100644 --- a/flake.lock +++ b/flake.lock @@ -133,27 +133,6 @@ "type": "github" } }, - "dgop": { - "inputs": { - "nixpkgs": [ - "dms", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1760238269, - "narHash": "sha256-7CeGZM/Z/5Qt3AYByCRohGYGR1MRuXYzTTbkV/JxyAs=", - "owner": "AvengeMedia", - "repo": "dgop", - "rev": "95acdfce2d323e28fa8f5a4f345160962034f2b5", - "type": "github" - }, - "original": { - "owner": "AvengeMedia", - "repo": "dgop", - "type": "github" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -175,50 +154,6 @@ "type": "github" } }, - "dms": { - "inputs": { - "dgop": "dgop", - "dms-cli": "dms-cli", - "nixpkgs": [ - "nixpkgs" - ], - "quickshell": "quickshell" - }, - "locked": { - "lastModified": 1760965677, - "narHash": "sha256-mBK9Gwbslo7HASfFkfi+5RUEAYJ3SLeEdSZvpRBbsWM=", - "owner": "AvengeMedia", - "repo": "DankMaterialShell", - "rev": "d38b98459a157a854cdcb14b8493a517c6416bac", - "type": "github" - }, - "original": { - "owner": "AvengeMedia", - "repo": "DankMaterialShell", - "type": "github" - } - }, - "dms-cli": { - "inputs": { - "nixpkgs": [ - "dms", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1760241259, - "narHash": "sha256-DlLGn+4M6tIafoDsHr2WhHG2hrHrC24S2IL3+KAvjEU=", - "owner": "AvengeMedia", - "repo": "danklinux", - "rev": "dae4c3ff4ce0feb930361c399747edb29d081775", - "type": "github" - }, - "original": { - "owner": "AvengeMedia", - "repo": "danklinux", - "type": "github" - } - }, "firefox-gnome-theme": { "flake": false, "locked": { @@ -784,6 +719,28 @@ "type": "github" } }, + "noctalia": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "quickshell": "quickshell", + "systems": "systems_4" + }, + "locked": { + "lastModified": 1760981626, + "narHash": "sha256-SqBuR0BsZnXopIA8T1Fh8V4hf54pOPoMRwnkML3HGi0=", + "owner": "noctalia-dev", + "repo": "noctalia-shell", + "rev": "73267d1d37b60c963fc4f938acab1eef8a655fe7", + "type": "github" + }, + "original": { + "owner": "noctalia-dev", + "repo": "noctalia-shell", + "type": "github" + } + }, "nur": { "inputs": { "flake-parts": [ @@ -812,22 +769,22 @@ "quickshell": { "inputs": { "nixpkgs": [ - "dms", + "noctalia", "nixpkgs" ] }, "locked": { - "lastModified": 1760228179, - "narHash": "sha256-4Z6k7lv3Zcgk3K+4h60LpqB9wCkR+utkYERU735U068=", + "lastModified": 1753595452, + "narHash": "sha256-vqkSDvh7hWhPvNjMjEDV4KbSCv2jyl2Arh73ZXe274k=", "ref": "refs/heads/master", - "rev": "c9d3ffb6043c5bf3f3009202bad7e0e5132c4a25", - "revCount": 693, + "rev": "a5431dd02dc23d9ef1680e67777fed00fe5f7cda", + "revCount": 665, "type": "git", - "url": "https://git.outfoxxed.me/quickshell/quickshell" + "url": "https://git.outfoxxed.me/outfoxxed/quickshell" }, "original": { "type": "git", - "url": "https://git.outfoxxed.me/quickshell/quickshell" + "url": "https://git.outfoxxed.me/outfoxxed/quickshell" } }, "root": { @@ -835,7 +792,6 @@ "agenix": "agenix", "deploy-rs": "deploy-rs", "disko": "disko", - "dms": "dms", "flake-parts": "flake-parts", "home-manager": "home-manager_2", "home-manager-stable": "home-manager-stable", @@ -847,6 +803,7 @@ "nixos-cli": "nixos-cli", "nixpkgs": "nixpkgs_6", "nixpkgs-stable": "nixpkgs-stable_2", + "noctalia": "noctalia", "stylix": "stylix", "zen-browser": "zen-browser" } @@ -905,7 +862,7 @@ "gnome-shell": "gnome-shell", "nixpkgs": "nixpkgs_7", "nur": "nur", - "systems": "systems_4", + "systems": "systems_5", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -986,6 +943,21 @@ "type": "github" } }, + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tinted-foot": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 07e2353..78ff944 100644 --- a/flake.nix +++ b/flake.nix @@ -26,8 +26,8 @@ inputs.nixpkgs.follows = "nixpkgs-stable"; }; - dms = { - url = "github:AvengeMedia/DankMaterialShell"; + noctalia = { + url = "github:noctalia-dev/noctalia-shell"; inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 4bab001..517805f 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -1,5 +1,6 @@ { inputs, + lib, pkgs, hostname ? null, ... @@ -7,20 +8,12 @@ let isRotterdam = hostname == "rotterdam"; + noctalia = "${lib.getExe inputs.noctalia.packages.${pkgs.system}.default}"; in { - imports = [ - inputs.dms.homeModules.dankMaterialShell.default - ]; - home.packages = with pkgs; [ xwayland-satellite ]; - programs.dankMaterialShell = { - enable = true; - enableVPN = false; - }; - xdg.configFile."niri/config.kdl".text = '' output "eDP-1" { scale 1.0 @@ -102,11 +95,15 @@ in } spawn-at-startup "bash" "-c" "wl-paste --watch cliphist store &" - spawn-at-startup "dms" "run" + spawn-at-startup "${noctalia}" layer-rule { match namespace="^wallpaper$" place-within-backdrop true } + layer-rule { + match namespace="^quickshell-overview$" + place-within-backdrop true + } spawn-at-startup "xwayland-satellite" environment { @@ -139,22 +136,20 @@ in } binds { + Alt+Space { spawn "${noctalia}" "ipc" "call" "launcher" "toggle"; } + XF86AudioRaiseVolume { spawn "${noctalia}" "ipc" "call" "volume" "increase"; } + XF86AudioLowerVolume { spawn "${noctalia}" "ipc" "call" "volume" "decrease"; } + XF86AudioMute { spawn "${noctalia}" "ipc" "call" "volume" "muteOutput"; } + XF86MonBrightnessUp { spawn "${noctalia}" "ipc" "call" "brightness" "increase"; } + XF86MonBrightnessDown { spawn "${noctalia}" "ipc" "call" "brightness" "decrease"; } + Mod+V { spawn "${noctalia}" "ipc" "call" "launcher" "clipboard"; } + Mod+Shift+L { spawn "${noctalia}" "ipc" "call" "lockScreen" "toggle"; } Mod+Return { spawn "ghostty"; } - Alt+Space { spawn "dms" "ipc" "call" "spotlight" "toggle"; } - XF86AudioRaiseVolume allow-when-locked=true { spawn "dms" "ipc" "call" "audio" "increment" "5"; } - XF86AudioLowerVolume allow-when-locked=true { spawn "dms" "ipc" "call" "audio" "decrement" "5"; } - XF86AudioMute allow-when-locked=true { spawn "dms" "ipc" "call" "audio" "mute"; } - XF86AudioMicMute allow-when-locked=true { spawn "dms" "ipc" "call" "audio" "micmute"; } - XF86MonBrightnessUp allow-when-locked=true { spawn "dms" "ipc" "call" "brightness" "increment" "5" ""; } - XF86MonBrightnessDown allow-when-locked=true { spawn "dms" "ipc" "call" "brightness" "decrement" "5" ""; } Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } Mod+W repeat=false { toggle-overview; } Mod+Q { close-window; } Alt+Shift+Q { close-window;} - Super+Shift+L hotkey-overlay-title="Lock Screen" { spawn "dms" "ipc" "call" "lock" "lock"; } Mod+Shift+Q { close-window; } - Mod+V hotkey-overlay-title="Clipboard Manager" { spawn "dms" "ipc" "call" "clipboard" "toggle"; } - Mod+M hotkey-overlay-title="Task Manager" { spawn "dms" "ipc" "call" "processlist" "toggle"; } Alt+F4 { close-window; } Mod+Left { focus-column-left; } Mod+Down { focus-window-down; } @@ -222,8 +217,8 @@ in Mod+Print { screenshot; } Ctrl+Print { screenshot-window; } Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } - Mod+Shift+E { spawn "dms" "ipc" "call" "powermenu" "toggle"; } - Ctrl+Alt+Delete { spawn "dms" "ipc" "call" "powermenu" "toggle"; } + Mod+Alt+E { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } + Ctrl+Alt+Delete { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } Mod+Ctrl+P { power-off-monitors; } } ''; From 8fc3e89e56bf0c68dd6083086008a53aeafa0da2 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 07:15:35 -0300 Subject: [PATCH 046/206] noctalia variable for icons pack --- users/modules/desktop/niri.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 517805f..fe40e1c 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -14,6 +14,10 @@ in { home.packages = with pkgs; [ xwayland-satellite ]; + home.sessionVariables = { + QT_QPA_PLATFORMTHEME = "gtk3"; + }; + xdg.configFile."niri/config.kdl".text = '' output "eDP-1" { scale 1.0 From c32c37596fec2710cc6b5a4de616ab68f341e815 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 07:22:35 -0300 Subject: [PATCH 047/206] io needs battery management --- hosts/io/services.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/io/services.nix b/hosts/io/services.nix index 3703ba3..90fb737 100644 --- a/hosts/io/services.nix +++ b/hosts/io/services.nix @@ -48,6 +48,7 @@ }; }; }; + upower.enable = true; }; # TODO: remove once gmodena/nix-flatpak/issues/45 fixed From 5969f2ba9fda4666fdcda8493f26e3fb5796e873 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 10:22:05 -0300 Subject: [PATCH 048/206] default desktop programs --- hosts/modules/desktop/desktop.nix | 8 +- users/modules/desktop/desktop.nix | 118 +++++++++++++++++++++++++++--- 2 files changed, 112 insertions(+), 14 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index d3e8083..c265af7 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -21,9 +21,9 @@ ### Web ### bitwarden-desktop brave + fragments nextcloud-client tor-browser - qbittorrent vesktop inputs.zen-browser.packages."${system}".default ### Office & Productivity ### @@ -39,7 +39,6 @@ ### Graphics & Design ### gimp inkscape - loupe plasticity ### System Utilities ### adwaita-icon-theme @@ -55,9 +54,10 @@ toggleaudiosink unrar ### Media ### - mpv + decibels + loupe obs-studio - qview + showtime ]; }; diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index 21a9451..16e2a82 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -39,18 +39,116 @@ indicator = true; }; - gtk = { - enable = true; - gtk3.extraConfig = { - gtk-decoration-layout = "appmenu:"; - }; - gtk4.extraConfig = { - gtk-decoration-layout = "appmenu:"; - }; - }; - xdg = { enable = true; userDirs.enable = true; + + mimeApps = { + enable = true; + defaultApplications = { + # Web browsing (priority: Junction > Zen > Brave > Tor) + "text/html" = [ + "com.github.timecraft.junction.desktop" + "zen-browser.desktop" + "brave-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/http" = [ + "com.github.timecraft.junction.desktop" + "zen-browser.desktop" + "brave-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/https" = [ + "com.github.timecraft.junction.desktop" + "zen-browser.desktop" + "brave-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/about" = [ + "com.github.timecraft.junction.desktop" + "zen-browser.desktop" + "brave-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/unknown" = [ + "com.github.timecraft.junction.desktop" + "zen-browser.desktop" + "brave-browser.desktop" + "torbrowser.desktop" + ]; + + # Images + "image/jpeg" = "org.gnome.Loupe.desktop"; + "image/png" = "org.gnome.Loupe.desktop"; + "image/gif" = "org.gnome.Loupe.desktop"; + "image/webp" = "org.gnome.Loupe.desktop"; + "image/bmp" = "org.gnome.Loupe.desktop"; + "image/svg+xml" = "org.gnome.Loupe.desktop"; + "image/tiff" = "org.gnome.Loupe.desktop"; + + # Video + "video/mp4" = "io.bassi.Showtime.desktop"; + "video/x-matroska" = "io.bassi.Showtime.desktop"; + "video/webm" = "io.bassi.Showtime.desktop"; + "video/mpeg" = "io.bassi.Showtime.desktop"; + "video/x-msvideo" = "io.bassi.Showtime.desktop"; + "video/quicktime" = "io.bassi.Showtime.desktop"; + "video/x-flv" = "io.bassi.Showtime.desktop"; + + # Audio + "audio/mpeg" = "io.bassi.Showtime.desktop"; + "audio/flac" = "io.bassi.Showtime.desktop"; + "audio/ogg" = "io.bassi.Showtime.desktop"; + "audio/wav" = "io.bassi.Showtime.desktop"; + "audio/mp4" = "io.bassi.Showtime.desktop"; + "audio/x-opus+ogg" = "io.bassi.Showtime.desktop"; + + # PDF and documents (priority: Papers > Zen Browser) + "application/pdf" = [ + "org.gnome.Papers.desktop" + "zen-browser.desktop" + ]; + + # Text files (Ghostty + Helix) + "text/plain" = "Helix.desktop"; + "text/markdown" = "Helix.desktop"; + "text/x-log" = "Helix.desktop"; + "application/x-shellscript" = "Helix.desktop"; + + # Office documents + "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = + "onlyoffice-desktopeditors.desktop"; # DOCX + "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = + "onlyoffice-desktopeditors.desktop"; # XLSX + "application/vnd.openxmlformats-officedocument.presentationml.presentation" = + "onlyoffice-desktopeditors.desktop"; # PPTX + "application/vnd.oasis.opendocument.text" = "onlyoffice-desktopeditors.desktop"; # ODT + "application/vnd.oasis.opendocument.spreadsheet" = "onlyoffice-desktopeditors.desktop"; # ODS + "application/vnd.oasis.opendocument.presentation" = "onlyoffice-desktopeditors.desktop"; # ODP + "application/msword" = "onlyoffice-desktopeditors.desktop"; # DOC + "application/vnd.ms-excel" = "onlyoffice-desktopeditors.desktop"; # XLS + "application/vnd.ms-powerpoint" = "onlyoffice-desktopeditors.desktop"; # PPT + + # Archives + "application/zip" = "org.gnome.FileRoller.desktop"; + "application/x-tar" = "org.gnome.FileRoller.desktop"; + "application/x-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-bzip-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-xz-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-7z-compressed" = "org.gnome.FileRoller.desktop"; + "application/x-rar" = "org.gnome.FileRoller.desktop"; + "application/gzip" = "org.gnome.FileRoller.desktop"; + "application/x-bzip" = "org.gnome.FileRoller.desktop"; + + # File manager + "inode/directory" = "org.gnome.Nautilus.desktop"; + }; + }; + }; + + # Set Ghostty as default terminal + home.sessionVariables = { + TERMINAL = "ghostty"; }; } From 30ca5f6b29963d2741d488adaf8719eac0747091 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 13:12:40 -0300 Subject: [PATCH 049/206] kde connect needs to be enabled both in the user as the host --- hosts/modules/desktop/desktop.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index c265af7..3be98a6 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -121,6 +121,7 @@ enable = true; package = inputs.niri.packages.${pkgs.system}.niri; }; + kdeconnect.enable = true; dconf.enable = true; appimage = { enable = true; From 66d5275f7d09417e9becd0d1ddfc277f03e30233 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 13:57:49 -0300 Subject: [PATCH 050/206] no more better-control; niri config spacing --- hosts/modules/desktop/desktop.nix | 1 - users/modules/desktop/niri.nix | 309 +++++++++++++++--------------- 2 files changed, 152 insertions(+), 158 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 3be98a6..81ecb85 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -42,7 +42,6 @@ plasticity ### System Utilities ### adwaita-icon-theme - better-control ghostty gnome-disk-utility junction diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index fe40e1c..0e8eaab 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -12,6 +12,7 @@ let in { + imports = [ inputs.noctalia.homeModules.default ]; home.packages = with pkgs; [ xwayland-satellite ]; home.sessionVariables = { @@ -20,210 +21,204 @@ in xdg.configFile."niri/config.kdl".text = '' output "eDP-1" { - scale 1.0 + scale 1.0 } - output "DP-3" { - scale 1.0 + scale 1.0 } input { - keyboard { - xkb { - layout "us" - variant "altgr-intl" - } + keyboard { + xkb { + layout "us" + variant "altgr-intl" } - touchpad { - tap - dwt - drag true - drag-lock - natural-scroll - accel-speed 0.2 - accel-profile "flat" - scroll-method "two-finger" - middle-emulation - } - mouse { - natural-scroll - accel-speed 0.2 - accel-profile "flat" - } - warp-mouse-to-focus mode="center-xy" - focus-follows-mouse + } + touchpad { + tap + dwt + drag true + drag-lock + natural-scroll + accel-speed 0.2 + accel-profile "flat" + scroll-method "two-finger" + middle-emulation + } + mouse { + natural-scroll + accel-speed 0.2 + accel-profile "flat" + } + warp-mouse-to-focus mode="center-xy" + focus-follows-mouse } layout { - gaps 8 - center-focused-column "never" - auto-center-when-space-available - preset-column-widths { - ${ - if isRotterdam then - '' - proportion 0.33333 - proportion 0.5 - proportion 0.66667 - '' - else - '' + gaps 8 + center-focused-column "never" + auto-center-when-space-available + preset-column-widths { + ${ + if isRotterdam then + '' + proportion 0.33333 proportion 0.5 - proportion 1.0 - '' - } - } - default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } - focus-ring { - off - } - border { - width 4 - active-color "#ffc87f" - inactive-color "#505050" - urgent-color "#9b0000" + proportion 0.66667 + '' + else + '' + proportion 0.5 + proportion 1.0 + '' } + } + default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } + focus-ring { + off + } + border { + width 4 + active-color "#ffc87f" + inactive-color "#505050" + urgent-color "#9b0000" + } tab-indicator { - width 4 - gap 4 - place-within-column + width 4 + gap 4 + place-within-column } struts { - left 8 - right 8 + left 8 + right 8 } } overview { - zoom 0.65 + zoom 0.65 } spawn-at-startup "bash" "-c" "wl-paste --watch cliphist store &" spawn-at-startup "${noctalia}" layer-rule { - match namespace="^wallpaper$" + match namespace="^wallpaper$" place-within-backdrop true } layer-rule { - match namespace="^quickshell-overview$" - place-within-backdrop true - } - - spawn-at-startup "xwayland-satellite" - environment { - DISPLAY ":0" + match namespace="^quickshell-overview$" + place-within-backdrop true } hotkey-overlay { - skip-at-startup + skip-at-startup } prefer-no-csd screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" animations { - slowdown 0.3 + slowdown 0.3 } window-rule { - match app-id="zen" - default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; } + match app-id="zen" + default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; } } window-rule { - geometry-corner-radius 12 - clip-to-geometry true + geometry-corner-radius 12 + clip-to-geometry true } config-notification { - disable-failed + disable-failed } binds { - Alt+Space { spawn "${noctalia}" "ipc" "call" "launcher" "toggle"; } - XF86AudioRaiseVolume { spawn "${noctalia}" "ipc" "call" "volume" "increase"; } - XF86AudioLowerVolume { spawn "${noctalia}" "ipc" "call" "volume" "decrease"; } - XF86AudioMute { spawn "${noctalia}" "ipc" "call" "volume" "muteOutput"; } - XF86MonBrightnessUp { spawn "${noctalia}" "ipc" "call" "brightness" "increase"; } - XF86MonBrightnessDown { spawn "${noctalia}" "ipc" "call" "brightness" "decrease"; } - Mod+V { spawn "${noctalia}" "ipc" "call" "launcher" "clipboard"; } - Mod+Shift+L { spawn "${noctalia}" "ipc" "call" "lockScreen" "toggle"; } - Mod+Return { spawn "ghostty"; } - Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } - Mod+W repeat=false { toggle-overview; } - Mod+Q { close-window; } - Alt+Shift+Q { close-window;} - Mod+Shift+Q { close-window; } - Alt+F4 { close-window; } - Mod+Left { focus-column-left; } - Mod+Down { focus-window-down; } - Mod+Up { focus-window-up; } - Mod+Right { focus-column-right; } - Mod+H { focus-column-left; } - Mod+L { focus-column-right; } - Mod+J { focus-window-down; } - Mod+K { focus-window-up; } - Ctrl+Alt+J { focus-workspace-down; } - Ctrl+Alt+K { focus-workspace-up; } - Ctrl+Alt+Down { focus-workspace-down; } - Ctrl+Alt+Up { focus-workspace-up; } - Mod+Ctrl+Left { move-column-left; } - Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } - Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } - Mod+Ctrl+Right { move-column-right; } - Mod+Ctrl+H { move-column-left; } - Mod+Ctrl+J { move-window-down-or-to-workspace-down; } - Mod+Ctrl+K { move-window-up-or-to-workspace-up; } - Mod+Ctrl+L { move-column-right; } - Mod+Home { focus-column-first; } - Mod+End { focus-column-last; } - Mod+Ctrl+Home { move-column-to-first; } - Mod+Ctrl+End { move-column-to-last; } - Mod+Alt+Left { focus-monitor-left; } - Mod+Alt+Down { focus-monitor-down; } - Mod+Alt+Up { focus-monitor-up; } - Mod+Alt+Right { focus-monitor-right; } - Mod+Alt+H { focus-monitor-left; } - Mod+Alt+J { focus-monitor-down; } - Mod+Alt+K { focus-monitor-up; } - Mod+Alt+L { focus-monitor-right; } - Mod+Alt+Ctrl+Left { move-column-to-monitor-left; } - Mod+Alt+Ctrl+Down { move-column-to-monitor-down; } - Mod+Alt+Ctrl+Up { move-column-to-monitor-up; } - Mod+Alt+Ctrl+Right { move-column-to-monitor-right; } - Mod+Alt+Ctrl+H { move-column-to-monitor-left; } - Mod+Alt+Ctrl+J { move-column-to-monitor-down; } - Mod+Alt+Ctrl+K { move-column-to-monitor-up; } - Mod+Alt+Ctrl+L { move-column-to-monitor-right; } - Mod+Ctrl+U { move-workspace-down; } - Mod+Ctrl+I { move-workspace-up; } - Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; } - Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; } - Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; } - Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; } - Mod+Shift+WheelScrollDown { focus-column-right; } - Mod+Shift+WheelScrollUp { focus-column-left; } - Mod+Ctrl+Shift+WheelScrollDown { move-column-right; } - Mod+Ctrl+Shift+WheelScrollUp { move-column-left; } - Mod+BracketLeft { consume-or-expel-window-left; } - Mod+BracketRight { consume-or-expel-window-right; } - Mod+Comma { consume-window-into-column; } - Mod+Period { expel-window-from-column; } - Mod+R { switch-preset-column-width; } - Mod+F { maximize-column; } - Mod+Ctrl+F { fullscreen-window; } - Mod+C { center-visible-columns; } - Mod+Ctrl+C { center-column; } - Mod+Space { toggle-window-floating; } - Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; } - Mod+T { toggle-column-tabbed-display; } - Print { screenshot-screen; } - Mod+Print { screenshot; } - Ctrl+Print { screenshot-window; } - Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } - Mod+Alt+E { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } - Ctrl+Alt+Delete { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } - Mod+Ctrl+P { power-off-monitors; } + Alt+Space { spawn "${noctalia}" "ipc" "call" "launcher" "toggle"; } + XF86AudioRaiseVolume { spawn "${noctalia}" "ipc" "call" "volume" "increase"; } + XF86AudioLowerVolume { spawn "${noctalia}" "ipc" "call" "volume" "decrease"; } + XF86AudioMute { spawn "${noctalia}" "ipc" "call" "volume" "muteOutput"; } + XF86MonBrightnessUp { spawn "${noctalia}" "ipc" "call" "brightness" "increase"; } + XF86MonBrightnessDown { spawn "${noctalia}" "ipc" "call" "brightness" "decrease"; } + Mod+V { spawn "${noctalia}" "ipc" "call" "launcher" "clipboard"; } + Mod+Shift+L { spawn "${noctalia}" "ipc" "call" "lockScreen" "toggle"; } + Mod+Return { spawn "ghostty"; } + Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } + Mod+W repeat=false { toggle-overview; } + Mod+Q { close-window; } + Alt+Shift+Q { close-window;} + Mod+Shift+Q { close-window; } + Alt+F4 { close-window; } + Mod+Left { focus-column-left; } + Mod+Down { focus-window-down; } + Mod+Up { focus-window-up; } + Mod+Right { focus-column-right; } + Mod+H { focus-column-left; } + Mod+L { focus-column-right; } + Mod+J { focus-window-down; } + Mod+K { focus-window-up; } + Ctrl+Alt+J { focus-workspace-down; } + Ctrl+Alt+K { focus-workspace-up; } + Ctrl+Alt+Down { focus-workspace-down; } + Ctrl+Alt+Up { focus-workspace-up; } + Mod+Ctrl+Left { move-column-left; } + Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } + Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } + Mod+Ctrl+Right { move-column-right; } + Mod+Ctrl+H { move-column-left; } + Mod+Ctrl+J { move-window-down-or-to-workspace-down; } + Mod+Ctrl+K { move-window-up-or-to-workspace-up; } + Mod+Ctrl+L { move-column-right; } + Mod+Home { focus-column-first; } + Mod+End { focus-column-last; } + Mod+Ctrl+Home { move-column-to-first; } + Mod+Ctrl+End { move-column-to-last; } + Mod+Alt+Left { focus-monitor-left; } + Mod+Alt+Down { focus-monitor-down; } + Mod+Alt+Up { focus-monitor-up; } + Mod+Alt+Right { focus-monitor-right; } + Mod+Alt+H { focus-monitor-left; } + Mod+Alt+J { focus-monitor-down; } + Mod+Alt+K { focus-monitor-up; } + Mod+Alt+L { focus-monitor-right; } + Mod+Alt+Ctrl+Left { move-column-to-monitor-left; } + Mod+Alt+Ctrl+Down { move-column-to-monitor-down; } + Mod+Alt+Ctrl+Up { move-column-to-monitor-up; } + Mod+Alt+Ctrl+Right { move-column-to-monitor-right; } + Mod+Alt+Ctrl+H { move-column-to-monitor-left; } + Mod+Alt+Ctrl+J { move-column-to-monitor-down; } + Mod+Alt+Ctrl+K { move-column-to-monitor-up; } + Mod+Alt+Ctrl+L { move-column-to-monitor-right; } + Mod+Ctrl+U { move-workspace-down; } + Mod+Ctrl+I { move-workspace-up; } + Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; } + Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; } + Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; } + Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; } + Mod+Shift+WheelScrollDown { focus-column-right; } + Mod+Shift+WheelScrollUp { focus-column-left; } + Mod+Ctrl+Shift+WheelScrollDown { move-column-right; } + Mod+Ctrl+Shift+WheelScrollUp { move-column-left; } + Mod+BracketLeft { consume-or-expel-window-left; } + Mod+BracketRight { consume-or-expel-window-right; } + Mod+Comma { consume-window-into-column; } + Mod+Period { expel-window-from-column; } + Mod+R { switch-preset-column-width; } + Mod+F { maximize-column; } + Mod+Ctrl+F { fullscreen-window; } + Mod+C { center-visible-columns; } + Mod+Ctrl+C { center-column; } + Mod+Space { toggle-window-floating; } + Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; } + Mod+T { toggle-column-tabbed-display; } + Print { screenshot-screen; } + Mod+Print { screenshot; } + Ctrl+Print { screenshot-window; } + Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } + Mod+Alt+E { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } + Ctrl+Alt+Delete { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } + Mod+Ctrl+P { power-off-monitors; } } ''; } From 602fec023555c93f2020967bc643c94d5a6cc098 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 17:18:17 -0300 Subject: [PATCH 051/206] no more home manager stable --- flake.lock | 22 ---------------------- flake.nix | 8 ++------ 2 files changed, 2 insertions(+), 28 deletions(-) diff --git a/flake.lock b/flake.lock index 8271d66..7e20e22 100644 --- a/flake.lock +++ b/flake.lock @@ -313,27 +313,6 @@ "type": "github" } }, - "home-manager-stable": { - "inputs": { - "nixpkgs": [ - "nixpkgs-stable" - ] - }, - "locked": { - "lastModified": 1758463745, - "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-25.05", - "repo": "home-manager", - "type": "github" - } - }, "home-manager_2": { "inputs": { "nixpkgs": [ @@ -794,7 +773,6 @@ "disko": "disko", "flake-parts": "flake-parts", "home-manager": "home-manager_2", - "home-manager-stable": "home-manager-stable", "impermanence": "impermanence", "niri": "niri", "niri-flake": "niri-flake", diff --git a/flake.nix b/flake.nix index 78ff944..72aa094 100644 --- a/flake.nix +++ b/flake.nix @@ -2,19 +2,15 @@ description = "My nix hosts"; inputs = { + flake-parts.url = "github:hercules-ci/flake-parts"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05"; - flake-parts.url = "github:hercules-ci/flake-parts"; - home-manager = { url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; }; - home-manager-stable = { - url = "github:nix-community/home-manager/release-25.05"; - inputs.nixpkgs.follows = "nixpkgs-stable"; - }; agenix = { url = "github:ryantm/agenix"; From 14d08d6d70cb82e7078c70cd5421416b6143501e Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 17:21:14 -0300 Subject: [PATCH 052/206] specify server hosts --- nixosConfigurations.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index 16433bd..9a0a09d 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -36,6 +36,7 @@ in alexandria = mkHost { hostname = "alexandria"; tags = [ + # "server" TODO: uncomment when 25.11 is out. "fwupd" "podman" ]; @@ -45,6 +46,7 @@ in hostname = "trantor"; system = "aarch64-linux"; tags = [ + "server" ]; }; }; From 025bd2ccf83302d6ca4c15a6d65d891bb008390a Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 22:01:34 -0300 Subject: [PATCH 053/206] readme glowup --- readme.md | 129 +++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 122 insertions(+), 7 deletions(-) diff --git a/readme.md b/readme.md index 9f3af1e..2804237 100644 --- a/readme.md +++ b/readme.md @@ -1,8 +1,123 @@ -All my personal Nix and NixOS hosts, in a flake. +# NixOS Configuration -|Host|Description|System Version| -|:---|:---:|---:| -|alexandria|Personal server/NAS|NixOS 25.05| -|io|Mobile workstation|NixOS Unstable| -|rotterdam|Workstation|NixOS Unstable| -|trantor|Oracle Cloud VPS|NixOS 25.05| +A declarative, modular NixOS/Home Manager flake configuration managing multiple systems with a tag-based architecture for maximum code reuse and flexibility. + +## Hosts + +| Host | Type | System | Version | Description | +|------|------|--------|---------|-------------| +| **rotterdam** | Desktop | x86_64-linux | NixOS Unstable | Primary workstation with gaming, development | +| **io** | Laptop | x86_64-linux | NixOS Unstable | Mobile workstation | +| **alexandria** | Server/NAS | x86_64-linux | NixOS 25.05 | Personal server running Nextcloud, Forgejo, Jellyfin, Vaultwarden | +| **trantor** | VPS | aarch64-linux | NixOS 25.05 | Oracle Cloud instance | + +## Key Features + +### Architecture +- **Tag-based module system** - Compose configurations using tags instead of traditional inheritance +- **Flake-based** - Fully reproducible builds with locked dependencies +- **Multi-platform** - Supports both x86_64 and aarch64 architectures +- **Deployment automation** - Remote deployment via deploy-rs + +### Desktop Experience +- **Niri compositor** - Custom fork with auto-centering window columns +- **Unified theming** - Stylix-based theming +- **Wayland-native** - Full Wayland support +- **Ephemeral root** - Impermanent filesystem using BTRFS for atomic rollback capability + +### Self-Hosted Services +- **Nextcloud** - Cloud storage with calendar, contacts, and notes +- **Forgejo** - Self-hosted Git server +- **Jellyfin** - Media streaming +- **Vaultwarden** - Password manager backend +- **LibreSpeed** - Network speed testing +- All services behind Nginx and Tailscale with automatic SSL via Let's Encrypt + +### Security +- **Agenix** - Encrypted secrets management +- **Tailscale** - Zero-config VPN mesh network +- **Firewall** - Configured on all hosts +- SSH key-based authentication + +## Repository Structure + +``` +. +├── flake.nix # Main flake definition +├── utils.nix # Tag-based module system utilities +├── nixosConfigurations.nix # Host definitions with tags +├── homeConfigurations.nix # User configurations +├── deploy.nix # Remote deployment configuration +├── hosts/ +│ ├── alexandria/ # Server-specific config +│ ├── io/ # Laptop-specific config +│ ├── rotterdam/ # Desktop-specific config +│ ├── trantor/ # VPS-specific config +│ └── modules/ +│ ├── common/ # Shared base configuration +│ ├── desktop/ # Desktop environment setup +│ ├── server/ # Server-specific modules +│ └── [tag].nix # Optional feature modules +├── users/ +│ └── modules/ # Home Manager configurations +│ └── [tag].nix # Optional feature modules +├── packages/ # Custom package definitions +└── secrets/ # Encrypted secrets (agenix) +``` + +## Tag System + +Configurations are composed using tags that map to modules: + +**Common Tags** (all hosts): +- `common` - Base system configuration (automatically applied) + +**General Tags**: +- `desktop` - *Mostly* full desktop environment with Niri WM +- `dev` - Development tools and environments +- `gaming` - Steam, Heroic, gamemode, controller support +- `ephemeral` - Impermanent root filesystem +- `networkmanager` - WiFi and network management +- `libvirtd` - KVM/QEMU virtualization +- `podman` - Container runtime +- `bluetooth` - Bluetooth support +- `fwupd` - Firmware update daemon + +**Server Tags**: +- `server` - Server-specific configuration + +## Usage + +### Rebuilding a Configuration + +```bash +# Local rebuild +sudo nixos-rebuild switch --flake .#hostname + +# Remote deployment +deploy .#hostname +``` + +### Updating Dependencies + +```bash +nix flake update +``` + +### Adding a New Host + +1. Create host directory in `hosts/` +2. Define configuration in `nixosConfigurations.nix` with appropriate tags +3. Add deployment profile in `deploy.nix` if needed + +## Dependencies + +- [nixpkgs](https://github.com/NixOS/nixpkgs) - Stable (25.05) and unstable channels +- [home-manager](https://github.com/nix-community/home-manager) - User configuration +- [agenix](https://github.com/ryantm/agenix) - Secrets management +- [disko](https://github.com/nix-community/disko) - Declarative disk partitioning +- [stylix](https://github.com/danth/stylix) - System-wide theming +- [niri-flake](https://github.com/sodiboo/niri-flake) - Wayland compositor (custom fork) +- [impermanence](https://github.com/nix-community/impermanence) - Ephemeral filesystem support +- [deploy-rs](https://github.com/serokell/deploy-rs) - Remote deployment +- [nix-flatpak](https://github.com/gmodena/nix-flatpak) - Declarative Flatpak management From ccd4d5314caf430b0b2d4e89e776c1c3ab4bc674 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 22:39:25 -0300 Subject: [PATCH 054/206] new stylix theme --- users/modules/stylix.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix index d59e355..13ba8b6 100644 --- a/users/modules/stylix.nix +++ b/users/modules/stylix.nix @@ -14,7 +14,7 @@ stylix = { enable = true; polarity = "dark"; - base16Scheme = "${pkgs.base16-schemes}/share/themes/hardhacker.yaml"; + base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyodark.yaml"; cursor = { package = pkgs.kdePackages.breeze; name = "breeze_cursors"; From 39d16028645efff3278a9bcab75056372fa67c2e Mon Sep 17 00:00:00 2001 From: William Date: Wed, 22 Oct 2025 11:58:03 -0300 Subject: [PATCH 055/206] xdg portals --- hosts/modules/desktop/desktop.nix | 8 ++++++++ users/modules/desktop/desktop.nix | 18 ------------------ 2 files changed, 8 insertions(+), 18 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 81ecb85..24ead6a 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -141,4 +141,12 @@ roboto ]; }; + + xdg.portal = { + extraPortals = with pkgs; [ + xdg-desktop-portal-gnome + xdg-desktop-portal-gtk + ]; + config.common.default = "*"; + }; } diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index 16e2a82..a962923 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -42,11 +42,9 @@ xdg = { enable = true; userDirs.enable = true; - mimeApps = { enable = true; defaultApplications = { - # Web browsing (priority: Junction > Zen > Brave > Tor) "text/html" = [ "com.github.timecraft.junction.desktop" "zen-browser.desktop" @@ -77,8 +75,6 @@ "brave-browser.desktop" "torbrowser.desktop" ]; - - # Images "image/jpeg" = "org.gnome.Loupe.desktop"; "image/png" = "org.gnome.Loupe.desktop"; "image/gif" = "org.gnome.Loupe.desktop"; @@ -86,8 +82,6 @@ "image/bmp" = "org.gnome.Loupe.desktop"; "image/svg+xml" = "org.gnome.Loupe.desktop"; "image/tiff" = "org.gnome.Loupe.desktop"; - - # Video "video/mp4" = "io.bassi.Showtime.desktop"; "video/x-matroska" = "io.bassi.Showtime.desktop"; "video/webm" = "io.bassi.Showtime.desktop"; @@ -95,28 +89,20 @@ "video/x-msvideo" = "io.bassi.Showtime.desktop"; "video/quicktime" = "io.bassi.Showtime.desktop"; "video/x-flv" = "io.bassi.Showtime.desktop"; - - # Audio "audio/mpeg" = "io.bassi.Showtime.desktop"; "audio/flac" = "io.bassi.Showtime.desktop"; "audio/ogg" = "io.bassi.Showtime.desktop"; "audio/wav" = "io.bassi.Showtime.desktop"; "audio/mp4" = "io.bassi.Showtime.desktop"; "audio/x-opus+ogg" = "io.bassi.Showtime.desktop"; - - # PDF and documents (priority: Papers > Zen Browser) "application/pdf" = [ "org.gnome.Papers.desktop" "zen-browser.desktop" ]; - - # Text files (Ghostty + Helix) "text/plain" = "Helix.desktop"; "text/markdown" = "Helix.desktop"; "text/x-log" = "Helix.desktop"; "application/x-shellscript" = "Helix.desktop"; - - # Office documents "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = "onlyoffice-desktopeditors.desktop"; # DOCX "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = @@ -129,8 +115,6 @@ "application/msword" = "onlyoffice-desktopeditors.desktop"; # DOC "application/vnd.ms-excel" = "onlyoffice-desktopeditors.desktop"; # XLS "application/vnd.ms-powerpoint" = "onlyoffice-desktopeditors.desktop"; # PPT - - # Archives "application/zip" = "org.gnome.FileRoller.desktop"; "application/x-tar" = "org.gnome.FileRoller.desktop"; "application/x-compressed-tar" = "org.gnome.FileRoller.desktop"; @@ -140,8 +124,6 @@ "application/x-rar" = "org.gnome.FileRoller.desktop"; "application/gzip" = "org.gnome.FileRoller.desktop"; "application/x-bzip" = "org.gnome.FileRoller.desktop"; - - # File manager "inode/directory" = "org.gnome.Nautilus.desktop"; }; }; From db4b93273e354b97cfbdc9345468f356f8329b25 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 22 Oct 2025 14:16:52 -0300 Subject: [PATCH 056/206] kdeconnect: use valent instead; ghostty: set up shift+enter --- hosts/modules/desktop/desktop.nix | 5 ++++- users/modules/desktop/desktop.nix | 7 +------ users/modules/desktop/niri.nix | 2 +- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 24ead6a..192932c 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -120,7 +120,10 @@ enable = true; package = inputs.niri.packages.${pkgs.system}.niri; }; - kdeconnect.enable = true; + kdeconnect = { + enable = true; + package = pkgs.valent; + }; dconf.enable = true; appimage = { enable = true; diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index a962923..ba30852 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -24,7 +24,7 @@ }}"; bell-features = "border"; gtk-titlebar-style = "tabs"; - keybind = [ "shift+enter=esc:\\x1b[13;2u" ]; + keybind = [ "shift+enter=text:\\x1b\\r" ]; }; }; @@ -34,11 +34,6 @@ }; }; - services.kdeconnect = { - enable = true; - indicator = true; - }; - xdg = { enable = true; userDirs.enable = true; diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 0e8eaab..8da284f 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -98,8 +98,8 @@ in zoom 0.65 } - spawn-at-startup "bash" "-c" "wl-paste --watch cliphist store &" spawn-at-startup "${noctalia}" + spawn-at-startup "${lib.getExe pkgs.valent}" layer-rule { match namespace="^wallpaper$" place-within-backdrop true From d3c3c78cdd20b1b111a354d7b200f519cab66307 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 22 Oct 2025 18:43:05 -0300 Subject: [PATCH 057/206] niri: struts only for rotterdam --- users/modules/desktop/niri.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 8da284f..dc9793a 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -88,10 +88,11 @@ in gap 4 place-within-column } - struts { - left 8 - right 8 - } + ${lib.optionalString isRotterdam '' + struts { + left 8 + right 8 + }''} } overview { From 8254683b5f8a2aaa15cd5fa0a6eb809928f4ed5b Mon Sep 17 00:00:00 2001 From: William Date: Thu, 23 Oct 2025 18:58:20 -0300 Subject: [PATCH 058/206] set collate locale option --- hosts/modules/common/locale.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/common/locale.nix b/hosts/modules/common/locale.nix index 7e07d85..1171a32 100644 --- a/hosts/modules/common/locale.nix +++ b/hosts/modules/common/locale.nix @@ -7,6 +7,7 @@ defaultLocale = "en_US.UTF-8"; extraLocaleSettings = { LC_ADDRESS = "pt_BR.utf8"; + LC_COLLATE = "pt_BR.utf8"; LC_IDENTIFICATION = "pt_BR.utf8"; LC_MEASUREMENT = "pt_BR.utf8"; LC_MONETARY = "pt_BR.utf8"; From dd067449290bee1e04351b4b51d978680396259d Mon Sep 17 00:00:00 2001 From: William Date: Thu, 23 Oct 2025 15:34:03 -0300 Subject: [PATCH 059/206] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'noctalia': 'github:noctalia-dev/noctalia-shell/73267d1d37b60c963fc4f938acab1eef8a655fe7?narHash=sha256-SqBuR0BsZnXopIA8T1Fh8V4hf54pOPoMRwnkML3HGi0%3D' (2025-10-20) → 'github:noctalia-dev/noctalia-shell/c3439b262c7cb3d57c93197a93a3aa382582bdae?narHash=sha256-XAs/Q4zBJIfK/bwq9KjTUkTH15A%2BPe2rIilyvalEHuM%3D' (2025-10-23) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 7e20e22..feb5089 100644 --- a/flake.lock +++ b/flake.lock @@ -707,11 +707,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1760981626, - "narHash": "sha256-SqBuR0BsZnXopIA8T1Fh8V4hf54pOPoMRwnkML3HGi0=", + "lastModified": 1761190730, + "narHash": "sha256-XAs/Q4zBJIfK/bwq9KjTUkTH15A+Pe2rIilyvalEHuM=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "73267d1d37b60c963fc4f938acab1eef8a655fe7", + "rev": "c3439b262c7cb3d57c93197a93a3aa382582bdae", "type": "github" }, "original": { From 2d2d27a6fc2d8fcc7133313a1a0cc030d467c729 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 23 Oct 2025 21:18:44 -0300 Subject: [PATCH 060/206] don't autostart valent --- users/modules/desktop/niri.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index dc9793a..d603838 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -100,7 +100,6 @@ in } spawn-at-startup "${noctalia}" - spawn-at-startup "${lib.getExe pkgs.valent}" layer-rule { match namespace="^wallpaper$" place-within-backdrop true From 98b2d1f44c70619ae837e16180ea1a116c003116 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 24 Oct 2025 17:55:55 -0300 Subject: [PATCH 061/206] niri xdg desktop portal config --- hosts/modules/desktop/desktop.nix | 8 +++++++- users/modules/desktop/niri.nix | 6 +++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 192932c..816745c 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -150,6 +150,12 @@ xdg-desktop-portal-gnome xdg-desktop-portal-gtk ]; - config.common.default = "*"; + config = { + common.default = "*"; + niri.default = [ + "gtk" + "gnome" + ]; + }; }; } diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index d603838..47ad561 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -13,10 +13,10 @@ in { imports = [ inputs.noctalia.homeModules.default ]; - home.packages = with pkgs; [ xwayland-satellite ]; - home.sessionVariables = { - QT_QPA_PLATFORMTHEME = "gtk3"; + home = { + packages = with pkgs; [ xwayland-satellite ]; + sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; }; xdg.configFile."niri/config.kdl".text = '' From 8a64636cc596b114b086231ca9f6d9ef1d8f0fe9 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 25 Oct 2025 09:10:17 -0300 Subject: [PATCH 062/206] niri media keys --- users/modules/desktop/niri.nix | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 47ad561..16955d9 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -136,11 +136,15 @@ in binds { Alt+Space { spawn "${noctalia}" "ipc" "call" "launcher" "toggle"; } - XF86AudioRaiseVolume { spawn "${noctalia}" "ipc" "call" "volume" "increase"; } - XF86AudioLowerVolume { spawn "${noctalia}" "ipc" "call" "volume" "decrease"; } - XF86AudioMute { spawn "${noctalia}" "ipc" "call" "volume" "muteOutput"; } - XF86MonBrightnessUp { spawn "${noctalia}" "ipc" "call" "brightness" "increase"; } - XF86MonBrightnessDown { spawn "${noctalia}" "ipc" "call" "brightness" "decrease"; } + XF86AudioRaiseVolume allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "volume" "increase"; } + XF86AudioLowerVolume allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "volume" "decrease"; } + XF86AudioMute allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "volume" "muteOutput"; } + XF86MonBrightnessUp allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "brightness" "increase"; } + XF86MonBrightnessDown allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "brightness" "decrease"; } + XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; } + XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } + XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } + XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } Mod+V { spawn "${noctalia}" "ipc" "call" "launcher" "clipboard"; } Mod+Shift+L { spawn "${noctalia}" "ipc" "call" "lockScreen" "toggle"; } Mod+Return { spawn "ghostty"; } From a8977d7dfbb85cb7e955a133551ed84a6073def3 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 29 Oct 2025 11:00:50 -0300 Subject: [PATCH 063/206] greetd only autologin on io --- hosts/modules/desktop/desktop.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 816745c..5258442 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -73,9 +73,11 @@ enable = true; settings = { default_session = { - command = "${lib.getExe pkgs.tuigreet} --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; + command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; user = "greeter"; }; + } + // lib.optionalAttrs (config.networking.hostName == "io") { initial_session = { command = "${config.programs.niri.package}/bin/niri-session"; user = "user"; From 90cdc7b8a5029a9c039b97b6b06b56bdbaa71350 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 21 Oct 2025 18:14:02 -0300 Subject: [PATCH 064/206] begin configuring terranix --- flake.lock | 59 +++++++++++++++++++++++++++++++++++ flake.nix | 6 ++++ terranixConfigurations.nix | 22 +++++++++++++ utils.nix | 63 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 150 insertions(+) create mode 100644 terranixConfigurations.nix diff --git a/flake.lock b/flake.lock index feb5089..f9d54f9 100644 --- a/flake.lock +++ b/flake.lock @@ -241,6 +241,27 @@ "type": "github" } }, + "flake-parts_3": { + "inputs": { + "nixpkgs-lib": [ + "terranix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems_3" @@ -783,6 +804,7 @@ "nixpkgs-stable": "nixpkgs-stable_2", "noctalia": "noctalia", "stylix": "stylix", + "terranix": "terranix", "zen-browser": "zen-browser" } }, @@ -936,6 +958,43 @@ "type": "github" } }, + "systems_6": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "terranix": { + "inputs": { + "flake-parts": "flake-parts_3", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems_6" + }, + "locked": { + "lastModified": 1757278723, + "narHash": "sha256-hTMi6oGU+6VRnW9SZZ+muFcbfMEf2ajjOp7Z2KM5MMY=", + "owner": "terranix", + "repo": "terranix", + "rev": "924573fa6587ac57b0d15037fbd2d3f0fcdf17fb", + "type": "github" + }, + "original": { + "owner": "terranix", + "repo": "terranix", + "type": "github" + } + }, "tinted-foot": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 72aa094..ccbec85 100644 --- a/flake.nix +++ b/flake.nix @@ -47,6 +47,11 @@ url = "github:nix-community/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; }; + + terranix = { + url = "github:terranix/terranix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = @@ -65,6 +70,7 @@ ./overlays.nix ./packages.nix ./deploy.nix + ./terranixConfigurations.nix ]; }; } diff --git a/terranixConfigurations.nix b/terranixConfigurations.nix new file mode 100644 index 0000000..9dd1c8f --- /dev/null +++ b/terranixConfigurations.nix @@ -0,0 +1,22 @@ +{ inputs, ... }: + +let + lib = inputs.nixpkgs.lib; + utils = import ./utils.nix { inherit inputs lib; }; + inherit (utils) mkTerranixDerivation; + + configs = { + # Example: + # myconfig = { + # modules = [ ./terraform/myconfig.nix ]; + # }; + }; +in + +{ + perSystem = + { system, ... }: + { + packages = mkTerranixDerivation { inherit system configs; }; + }; +} diff --git a/utils.nix b/utils.nix index 38cf968..fb92954 100644 --- a/utils.nix +++ b/utils.nix @@ -7,6 +7,7 @@ let nixpkgs-stable home-manager agenix + terranix ; in @@ -190,4 +191,66 @@ in }; in lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) domains; + + # Terranix configuration system + mkTerranixDerivation = + { + system, + configs, + }: + lib.mapAttrs ( + name: cfg: + let + pkgs = nixpkgs.legacyPackages.${system}; + modules = cfg.modules; + extraArgs = cfg.extraArgs or { }; + + terraformConfiguration = terranix.lib.terranixConfiguration { + inherit system modules; + extraArgs = { + inherit lib pkgs; + } // extraArgs; + }; + + tf-json = pkgs.writeShellScriptBin "default" '' + cat ${terraformConfiguration} | ${pkgs.jq}/bin/jq + ''; + + apply = pkgs.writeShellScriptBin "apply" '' + if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi + cp ${terraformConfiguration} config.tf.json \ + && ${pkgs.terraform}/bin/terraform init \ + && ${pkgs.terraform}/bin/terraform apply + ''; + + plan = pkgs.writeShellScriptBin "plan" '' + if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi + cp ${terraformConfiguration} config.tf.json \ + && ${pkgs.terraform}/bin/terraform init \ + && ${pkgs.terraform}/bin/terraform plan + ''; + + destroy = pkgs.writeShellScriptBin "destroy" '' + if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi + cp ${terraformConfiguration} config.tf.json \ + && ${pkgs.terraform}/bin/terraform init \ + && ${pkgs.terraform}/bin/terraform destroy + ''; + + create-state-bucket = pkgs.writeShellScriptBin "create-state-bucket" '' + BUCKET_NAME=''${1:-"terraform-state-bucket"} + ACCOUNT_ID=''${2:?"Error: Cloudflare account ID required as second argument"} + R2_ENDPOINT="https://$ACCOUNT_ID.r2.cloudflarestorage.com" + + echo "Creating R2 bucket $BUCKET_NAME..." + ${pkgs.awscli}/bin/aws s3api create-bucket \ + --bucket "$BUCKET_NAME" \ + --endpoint-url "$R2_ENDPOINT" + echo "Bucket created successfully at $R2_ENDPOINT" + ''; + in + tf-json // { + inherit apply plan destroy create-state-bucket; + } + ) configs; } From b75f9752d1455be5a437b952b46ba68310e8b01f Mon Sep 17 00:00:00 2001 From: William Date: Wed, 29 Oct 2025 11:14:52 -0300 Subject: [PATCH 065/206] use terranix flake parts module directly --- terranixConfigurations.nix | 29 ++++++++---------- utils.nix | 63 -------------------------------------- 2 files changed, 12 insertions(+), 80 deletions(-) diff --git a/terranixConfigurations.nix b/terranixConfigurations.nix index 9dd1c8f..c546cbf 100644 --- a/terranixConfigurations.nix +++ b/terranixConfigurations.nix @@ -1,22 +1,17 @@ { inputs, ... }: -let - lib = inputs.nixpkgs.lib; - utils = import ./utils.nix { inherit inputs lib; }; - inherit (utils) mkTerranixDerivation; - - configs = { - # Example: - # myconfig = { - # modules = [ ./terraform/myconfig.nix ]; - # }; - }; -in - { - perSystem = - { system, ... }: - { - packages = mkTerranixDerivation { inherit system configs; }; + imports = [ + inputs.terranix.flakeModule + ]; + + perSystem = { + terranix.terranixConfigurations = { + # Example: + # myconfig = { + # modules = [ ./terraform/myconfig.nix ]; + # extraArgs = { }; # optional + # }; }; + }; } diff --git a/utils.nix b/utils.nix index fb92954..38cf968 100644 --- a/utils.nix +++ b/utils.nix @@ -7,7 +7,6 @@ let nixpkgs-stable home-manager agenix - terranix ; in @@ -191,66 +190,4 @@ in }; in lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) domains; - - # Terranix configuration system - mkTerranixDerivation = - { - system, - configs, - }: - lib.mapAttrs ( - name: cfg: - let - pkgs = nixpkgs.legacyPackages.${system}; - modules = cfg.modules; - extraArgs = cfg.extraArgs or { }; - - terraformConfiguration = terranix.lib.terranixConfiguration { - inherit system modules; - extraArgs = { - inherit lib pkgs; - } // extraArgs; - }; - - tf-json = pkgs.writeShellScriptBin "default" '' - cat ${terraformConfiguration} | ${pkgs.jq}/bin/jq - ''; - - apply = pkgs.writeShellScriptBin "apply" '' - if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi - cp ${terraformConfiguration} config.tf.json \ - && ${pkgs.terraform}/bin/terraform init \ - && ${pkgs.terraform}/bin/terraform apply - ''; - - plan = pkgs.writeShellScriptBin "plan" '' - if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi - cp ${terraformConfiguration} config.tf.json \ - && ${pkgs.terraform}/bin/terraform init \ - && ${pkgs.terraform}/bin/terraform plan - ''; - - destroy = pkgs.writeShellScriptBin "destroy" '' - if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi - cp ${terraformConfiguration} config.tf.json \ - && ${pkgs.terraform}/bin/terraform init \ - && ${pkgs.terraform}/bin/terraform destroy - ''; - - create-state-bucket = pkgs.writeShellScriptBin "create-state-bucket" '' - BUCKET_NAME=''${1:-"terraform-state-bucket"} - ACCOUNT_ID=''${2:?"Error: Cloudflare account ID required as second argument"} - R2_ENDPOINT="https://$ACCOUNT_ID.r2.cloudflarestorage.com" - - echo "Creating R2 bucket $BUCKET_NAME..." - ${pkgs.awscli}/bin/aws s3api create-bucket \ - --bucket "$BUCKET_NAME" \ - --endpoint-url "$R2_ENDPOINT" - echo "Bucket created successfully at $R2_ENDPOINT" - ''; - in - tf-json // { - inherit apply plan destroy create-state-bucket; - } - ) configs; } From 5899e42fa427bf8346d9b8b21a0ca239b64d74cf Mon Sep 17 00:00:00 2001 From: William Date: Wed, 29 Oct 2025 16:04:31 -0300 Subject: [PATCH 066/206] started oci terranix config --- terranix/oci/homelab.nix | 196 +++++++++++++++++++++++++++++++++++++ terranixConfigurations.nix | 8 +- 2 files changed, 199 insertions(+), 5 deletions(-) create mode 100644 terranix/oci/homelab.nix diff --git a/terranix/oci/homelab.nix b/terranix/oci/homelab.nix new file mode 100644 index 0000000..12c15b4 --- /dev/null +++ b/terranix/oci/homelab.nix @@ -0,0 +1,196 @@ +{ config, ... }: + +{ + terraform.required_providers.oci = { + source = "oracle/oci"; + version = "~> 5.0"; + }; + + provider.oci.region = "sa-saopaulo-1"; + + terraform.backend.s3 = { + bucket = "terraform-state"; + key = "oci/homelab.tfstate"; + region = "auto"; + endpoint = "https://.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + + variable = { + compartment_name = { + default = "homelab"; + type = "string"; + }; + + vcn_cidr = { + default = "10.0.0.0/24"; + type = "string"; + }; + + instance_name = { + default = "trantor"; + type = "string"; + }; + + ssh_public_keys = { + default = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + ]; + type = "list(string)"; + }; + }; + + data = { + oci_identity_tenancy.tenancy = { }; + + oci_identity_availability_domains.ads = { + compartment_id = config.data.oci_identity_tenancy.tenancy.id; + }; + + oci_core_images.ubuntu_arm = { + compartment_id = config.data.oci_identity_tenancy.tenancy.id; + operating_system = "Canonical Ubuntu"; + operating_system_version = "24.04"; + shape = "VM.Standard.A1.Flex"; + sort_by = "TIMECREATED"; + sort_order = "DESC"; + }; + }; + + resource = { + oci_identity_compartment.homelab = { + compartment_id = config.data.oci_identity_tenancy.tenancy.id; + description = "Homelab infrastructure compartment"; + name = config.variable.compartment_name.default; + }; + + oci_core_vcn.vcn = { + compartment_id = config.resource.oci_identity_compartment.homelab.id; + cidr_blocks = [ config.variable.vcn_cidr.default ]; + display_name = "homelab-vcn"; + dns_label = "homelab"; + }; + + oci_core_internet_gateway.ig = { + compartment_id = config.resource.oci_identity_compartment.homelab.id; + vcn_id = config.resource.oci_core_vcn.vcn.id; + display_name = "homelab-ig"; + enabled = true; + }; + + oci_core_route_table.rt = { + compartment_id = config.resource.oci_identity_compartment.homelab.id; + vcn_id = config.resource.oci_core_vcn.vcn.id; + display_name = "homelab-rt"; + + route_rules = [ + { + network_entity_id = config.resource.oci_core_internet_gateway.ig.id; + destination = "0.0.0.0/0"; + destination_type = "CIDR_BLOCK"; + } + ]; + }; + + oci_core_security_list.sl = { + compartment_id = config.resource.oci_identity_compartment.homelab.id; + vcn_id = config.resource.oci_core_vcn.vcn.id; + display_name = "homelab-sl"; + + egress_security_rules = [ + { + destination = "0.0.0.0/0"; + protocol = "all"; + stateless = false; + } + ]; + + ingress_security_rules = [ + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 22; + max = 22; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 80; + max = 80; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 443; + max = 443; + }; + } + ]; + }; + + oci_core_subnet.subnet = { + compartment_id = config.resource.oci_identity_compartment.homelab.id; + vcn_id = config.resource.oci_core_vcn.vcn.id; + cidr_block = config.variable.vcn_cidr.default; + display_name = "homelab-subnet"; + dns_label = "subnet"; + route_table_id = config.resource.oci_core_route_table.rt.id; + security_list_ids = [ config.resource.oci_core_security_list.sl.id ]; + prohibit_public_ip_on_vnic = false; + }; + + oci_core_instance.trantor = { + availability_domain = config.data.oci_identity_availability_domains.ads.availability_domains .0.name; + compartment_id = config.resource.oci_identity_compartment.homelab.id; + display_name = config.variable.instance_name.default; + shape = "VM.Standard.A1.Flex"; + + shape_config = { + ocpus = 2; + memory_in_gbs = 12; + }; + + source_details = { + source_type = "image"; + source_id = config.data.oci_core_images.ubuntu_arm.images .0.id; + boot_volume_size_in_gbs = 50; + }; + + create_vnic_details = { + subnet_id = config.resource.oci_core_subnet.subnet.id; + display_name = "trantor-vnic"; + assign_public_ip = true; + hostname_label = config.variable.instance_name.default; + }; + + metadata = { + ssh_authorized_keys = builtins.concatStringsSep "\n" config.variable.ssh_public_keys.default; + }; + + preserve_boot_volume = false; + }; + }; + + output = { + compartment_id = { + value = config.resource.oci_identity_compartment.homelab.id; + }; + + instance_public_ip = { + value = config.resource.oci_core_instance.trantor.public_ip; + }; + }; +} diff --git a/terranixConfigurations.nix b/terranixConfigurations.nix index c546cbf..8606b2c 100644 --- a/terranixConfigurations.nix +++ b/terranixConfigurations.nix @@ -7,11 +7,9 @@ perSystem = { terranix.terranixConfigurations = { - # Example: - # myconfig = { - # modules = [ ./terraform/myconfig.nix ]; - # extraArgs = { }; # optional - # }; + oci-homelab = { + modules = [ ./terranix/oci/homelab.nix ]; + }; }; }; } From 716ed5cc5347b6a564425fbfa5d49e702103e208 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 2 Nov 2025 22:01:43 -0300 Subject: [PATCH 067/206] trator terranix config functional; move disko configs to individual outputs; touching up trantor --- .gitignore | 1 + disko/io.nix | 75 +++++++++++++ disko/trantor.nix | 61 +++++++++++ diskoConfigurations.nix | 12 +++ flake.lock | 53 ++++++---- flake.nix | 8 +- hosts/io/disko.nix | 83 --------------- hosts/io/hardware-configuration.nix | 6 +- hosts/modules/ephemeral.nix | 8 +- hosts/trantor/boot.nix | 5 +- hosts/trantor/disko.nix | 36 ------- hosts/trantor/hardware-configuration.nix | 6 +- nixosConfigurations.nix | 1 + terranix/cloudflare/baduhai.dev.nix | 0 terranix/cloudflare/kernelpanic.space.nix | 0 terranix/oci/terminus.nix | 0 terranix/oci/{homelab.nix => trantor.nix} | 122 +++++++++++++++------- terranix/tailscale/tailnet.nix | 0 terranixConfigurations.nix | 14 ++- 19 files changed, 298 insertions(+), 193 deletions(-) create mode 100644 disko/io.nix create mode 100644 disko/trantor.nix create mode 100644 diskoConfigurations.nix delete mode 100644 hosts/io/disko.nix delete mode 100644 hosts/trantor/disko.nix create mode 100644 terranix/cloudflare/baduhai.dev.nix create mode 100644 terranix/cloudflare/kernelpanic.space.nix create mode 100644 terranix/oci/terminus.nix rename terranix/oci/{homelab.nix => trantor.nix} (56%) create mode 100644 terranix/tailscale/tailnet.nix diff --git a/.gitignore b/.gitignore index 928efae..b59fd44 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,7 @@ result result-* .direnv/ +oci-trantor/ # Personal notes and temporary files todo.md diff --git a/disko/io.nix b/disko/io.nix new file mode 100644 index 0000000..37f3160 --- /dev/null +++ b/disko/io.nix @@ -0,0 +1,75 @@ +{ + disko.devices.disk.main = { + type = "disk"; + device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689"; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1MiB"; + end = "1GiB"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot/efi"; + mountOptions = [ + "noatime" + "fmask=0077" + "dmask=0077" + ]; + }; + }; + cryptroot = { + priority = 2; + name = "root"; + size = "100%"; + content = { + type = "luks"; + name = "cryptroot"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "@root" = { + mountpoint = "/"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@root" + ]; + }; + "@home" = { + mountpoint = "/home"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@home" + ]; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@nix" + ]; + }; + "@persistent" = { + mountpoint = "/persistent"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@persistent" + ]; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/disko/trantor.nix b/disko/trantor.nix new file mode 100644 index 0000000..db1397e --- /dev/null +++ b/disko/trantor.nix @@ -0,0 +1,61 @@ +{ + disko.devices.disk.main = { + type = "disk"; + device = "/dev/disk/by-id/scsi-36067d367fe184830a89bbe708c7b1066"; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1MiB"; + end = "512MiB"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot/efi"; + mountOptions = [ + "noatime" + "fmask=0077" + "dmask=0077" + ]; + }; + }; + root = { + priority = 2; + name = "root"; + size = "100%"; + content = { + type = "filesystem"; + format = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "@root" = { + mountpoint = "/"; + mountOptions = [ + "noatime" + "compress=zstd" + ]; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = [ + "noatime" + "compress=zstd" + ]; + }; + "@persistent" = { + mountpoint = "/persistent"; + mountOptions = [ + "noatime" + "compress=zstd" + ]; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/diskoConfigurations.nix b/diskoConfigurations.nix new file mode 100644 index 0000000..511eddc --- /dev/null +++ b/diskoConfigurations.nix @@ -0,0 +1,12 @@ +{ inputs, ... }: + +{ + imports = [ + inputs.disko.flakeModule + ]; + + flake.diskoConfigurations = { + io.modules = [ ./disko/io.nix ]; + trantor.modules = [ ./disko/trantor.nix ]; + }; +} diff --git a/flake.lock b/flake.lock index f9d54f9..5993cdf 100644 --- a/flake.lock +++ b/flake.lock @@ -135,21 +135,18 @@ }, "disko": { "inputs": { - "nixpkgs": [ - "nixpkgs-stable" - ] + "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1736864502, - "narHash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=", + "lastModified": 1761899396, + "narHash": "sha256-XOpKBp6HLzzMCbzW50TEuXN35zN5WGQREC7n34DcNMM=", "owner": "nix-community", "repo": "disko", - "rev": "0141aabed359f063de7413f80d906e1d98c0c123", + "rev": "6f4cf5abbe318e4cd1e879506f6eeafd83f7b998", "type": "github" }, "original": { "owner": "nix-community", - "ref": "v1.11.0", "repo": "disko", "type": "github" } @@ -393,7 +390,7 @@ }, "niri": { "inputs": { - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "rust-overlay": "rust-overlay" }, "locked": { @@ -415,7 +412,7 @@ "inputs": { "niri-stable": "niri-stable", "niri-unstable": "niri-unstable", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nixpkgs-stable": "nixpkgs-stable", "xwayland-satellite-stable": "xwayland-satellite-stable", "xwayland-satellite-unstable": "xwayland-satellite-unstable" @@ -506,7 +503,7 @@ "nix-options-doc": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "rust-overlay": "rust-overlay_2" }, "locked": { @@ -528,7 +525,7 @@ "inputs": { "flake-compat": "flake-compat_2", "nix-options-doc": "nix-options-doc", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1760856139, @@ -608,6 +605,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1761880412, + "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1757967192, "narHash": "sha256-/aA9A/OBmnuOMgwfzdsXRusqzUpd8rQnQY8jtrHK+To=", @@ -623,7 +636,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1760878510, "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", @@ -639,7 +652,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1740695751, "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", @@ -655,7 +668,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -671,7 +684,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1760878510, "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", @@ -687,7 +700,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1758690382, "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", @@ -703,7 +716,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1755615617, "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", @@ -800,7 +813,7 @@ "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "nixpkgs-stable": "nixpkgs-stable_2", "noctalia": "noctalia", "stylix": "stylix", @@ -860,7 +873,7 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_2", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "nur": "nur", "systems": "systems_5", "tinted-foot": "tinted-foot", @@ -1130,7 +1143,7 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1760934351, diff --git a/flake.nix b/flake.nix index ccbec85..c9d5076 100644 --- a/flake.nix +++ b/flake.nix @@ -17,10 +17,7 @@ inputs.nixpkgs.follows = "nixpkgs-stable"; }; - disko = { - url = "github:nix-community/disko?ref=v1.11.0"; - inputs.nixpkgs.follows = "nixpkgs-stable"; - }; + disko.url = "github:nix-community/disko"; noctalia = { url = "github:noctalia-dev/noctalia-shell"; @@ -63,13 +60,14 @@ ]; imports = [ + ./deploy.nix ./devShells.nix + ./diskoConfigurations.nix ./homeConfigurations.nix ./nixosConfigurations.nix ./nixosModules.nix ./overlays.nix ./packages.nix - ./deploy.nix ./terranixConfigurations.nix ]; }; diff --git a/hosts/io/disko.nix b/hosts/io/disko.nix deleted file mode 100644 index edb1418..0000000 --- a/hosts/io/disko.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.disko.nixosModules.default ]; - - disko.devices = { - disk = { - main = { - type = "disk"; - device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689"; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - start = "1MiB"; - end = "1GiB"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot/efi"; - mountOptions = [ - "noatime" - "fmask=0077" - "dmask=0077" - ]; - }; - }; - cryptroot = { - priority = 2; - name = "root"; - size = "100%"; - content = { - type = "luks"; - name = "cryptroot"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "@root" = { - mountpoint = "/"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@root" - ]; - }; - "@home" = { - mountpoint = "/home"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@home" - ]; - }; - "@nix" = { - mountpoint = "/nix"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@nix" - ]; - }; - "@persistent" = { - mountpoint = "/persistent"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@persistent" - ]; - }; - }; - }; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/io/hardware-configuration.nix b/hosts/io/hardware-configuration.nix index 56f0d0d..cb114a1 100644 --- a/hosts/io/hardware-configuration.nix +++ b/hosts/io/hardware-configuration.nix @@ -2,11 +2,15 @@ config, lib, modulesPath, + self, ... }: { - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + self.diskoConfigurations.io + ]; boot = { initrd = { diff --git a/hosts/modules/ephemeral.nix b/hosts/modules/ephemeral.nix index a759cf4..8ed08bc 100644 --- a/hosts/modules/ephemeral.nix +++ b/hosts/modules/ephemeral.nix @@ -1,4 +1,4 @@ -{ inputs, ... }: +{ config, inputs, ... }: { imports = [ @@ -8,7 +8,11 @@ ephemeral = { enable = true; - rootDevice = "/dev/mapper/cryptroot"; + rootDevice = + if config.networking.hostName == "trantor" then + "/dev/disk/by-id/scsi-36067d367fe184830a89bbe708c7b1066" + else + "/dev/mapper/cryptroot"; rootSubvolume = "@root"; }; diff --git a/hosts/trantor/boot.nix b/hosts/trantor/boot.nix index a031ce9..67ac124 100644 --- a/hosts/trantor/boot.nix +++ b/hosts/trantor/boot.nix @@ -1,6 +1,3 @@ { - boot = { - loader.efi.efiSysMountPoint = "/boot"; - initrd.systemd.enable = true; - }; + boot.initrd.systemd.enable = true; } diff --git a/hosts/trantor/disko.nix b/hosts/trantor/disko.nix deleted file mode 100644 index a70383e..0000000 --- a/hosts/trantor/disko.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.disko.nixosModules.default ]; - - disko.devices = { - disk = { - main = { - type = "disk"; - device = "/dev/disk/by-id/scsi-3605e4addb4c640319c8c03436205530b"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/trantor/hardware-configuration.nix b/hosts/trantor/hardware-configuration.nix index d5cc31f..4a9503f 100644 --- a/hosts/trantor/hardware-configuration.nix +++ b/hosts/trantor/hardware-configuration.nix @@ -1,11 +1,15 @@ { lib, modulesPath, + self, ... }: { - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + self.diskoConfigurations.trantor + ]; boot = { kernelModules = [ ]; diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index 9a0a09d..ced8851 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -47,6 +47,7 @@ in system = "aarch64-linux"; tags = [ "server" + "ephemeral" ]; }; }; diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix new file mode 100644 index 0000000..e69de29 diff --git a/terranix/cloudflare/kernelpanic.space.nix b/terranix/cloudflare/kernelpanic.space.nix new file mode 100644 index 0000000..e69de29 diff --git a/terranix/oci/terminus.nix b/terranix/oci/terminus.nix new file mode 100644 index 0000000..e69de29 diff --git a/terranix/oci/homelab.nix b/terranix/oci/trantor.nix similarity index 56% rename from terranix/oci/homelab.nix rename to terranix/oci/trantor.nix index 12c15b4..37c12ae 100644 --- a/terranix/oci/homelab.nix +++ b/terranix/oci/trantor.nix @@ -3,16 +3,16 @@ { terraform.required_providers.oci = { source = "oracle/oci"; - version = "~> 5.0"; + version = "~> 7.0"; }; provider.oci.region = "sa-saopaulo-1"; terraform.backend.s3 = { bucket = "terraform-state"; - key = "oci/homelab.tfstate"; + key = "oci/trantor.tfstate"; region = "auto"; - endpoint = "https://.r2.cloudflarestorage.com"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; skip_credentials_validation = true; skip_metadata_api_check = true; skip_region_validation = true; @@ -21,8 +21,13 @@ }; variable = { + tenancy_ocid = { + default = "ocid1.tenancy.oc1..aaaaaaaap3vfdz4piygqza6e6zqunbcuso43ddqfo3ydmpmnomidyghh7rvq"; + type = "string"; + }; + compartment_name = { - default = "homelab"; + default = "trantor"; type = "string"; }; @@ -46,14 +51,12 @@ }; data = { - oci_identity_tenancy.tenancy = { }; - oci_identity_availability_domains.ads = { - compartment_id = config.data.oci_identity_tenancy.tenancy.id; + compartment_id = config.variable.tenancy_ocid.default; }; oci_core_images.ubuntu_arm = { - compartment_id = config.data.oci_identity_tenancy.tenancy.id; + compartment_id = config.variable.tenancy_ocid.default; operating_system = "Canonical Ubuntu"; operating_system_version = "24.04"; shape = "VM.Standard.A1.Flex"; @@ -63,34 +66,34 @@ }; resource = { - oci_identity_compartment.homelab = { - compartment_id = config.data.oci_identity_tenancy.tenancy.id; - description = "Homelab infrastructure compartment"; + oci_identity_compartment.trantor = { + compartment_id = config.variable.tenancy_ocid.default; + description = "trantor infrastructure compartment"; name = config.variable.compartment_name.default; }; oci_core_vcn.vcn = { - compartment_id = config.resource.oci_identity_compartment.homelab.id; + compartment_id = config.resource.oci_identity_compartment.trantor "id"; cidr_blocks = [ config.variable.vcn_cidr.default ]; - display_name = "homelab-vcn"; - dns_label = "homelab"; + display_name = "trantor-vcn"; + dns_label = "trantor"; }; oci_core_internet_gateway.ig = { - compartment_id = config.resource.oci_identity_compartment.homelab.id; - vcn_id = config.resource.oci_core_vcn.vcn.id; - display_name = "homelab-ig"; + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + display_name = "trantor-ig"; enabled = true; }; oci_core_route_table.rt = { - compartment_id = config.resource.oci_identity_compartment.homelab.id; - vcn_id = config.resource.oci_core_vcn.vcn.id; - display_name = "homelab-rt"; + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + display_name = "trantor-rt"; route_rules = [ { - network_entity_id = config.resource.oci_core_internet_gateway.ig.id; + network_entity_id = config.resource.oci_core_internet_gateway.ig "id"; destination = "0.0.0.0/0"; destination_type = "CIDR_BLOCK"; } @@ -98,9 +101,9 @@ }; oci_core_security_list.sl = { - compartment_id = config.resource.oci_identity_compartment.homelab.id; - vcn_id = config.resource.oci_core_vcn.vcn.id; - display_name = "homelab-sl"; + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + display_name = "trantor-sl"; egress_security_rules = [ { @@ -138,23 +141,50 @@ max = 443; }; } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 25565; + max = 25565; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 19132; + max = 19133; + }; + } + { + protocol = "17"; # UDP + source = "0.0.0.0/0"; + stateless = false; + udp_options = { + min = 19132; + max = 19133; + }; + } ]; }; oci_core_subnet.subnet = { - compartment_id = config.resource.oci_identity_compartment.homelab.id; - vcn_id = config.resource.oci_core_vcn.vcn.id; + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; cidr_block = config.variable.vcn_cidr.default; - display_name = "homelab-subnet"; + display_name = "trantor-subnet"; dns_label = "subnet"; - route_table_id = config.resource.oci_core_route_table.rt.id; - security_list_ids = [ config.resource.oci_core_security_list.sl.id ]; + route_table_id = config.resource.oci_core_route_table.rt "id"; + security_list_ids = [ (config.resource.oci_core_security_list.sl "id") ]; prohibit_public_ip_on_vnic = false; }; oci_core_instance.trantor = { - availability_domain = config.data.oci_identity_availability_domains.ads.availability_domains .0.name; - compartment_id = config.resource.oci_identity_compartment.homelab.id; + availability_domain = config.data.oci_identity_availability_domains.ads "availability_domains[0].name"; + compartment_id = config.resource.oci_identity_compartment.trantor "id"; display_name = config.variable.instance_name.default; shape = "VM.Standard.A1.Flex"; @@ -165,12 +195,12 @@ source_details = { source_type = "image"; - source_id = config.data.oci_core_images.ubuntu_arm.images .0.id; - boot_volume_size_in_gbs = 50; + source_id = config.data.oci_core_images.ubuntu_arm "images[0].id"; + boot_volume_size_in_gbs = 100; }; create_vnic_details = { - subnet_id = config.resource.oci_core_subnet.subnet.id; + subnet_id = config.resource.oci_core_subnet.subnet "id"; display_name = "trantor-vnic"; assign_public_ip = true; hostname_label = config.variable.instance_name.default; @@ -182,15 +212,35 @@ preserve_boot_volume = false; }; + + oci_budget_budget.trantor_budget = { + compartment_id = config.variable.tenancy_ocid.default; + targets = [ (config.resource.oci_identity_compartment.trantor "id") ]; + amount = 1; + reset_period = "MONTHLY"; + display_name = "trantor-budget"; + description = "Monthly budget for trantor compartment"; + target_type = "COMPARTMENT"; + }; + + oci_budget_alert_rule.daily_spend_alert = { + budget_id = config.resource.oci_budget_budget.trantor_budget "id"; + type = "ACTUAL"; + threshold = 5; + threshold_type = "PERCENTAGE"; + display_name = "daily-spend-alert"; + description = "Alert when daily spending exceeds $0.05"; + message = "Daily spending has exceeded $0.05 in the trantor compartment"; + }; }; output = { compartment_id = { - value = config.resource.oci_identity_compartment.homelab.id; + value = config.resource.oci_identity_compartment.trantor "id"; }; instance_public_ip = { - value = config.resource.oci_core_instance.trantor.public_ip; + value = config.resource.oci_core_instance.trantor "public_ip"; }; }; } diff --git a/terranix/tailscale/tailnet.nix b/terranix/tailscale/tailnet.nix new file mode 100644 index 0000000..e69de29 diff --git a/terranixConfigurations.nix b/terranixConfigurations.nix index 8606b2c..fc84f17 100644 --- a/terranixConfigurations.nix +++ b/terranixConfigurations.nix @@ -5,11 +5,15 @@ inputs.terranix.flakeModule ]; - perSystem = { - terranix.terranixConfigurations = { - oci-homelab = { - modules = [ ./terranix/oci/homelab.nix ]; + perSystem = + { pkgs, ... }: + + { + terranix.terranixConfigurations = { + oci-trantor = { + modules = [ ./terranix/oci/trantor.nix ]; + terraformWrapper.package = pkgs.opentofu; + }; }; }; - }; } From 697a9f2cabb4a7699bb747bcc87d6ada86100183 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 3 Nov 2025 10:55:14 -0300 Subject: [PATCH 068/206] wrap fastfetch with config; run fastfetch on ssh login --- hosts/modules/common/openssh.nix | 5 ++ hosts/modules/common/programs.nix | 2 +- hosts/modules/common/users.nix | 6 --- overlays.nix | 5 +- packages.nix | 5 +- packages/fastfetch.nix | 81 +++++++++++++++++++++++++++++++ 6 files changed, 93 insertions(+), 11 deletions(-) create mode 100644 packages/fastfetch.nix diff --git a/hosts/modules/common/openssh.nix b/hosts/modules/common/openssh.nix index 07108ce..63422b3 100644 --- a/hosts/modules/common/openssh.nix +++ b/hosts/modules/common/openssh.nix @@ -5,4 +5,9 @@ enable = true; settings.PermitRootLogin = "no"; }; + programs.fish.interactiveShellInit = '' + if set -q SSH_CONNECTION + neofetch + end + ''; } diff --git a/hosts/modules/common/programs.nix b/hosts/modules/common/programs.nix index e0cc2c9..be57b69 100644 --- a/hosts/modules/common/programs.nix +++ b/hosts/modules/common/programs.nix @@ -7,6 +7,7 @@ git ### System Utilities ### btop + fastfetch helix nixos-firewall-tool nvd @@ -18,7 +19,6 @@ shellAliases = { cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; ls = "${lib.getExe pkgs.eza} --icons --group-directories-first"; - neofetch = "${lib.getExe pkgs.fastfetch}"; tree = "ls --tree"; }; }; diff --git a/hosts/modules/common/users.nix b/hosts/modules/common/users.nix index 076eb99..0572153 100644 --- a/hosts/modules/common/users.nix +++ b/hosts/modules/common/users.nix @@ -20,10 +20,4 @@ hashedPassword = "!"; }; }; - programs.fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - ''; - }; } diff --git a/overlays.nix b/overlays.nix index 2732f0e..eab4edf 100644 --- a/overlays.nix +++ b/overlays.nix @@ -3,10 +3,11 @@ { flake.overlays = { default = final: prev: { - toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; + base16-schemes = inputs.self.packages.${final.system}.base16-schemes; + fastfetch = inputs.self.packages.${final.system}.fastfetch; hm-cli = inputs.self.packages.${final.system}.hm-cli; kwrite = inputs.self.packages.${final.system}.kwrite; - base16-schemes = inputs.self.packages.${final.system}.base16-schemes; + toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; }; }; } diff --git a/packages.nix b/packages.nix index 2cd7661..46979f8 100644 --- a/packages.nix +++ b/packages.nix @@ -5,10 +5,11 @@ { pkgs, system, ... }: { packages = { - toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; + base16-schemes = pkgs.callPackage ./packages/base16-schemes.nix { }; + fastfetch = pkgs.callPackage ./packages/fastfetch.nix { }; hm-cli = pkgs.callPackage ./packages/hm-cli.nix { }; kwrite = pkgs.callPackage ./packages/kwrite.nix { }; - base16-schemes = pkgs.callPackage ./packages/base16-schemes.nix { }; + toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; }; }; } diff --git a/packages/fastfetch.nix b/packages/fastfetch.nix new file mode 100644 index 0000000..fa8e0ea --- /dev/null +++ b/packages/fastfetch.nix @@ -0,0 +1,81 @@ +{ + lib, + pkgs ? import { }, +}: + +let + fastfetch-logo = pkgs.fetchurl { + url = "https://discourse.nixos.org/uploads/default/original/3X/3/6/36954e6d6aa32c8b00f50ca43f142d898c1ff535.png"; + hash = "sha256-aLHz8jSAFocrn+Pb4vRq0wtkYFJpBpZRevd+VoZC/PQ="; + }; + + fastfetch-config = pkgs.writeText "fastfetch-config.json" ( + builtins.toJSON { + "$schema" = "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json"; + modules = [ + "title" + "separator" + { + type = "os"; + keyWidth = 9; + } + { + type = "kernel"; + keyWidth = 9; + } + { + type = "uptime"; + keyWidth = 9; + } + { + type = "shell"; + keyWidth = 9; + } + "break" + { + type = "cpu"; + keyWidth = 11; + } + { + type = "memory"; + keyWidth = 11; + } + { + type = "swap"; + keyWidth = 11; + } + { + type = "disk"; + folders = "/"; + keyWidth = 11; + } + { + type = "command"; + key = "Systemd"; + keyWidth = 11; + text = "echo \"$(systemctl list-units --state=failed --no-legend | wc -l) failed units, $(systemctl list-jobs --no-legend | wc -l) queued jobs\""; + } + "break" + { + type = "command"; + key = "Public IP"; + keyWidth = 15; + text = "curl -s -4 ifconfig.me 2>/dev/null || echo 'N/A'"; + } + { + type = "command"; + key = "Tailscale IP"; + keyWidth = 15; + text = "tailscale ip -4 2>/dev/null || echo 'N/A'"; + } + { + type = "command"; + key = "Local IP"; + keyWidth = 15; + text = "ip -4 addr show scope global | grep inet | head -n1 | awk '{print $2}' | cut -d/ -f1"; + } + ]; + } + ); +in +pkgs.writeShellScriptBin "fastfetch" ''exec ${lib.getExe pkgs.fastfetch} --config ${fastfetch-config} --logo-type kitty --logo ${fastfetch-logo} --logo-padding-right 1 --logo-width 36 "$@" '' From 447778eb46bafd81477e66857f828b3d09ebaf31 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 3 Nov 2025 11:13:56 -0300 Subject: [PATCH 069/206] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/2f0f812f69f3eb4140157fe15e12739adf82e32a?narHash=sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L%2BVSybPfiIgzU8lbQ%3D' (2025-10-19) → 'github:ryantm/agenix/9ba0d85de3eaa7afeab493fed622008b6e4924f5?narHash=sha256-lsNWuj4Z%2BpE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94%3D' (2025-10-28) • Updated input 'disko/nixpkgs': 'github:NixOS/nixpkgs/a7fc11be66bdfb5cdde611ee5ce381c183da8386?narHash=sha256-QoJjGd4NstnyOG4mm4KXF%2BweBzA2AH/7gn1Pmpfcb0A%3D' (2025-10-31) → 'github:NixOS/nixpkgs/dab3a6e781554f965bde3def0aa2fda4eb8f1708?narHash=sha256-lFNVsu/mHLq3q11MuGkMhUUoSXEdQjCHvpReaGP1S2k%3D' (2025-07-15) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/864599284fc7c0ba6357ed89ed5e2cd5040f0c04?narHash=sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4%3D' (2025-10-20) → 'github:hercules-ci/flake-parts/0010412d62a25d959151790968765a70c436598b?narHash=sha256-z5PlZ47j50VNF3R%2BIMS9LmzI5fYRGY/Z5O5tol1c9I4%3D' (2025-11-01) • Updated input 'flake-parts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/a73b9c743612e4244d865a2fdee11865283c04e6?narHash=sha256-x2rJ%2BOvzq0sCMpgfgGaaqgBSwY%2BLST%2BWbZ6TytnT9Rk%3D' (2025-08-10) → 'github:nix-community/nixpkgs.lib/719359f4562934ae99f5443f20aa06c2ffff91fc?narHash=sha256-b0yj6kfvO8ApcSE%2BQmA6mUfu8IYG6/uU28OFn4PaC8M%3D' (2025-10-29) • Updated input 'home-manager': 'github:nix-community/home-manager/189c21cf879669008ccf06e78a553f17e88d8ef0?narHash=sha256-nZh6uvc71nVNaf/y%2BwesnjwsmJ6IZZUnP2EzpZe48To%3D' (2025-10-20) → 'github:nix-community/home-manager/8c824254b1ed9e797f6235fc3c62f365893c561a?narHash=sha256-I%2B8yE5HVR2SFcHnW0771psQ/zn0qVzsKHY/gUM0nEVM%3D' (2025-11-03) • Updated input 'niri-flake': 'github:sodiboo/niri-flake/f851a923137c0a54719412146fd63d24b3214e60?narHash=sha256-E2ySTu/oK7cYBdAI3tlGP9zVjF4mZgWJ1OZInBCMb00%3D' (2025-10-20) → 'github:sodiboo/niri-flake/df17789929ac80f4157b15724450db6a303a6dc9?narHash=sha256-U3SDbk7tIwLChpvb3FL66o8V0byaQ2RGMiy/3oLdxTI%3D' (2025-11-03) • Updated input 'niri-flake/niri-unstable': 'github:YaLTeR/niri/b3245b81a6ed8edfaf5388a74d2e0a23c24941e5?narHash=sha256-KbM47vD6E0cx%2Bv4jYQZ8mD5N186AKm2CQlyh34TW58U%3D' (2025-10-20) → 'github:YaLTeR/niri/a2ca2b3c866bc781b12c334a9f949b3db6d7c943?narHash=sha256-anRlNG6t7esBbF1%2BALDeathVBSclA0PEL52Vo0WnN5g%3D' (2025-11-03) • Updated input 'niri-flake/nixpkgs': 'github:NixOS/nixpkgs/5e2a59a5b1a82f89f2c7e598302a9cacebb72a67?narHash=sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs%3D' (2025-10-19) → 'github:NixOS/nixpkgs/2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15?narHash=sha256-kJ8lIZsiPOmbkJypG%2BB5sReDXSD1KGu2VEPNqhRa/ew%3D' (2025-10-31) • Updated input 'niri-flake/nixpkgs-stable': 'github:NixOS/nixpkgs/33c6dca0c0cb31d6addcd34e90a63ad61826b28c?narHash=sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0%3D' (2025-10-19) → 'github:NixOS/nixpkgs/3de8f8d73e35724bf9abef41f1bdbedda1e14a31?narHash=sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo%3D' (2025-11-01) • Updated input 'niri-flake/xwayland-satellite-unstable': 'github:Supreeeme/xwayland-satellite/a9188e70bd748118b4d56a529871b9de5adb9988?narHash=sha256-0pkftKs6/LReNvxw7DVTN2AJEheZVgyeK0Aarbagi70%3D' (2025-10-05) → 'github:Supreeeme/xwayland-satellite/0728d59ff6463a502e001fb090f6eb92dbc04756?narHash=sha256-fBrUszJXmB4MY%2Bwf3QsCnqWHcz7u7fLq0QMAWCltIQg%3D' (2025-10-28) • Updated input 'nix-index-database': 'github:nix-community/nix-index-database/5024e1901239a76b7bf94a4cd27f3507e639d49e?narHash=sha256-xmU8kAsRprJiTGBTaGrwmjBP3AMA9ltlrxHKFuy5JWc%3D' (2025-10-19) → 'github:nix-community/nix-index-database/359ff6333a7b0b60819d4c20ed05a3a1f726771f?narHash=sha256-Pu1v3mlFhRzZiSxVHb2/i/f5yeYyRNqr0RvEUJ4UgHo%3D' (2025-11-02) • Updated input 'nixos-cli': 'github:nix-community/nixos-cli/c8f5ce1fd9bf151df74328795b6b2720e2e22d75?narHash=sha256-N%2BF4n1WYE3AWc/kmdqIz67GNX7PgyKosnmGYYx8vR9k%3D' (2025-10-19) → 'github:nix-community/nixos-cli/5c259f72ae1eaa00b99354d81130d8fddb7f9a7a?narHash=sha256-IUm2nkbKlDkG94ruTmIYLERpBn6gXydm3scZIKzpcKs%3D' (2025-11-01) • Updated input 'nixos-cli/flake-compat': 'github:edolstra/flake-compat/9100a0f413b0c601e0533d1d94ffd501ce2e7885?narHash=sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX%2BfjA8Xf8PUmqCY%3D' (2025-05-12) → 'github:edolstra/flake-compat/f387cd2afec9419c8ee37694406ca490c3f34ee5?narHash=sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4%3D' (2025-10-27) • Updated input 'nixos-cli/nixpkgs': 'github:NixOS/nixpkgs/647e5c14cbd5067f44ac86b74f014962df460840?narHash=sha256-JVZl8NaVRYb0%2B381nl7LvPE%2BA774/dRpif01FKLrYFQ%3D' (2025-09-28) → 'github:NixOS/nixpkgs/a7fc11be66bdfb5cdde611ee5ce381c183da8386?narHash=sha256-QoJjGd4NstnyOG4mm4KXF%2BweBzA2AH/7gn1Pmpfcb0A%3D' (2025-10-31) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/5e2a59a5b1a82f89f2c7e598302a9cacebb72a67?narHash=sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs%3D' (2025-10-19) → 'github:nixos/nixpkgs/2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15?narHash=sha256-kJ8lIZsiPOmbkJypG%2BB5sReDXSD1KGu2VEPNqhRa/ew%3D' (2025-10-31) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/33c6dca0c0cb31d6addcd34e90a63ad61826b28c?narHash=sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0%3D' (2025-10-19) → 'github:nixos/nixpkgs/3de8f8d73e35724bf9abef41f1bdbedda1e14a31?narHash=sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo%3D' (2025-11-01) • Updated input 'noctalia': 'github:noctalia-dev/noctalia-shell/c3439b262c7cb3d57c93197a93a3aa382582bdae?narHash=sha256-XAs/Q4zBJIfK/bwq9KjTUkTH15A%2BPe2rIilyvalEHuM%3D' (2025-10-23) → 'github:noctalia-dev/noctalia-shell/5ca5aa602f58a8e0e73fedbef351f1cdf8cbe981?narHash=sha256-gHfzrTDSnNC5yRJwkZfP55fPHUc8DuB4OQEIBSQSs18%3D' (2025-11-03) • Updated input 'noctalia/quickshell': 'git+https://git.outfoxxed.me/outfoxxed/quickshell?ref=refs/heads/master&rev=a5431dd02dc23d9ef1680e67777fed00fe5f7cda' (2025-07-27) → 'git+https://git.outfoxxed.me/outfoxxed/quickshell?ref=refs/heads/master&rev=db1777c20b936a86528c1095cbcb1ebd92801402' (2025-10-30) • Updated input 'stylix': 'github:danth/stylix/8d008296a1b3be9b57ad570f7acea00dd2fc92db?narHash=sha256-4C3I/ssFsq8EgaUmZP0xv5V7RV0oCHgL/Rx%2BMUkuE%2BE%3D' (2025-10-14) → 'github:danth/stylix/8c0640d5722a02178c8ee80a62c5f019cab4b3c1?narHash=sha256-wGiL2K3kAyBBmIZpJEskaSIgyzzpg0zwfvri%2BSy6/CI%3D' (2025-11-02) • Updated input 'terranix': 'github:terranix/terranix/924573fa6587ac57b0d15037fbd2d3f0fcdf17fb?narHash=sha256-hTMi6oGU%2B6VRnW9SZZ%2BmuFcbfMEf2ajjOp7Z2KM5MMY%3D' (2025-09-07) → 'github:terranix/terranix/a79a47b4617dfb92184e2e5b8f5aa6fc06c659c8?narHash=sha256-J1L1yP29NVBJO04LA/JGM6kwhnjeNhEsX0tLFnuN3FI%3D' (2025-11-03) • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/596c3ac14be576b93f5db9252a1b0581e453ec9f?narHash=sha256-RehxVjBRC9EiBO36EPZROLHhVVSWFe3KEROhaEapboM%3D' (2025-10-20) → 'github:0xc000022070/zen-browser-flake/10e69cb268b1d3dc91135e72f5462b2acfbcc3aa?narHash=sha256-sIPhzkDrfe6ptthZiwoxQyO6rKd9PgJnl%2BLOyythQkI%3D' (2025-11-03) --- flake.lock | 128 ++++++++++++++++++++++++++--------------------------- 1 file changed, 64 insertions(+), 64 deletions(-) diff --git a/flake.lock b/flake.lock index 5993cdf..429e817 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1760836749, - "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "lastModified": 1761656077, + "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=", "owner": "ryantm", "repo": "agenix", - "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", + "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5", "type": "github" }, "original": { @@ -186,11 +186,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -204,11 +204,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1760948891, - "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", + "lastModified": 1762040540, + "narHash": "sha256-z5PlZ47j50VNF3R+IMS9LmzI5fYRGY/Z5O5tol1c9I4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", + "rev": "0010412d62a25d959151790968765a70c436598b", "type": "github" }, "original": { @@ -338,11 +338,11 @@ ] }, "locked": { - "lastModified": 1760929667, - "narHash": "sha256-nZh6uvc71nVNaf/y+wesnjwsmJ6IZZUnP2EzpZe48To=", + "lastModified": 1762178366, + "narHash": "sha256-I+8yE5HVR2SFcHnW0771psQ/zn0qVzsKHY/gUM0nEVM=", "owner": "nix-community", "repo": "home-manager", - "rev": "189c21cf879669008ccf06e78a553f17e88d8ef0", + "rev": "8c824254b1ed9e797f6235fc3c62f365893c561a", "type": "github" }, "original": { @@ -418,11 +418,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1760950171, - "narHash": "sha256-E2ySTu/oK7cYBdAI3tlGP9zVjF4mZgWJ1OZInBCMb00=", + "lastModified": 1762152856, + "narHash": "sha256-U3SDbk7tIwLChpvb3FL66o8V0byaQ2RGMiy/3oLdxTI=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "f851a923137c0a54719412146fd63d24b3214e60", + "rev": "df17789929ac80f4157b15724450db6a303a6dc9", "type": "github" }, "original": { @@ -451,11 +451,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1760940149, - "narHash": "sha256-KbM47vD6E0cx+v4jYQZ8mD5N186AKm2CQlyh34TW58U=", + "lastModified": 1762146685, + "narHash": "sha256-anRlNG6t7esBbF1+ALDeathVBSclA0PEL52Vo0WnN5g=", "owner": "YaLTeR", "repo": "niri", - "rev": "b3245b81a6ed8edfaf5388a74d2e0a23c24941e5", + "rev": "a2ca2b3c866bc781b12c334a9f949b3db6d7c943", "type": "github" }, "original": { @@ -487,11 +487,11 @@ ] }, "locked": { - "lastModified": 1760846226, - "narHash": "sha256-xmU8kAsRprJiTGBTaGrwmjBP3AMA9ltlrxHKFuy5JWc=", + "lastModified": 1762055842, + "narHash": "sha256-Pu1v3mlFhRzZiSxVHb2/i/f5yeYyRNqr0RvEUJ4UgHo=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "5024e1901239a76b7bf94a4cd27f3507e639d49e", + "rev": "359ff6333a7b0b60819d4c20ed05a3a1f726771f", "type": "github" }, "original": { @@ -528,11 +528,11 @@ "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1760856139, - "narHash": "sha256-N+F4n1WYE3AWc/kmdqIz67GNX7PgyKosnmGYYx8vR9k=", + "lastModified": 1761970410, + "narHash": "sha256-IUm2nkbKlDkG94ruTmIYLERpBn6gXydm3scZIKzpcKs=", "owner": "nix-community", "repo": "nixos-cli", - "rev": "c8f5ce1fd9bf151df74328795b6b2720e2e22d75", + "rev": "5c259f72ae1eaa00b99354d81130d8fddb7f9a7a", "type": "github" }, "original": { @@ -559,11 +559,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1754788789, - "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "lastModified": 1761765539, + "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", "type": "github" }, "original": { @@ -574,11 +574,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1760862643, - "narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=", + "lastModified": 1761999846, + "narHash": "sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c", + "rev": "3de8f8d73e35724bf9abef41f1bdbedda1e14a31", "type": "github" }, "original": { @@ -590,11 +590,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1760862643, - "narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=", + "lastModified": 1761999846, + "narHash": "sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c", + "rev": "3de8f8d73e35724bf9abef41f1bdbedda1e14a31", "type": "github" }, "original": { @@ -606,11 +606,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1761880412, - "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", + "lastModified": 1752596105, + "narHash": "sha256-lFNVsu/mHLq3q11MuGkMhUUoSXEdQjCHvpReaGP1S2k=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386", + "rev": "dab3a6e781554f965bde3def0aa2fda4eb8f1708", "type": "github" }, "original": { @@ -638,11 +638,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1760878510, - "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", + "lastModified": 1761907660, + "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", + "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", "type": "github" }, "original": { @@ -670,11 +670,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1759070547, - "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", + "lastModified": 1761880412, + "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "647e5c14cbd5067f44ac86b74f014962df460840", + "rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386", "type": "github" }, "original": { @@ -686,11 +686,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1760878510, - "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", + "lastModified": 1761907660, + "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", + "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", "type": "github" }, "original": { @@ -741,11 +741,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1761190730, - "narHash": "sha256-XAs/Q4zBJIfK/bwq9KjTUkTH15A+Pe2rIilyvalEHuM=", + "lastModified": 1762156721, + "narHash": "sha256-gHfzrTDSnNC5yRJwkZfP55fPHUc8DuB4OQEIBSQSs18=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "c3439b262c7cb3d57c93197a93a3aa382582bdae", + "rev": "5ca5aa602f58a8e0e73fedbef351f1cdf8cbe981", "type": "github" }, "original": { @@ -787,11 +787,11 @@ ] }, "locked": { - "lastModified": 1753595452, - "narHash": "sha256-vqkSDvh7hWhPvNjMjEDV4KbSCv2jyl2Arh73ZXe274k=", + "lastModified": 1761821581, + "narHash": "sha256-nLuc6jA7z+H/6bHPEBSOYPbz7RtvNCZiTKmYItJuBmM=", "ref": "refs/heads/master", - "rev": "a5431dd02dc23d9ef1680e67777fed00fe5f7cda", - "revCount": 665, + "rev": "db1777c20b936a86528c1095cbcb1ebd92801402", + "revCount": 699, "type": "git", "url": "https://git.outfoxxed.me/outfoxxed/quickshell" }, @@ -883,11 +883,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1760472212, - "narHash": "sha256-4C3I/ssFsq8EgaUmZP0xv5V7RV0oCHgL/Rx+MUkuE+E=", + "lastModified": 1762101397, + "narHash": "sha256-wGiL2K3kAyBBmIZpJEskaSIgyzzpg0zwfvri+Sy6/CI=", "owner": "danth", "repo": "stylix", - "rev": "8d008296a1b3be9b57ad570f7acea00dd2fc92db", + "rev": "8c0640d5722a02178c8ee80a62c5f019cab4b3c1", "type": "github" }, "original": { @@ -995,11 +995,11 @@ "systems": "systems_6" }, "locked": { - "lastModified": 1757278723, - "narHash": "sha256-hTMi6oGU+6VRnW9SZZ+muFcbfMEf2ajjOp7Z2KM5MMY=", + "lastModified": 1762161791, + "narHash": "sha256-J1L1yP29NVBJO04LA/JGM6kwhnjeNhEsX0tLFnuN3FI=", "owner": "terranix", "repo": "terranix", - "rev": "924573fa6587ac57b0d15037fbd2d3f0fcdf17fb", + "rev": "a79a47b4617dfb92184e2e5b8f5aa6fc06c659c8", "type": "github" }, "original": { @@ -1127,11 +1127,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1759707084, - "narHash": "sha256-0pkftKs6/LReNvxw7DVTN2AJEheZVgyeK0Aarbagi70=", + "lastModified": 1761622056, + "narHash": "sha256-fBrUszJXmB4MY+wf3QsCnqWHcz7u7fLq0QMAWCltIQg=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "a9188e70bd748118b4d56a529871b9de5adb9988", + "rev": "0728d59ff6463a502e001fb090f6eb92dbc04756", "type": "github" }, "original": { @@ -1146,11 +1146,11 @@ "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1760934351, - "narHash": "sha256-RehxVjBRC9EiBO36EPZROLHhVVSWFe3KEROhaEapboM=", + "lastModified": 1762131860, + "narHash": "sha256-sIPhzkDrfe6ptthZiwoxQyO6rKd9PgJnl+LOyythQkI=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "596c3ac14be576b93f5db9252a1b0581e453ec9f", + "rev": "10e69cb268b1d3dc91135e72f5462b2acfbcc3aa", "type": "github" }, "original": { From fe091504d08430563e0e6c42678ea991df2e3656 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 3 Nov 2025 12:34:40 -0300 Subject: [PATCH 070/206] openssh greeting fixes --- hosts/alexandria/nextcloud.nix | 7 ++++++- hosts/modules/common/openssh.nix | 8 +++----- hosts/modules/common/programs.nix | 12 +++++++++++- users/modules/common/fish.nix | 5 ++++- 4 files changed, 24 insertions(+), 8 deletions(-) diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 68d4875..9e606d9 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -24,7 +24,12 @@ in database.createLocally = true; maxUploadSize = "16G"; extraApps = { - inherit (config.services.nextcloud.package.packages.apps) calendar contacts notes; + inherit (config.services.nextcloud.package.packages.apps) + calendar + contacts + notes + tasks + ; }; extraAppsEnable = true; caching = { diff --git a/hosts/modules/common/openssh.nix b/hosts/modules/common/openssh.nix index 63422b3..df70bdd 100644 --- a/hosts/modules/common/openssh.nix +++ b/hosts/modules/common/openssh.nix @@ -4,10 +4,8 @@ services.openssh = { enable = true; settings.PermitRootLogin = "no"; + extraConfig = '' + PrintLastLog no + ''; }; - programs.fish.interactiveShellInit = '' - if set -q SSH_CONNECTION - neofetch - end - ''; } diff --git a/hosts/modules/common/programs.nix b/hosts/modules/common/programs.nix index be57b69..fd10953 100644 --- a/hosts/modules/common/programs.nix +++ b/hosts/modules/common/programs.nix @@ -25,6 +25,16 @@ programs = { command-not-found.enable = false; - fish.enable = true; + fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + if set -q SSH_CONNECTION + export TERM=xterm-256color + clear + fastfetch + end + ''; + }; }; } diff --git a/users/modules/common/fish.nix b/users/modules/common/fish.nix index d95db24..c753297 100644 --- a/users/modules/common/fish.nix +++ b/users/modules/common/fish.nix @@ -3,7 +3,10 @@ { programs.fish = { enable = true; - interactiveShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; + interactiveShellInit = '' + set fish_greeting + ${lib.getExe pkgs.nix-your-shell} fish | source + ''; loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; plugins = [ { From 4622f2b299704e0458c48c69a27410ba39bd228e Mon Sep 17 00:00:00 2001 From: William Date: Mon, 3 Nov 2025 16:42:18 -0300 Subject: [PATCH 071/206] fix trantor disko config --- disko/trantor.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/disko/trantor.nix b/disko/trantor.nix index db1397e..0791308 100644 --- a/disko/trantor.nix +++ b/disko/trantor.nix @@ -27,8 +27,7 @@ name = "root"; size = "100%"; content = { - type = "filesystem"; - format = "btrfs"; + type = "btrfs"; extraArgs = [ "-f" ]; subvolumes = { "@root" = { From f5f1541aec620f879d7b1768d0b1e18abf96cb0a Mon Sep 17 00:00:00 2001 From: William Date: Mon, 3 Nov 2025 17:19:21 -0300 Subject: [PATCH 072/206] fixing trantor --- hosts/io/hardware-configuration.nix | 5 ++--- hosts/trantor/boot.nix | 5 ++++- hosts/trantor/hardware-configuration.nix | 7 ++++--- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/hosts/io/hardware-configuration.nix b/hosts/io/hardware-configuration.nix index cb114a1..a17fe24 100644 --- a/hosts/io/hardware-configuration.nix +++ b/hosts/io/hardware-configuration.nix @@ -2,15 +2,14 @@ config, lib, modulesPath, - self, + inputs, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") - self.diskoConfigurations.io - ]; + ] ++ inputs.self.diskoConfigurations.io.modules; boot = { initrd = { diff --git a/hosts/trantor/boot.nix b/hosts/trantor/boot.nix index 67ac124..0498818 100644 --- a/hosts/trantor/boot.nix +++ b/hosts/trantor/boot.nix @@ -1,3 +1,6 @@ { - boot.initrd.systemd.enable = true; + boot = { + initrd.systemd.enable = true; + loader.efi.efiSysMountPoint = "/boot/efi"; + }; } diff --git a/hosts/trantor/hardware-configuration.nix b/hosts/trantor/hardware-configuration.nix index 4a9503f..94568f6 100644 --- a/hosts/trantor/hardware-configuration.nix +++ b/hosts/trantor/hardware-configuration.nix @@ -1,15 +1,16 @@ { lib, modulesPath, - self, + inputs, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") - self.diskoConfigurations.trantor - ]; + inputs.disko.nixosModules.disko + ] + ++ inputs.self.diskoConfigurations.trantor.modules; boot = { kernelModules = [ ]; From d6f582fffd2df08649cc609f180f9ed5d619e5cd Mon Sep 17 00:00:00 2001 From: William Date: Mon, 3 Nov 2025 21:37:03 -0300 Subject: [PATCH 073/206] no diskoConfirations outputs --- diskoConfigurations.nix | 12 --------- flake.nix | 1 - disko/io.nix => hosts/io/disko.nix | 0 hosts/io/hardware-configuration.nix | 4 +-- hosts/modules/ephemeral.nix | 2 +- disko/trantor.nix => hosts/trantor/disko.nix | 6 ++++- hosts/trantor/hardware-configuration.nix | 26 ++++++-------------- 7 files changed, 14 insertions(+), 37 deletions(-) delete mode 100644 diskoConfigurations.nix rename disko/io.nix => hosts/io/disko.nix (100%) rename disko/trantor.nix => hosts/trantor/disko.nix (90%) diff --git a/diskoConfigurations.nix b/diskoConfigurations.nix deleted file mode 100644 index 511eddc..0000000 --- a/diskoConfigurations.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ - inputs.disko.flakeModule - ]; - - flake.diskoConfigurations = { - io.modules = [ ./disko/io.nix ]; - trantor.modules = [ ./disko/trantor.nix ]; - }; -} diff --git a/flake.nix b/flake.nix index c9d5076..07d4a02 100644 --- a/flake.nix +++ b/flake.nix @@ -62,7 +62,6 @@ imports = [ ./deploy.nix ./devShells.nix - ./diskoConfigurations.nix ./homeConfigurations.nix ./nixosConfigurations.nix ./nixosModules.nix diff --git a/disko/io.nix b/hosts/io/disko.nix similarity index 100% rename from disko/io.nix rename to hosts/io/disko.nix diff --git a/hosts/io/hardware-configuration.nix b/hosts/io/hardware-configuration.nix index a17fe24..8e4dae4 100644 --- a/hosts/io/hardware-configuration.nix +++ b/hosts/io/hardware-configuration.nix @@ -7,9 +7,7 @@ }: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ] ++ inputs.self.diskoConfigurations.io.modules; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot = { initrd = { diff --git a/hosts/modules/ephemeral.nix b/hosts/modules/ephemeral.nix index 8ed08bc..cad5f41 100644 --- a/hosts/modules/ephemeral.nix +++ b/hosts/modules/ephemeral.nix @@ -10,7 +10,7 @@ enable = true; rootDevice = if config.networking.hostName == "trantor" then - "/dev/disk/by-id/scsi-36067d367fe184830a89bbe708c7b1066" + "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2" else "/dev/mapper/cryptroot"; rootSubvolume = "@root"; diff --git a/disko/trantor.nix b/hosts/trantor/disko.nix similarity index 90% rename from disko/trantor.nix rename to hosts/trantor/disko.nix index 0791308..0e47058 100644 --- a/disko/trantor.nix +++ b/hosts/trantor/disko.nix @@ -1,7 +1,11 @@ +{ inputs, ... }: + { + imports = [ inputs.disko.nixosModules.default ]; + disko.devices.disk.main = { type = "disk"; - device = "/dev/disk/by-id/scsi-36067d367fe184830a89bbe708c7b1066"; + device = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20"; content = { type = "gpt"; partitions = { diff --git a/hosts/trantor/hardware-configuration.nix b/hosts/trantor/hardware-configuration.nix index 94568f6..039129e 100644 --- a/hosts/trantor/hardware-configuration.nix +++ b/hosts/trantor/hardware-configuration.nix @@ -1,30 +1,18 @@ { lib, modulesPath, - inputs, ... }: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - inputs.disko.nixosModules.disko - ] - ++ inputs.self.diskoConfigurations.trantor.modules; + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot = { - kernelModules = [ ]; - extraModulePackages = [ ]; - initrd = { - availableKernelModules = [ - "xhci_pci" - "virtio_pci" - "virtio_scsi" - "usbhid" - ]; - kernelModules = [ ]; - }; - }; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "virtio_pci" + "virtio_scsi" + "usbhid" + ]; networking.useDHCP = lib.mkDefault true; From 97450f0057a4a4e488ba0f79105105e27697d67b Mon Sep 17 00:00:00 2001 From: William Date: Tue, 4 Nov 2025 08:13:16 -0300 Subject: [PATCH 074/206] no more protonup --- hosts/modules/gaming.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/modules/gaming.nix b/hosts/modules/gaming.nix index cf6217f..5aef14e 100644 --- a/hosts/modules/gaming.nix +++ b/hosts/modules/gaming.nix @@ -6,7 +6,6 @@ heroic mangohud prismlauncher - protonup steam-run ]; From cb59a911d63f70a6502ffa3e25aee7e2dfb9dd7f Mon Sep 17 00:00:00 2001 From: William Date: Thu, 6 Nov 2025 19:57:04 -0300 Subject: [PATCH 075/206] added ai tag for desktop hosts --- flake.lock | 151 ++++++++++++++++++++++++++++++++-------- flake.nix | 2 + hosts/modules/ai.nix | 9 +++ hosts/modules/dev.nix | 1 - nixosConfigurations.nix | 2 + 5 files changed, 136 insertions(+), 29 deletions(-) create mode 100644 hosts/modules/ai.nix diff --git a/flake.lock b/flake.lock index 429e817..3b994bf 100644 --- a/flake.lock +++ b/flake.lock @@ -91,6 +91,28 @@ "type": "github" } }, + "blueprint": { + "inputs": { + "nixpkgs": [ + "nix-ai-tools", + "nixpkgs" + ], + "systems": "systems_3" + }, + "locked": { + "lastModified": 1761645416, + "narHash": "sha256-wTQzbbQ6XHtvNJVuhJj+ytZDRyNtwUKbrIfIvMvKNfQ=", + "owner": "numtide", + "repo": "blueprint", + "rev": "633af1961cae8e02bc6195e6e599a6b09bf75217", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "blueprint", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -261,7 +283,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_3" + "systems": "systems_4" }, "locked": { "lastModified": 1731533236, @@ -464,6 +486,26 @@ "type": "github" } }, + "nix-ai-tools": { + "inputs": { + "blueprint": "blueprint", + "nixpkgs": "nixpkgs_5", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1762442079, + "narHash": "sha256-aWt5CgOsQiiq+caxF0iqp56kfHRkv8Tnz0X9DhJeBEE=", + "owner": "numtide", + "repo": "nix-ai-tools", + "rev": "aaee8f2df1325c7f212d769515092162bcac31a7", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "nix-ai-tools", + "type": "github" + } + }, "nix-flatpak": { "locked": { "lastModified": 1754777568, @@ -503,7 +545,7 @@ "nix-options-doc": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "rust-overlay": "rust-overlay_2" }, "locked": { @@ -525,7 +567,7 @@ "inputs": { "flake-compat": "flake-compat_2", "nix-options-doc": "nix-options-doc", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1761970410, @@ -604,6 +646,22 @@ "type": "github" } }, + "nixpkgs_10": { + "locked": { + "lastModified": 1755615617, + "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "20075955deac2583bb12f07151c2df830ef346b4", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1752596105, @@ -653,6 +711,22 @@ } }, "nixpkgs_5": { + "locked": { + "lastModified": 1762111121, + "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { "locked": { "lastModified": 1740695751, "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", @@ -668,7 +742,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1761880412, "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", @@ -684,7 +758,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1761907660, "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", @@ -700,7 +774,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1758690382, "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", @@ -716,29 +790,13 @@ "type": "github" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1755615617, - "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "20075955deac2583bb12f07151c2df830ef346b4", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "noctalia": { "inputs": { "nixpkgs": [ "nixpkgs" ], "quickshell": "quickshell", - "systems": "systems_4" + "systems": "systems_5" }, "locked": { "lastModified": 1762156721, @@ -810,10 +868,11 @@ "impermanence": "impermanence", "niri": "niri", "niri-flake": "niri-flake", + "nix-ai-tools": "nix-ai-tools", "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "nixpkgs-stable": "nixpkgs-stable_2", "noctalia": "noctalia", "stylix": "stylix", @@ -873,9 +932,9 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_2", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_9", "nur": "nur", - "systems": "systems_5", + "systems": "systems_6", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -986,13 +1045,28 @@ "type": "github" } }, + "systems_7": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "terranix": { "inputs": { "flake-parts": "flake-parts_3", "nixpkgs": [ "nixpkgs" ], - "systems": "systems_6" + "systems": "systems_7" }, "locked": { "lastModified": 1762161791, @@ -1089,6 +1163,27 @@ "type": "github" } }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nix-ai-tools", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1762410071, + "narHash": "sha256-aF5fvoZeoXNPxT0bejFUBXeUjXfHLSL7g+mjR/p5TEg=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "97a30861b13c3731a84e09405414398fbf3e109f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "utils": { "inputs": { "systems": "systems_2" @@ -1143,7 +1238,7 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_10" }, "locked": { "lastModified": 1762131860, diff --git a/flake.nix b/flake.nix index 07d4a02..af148c1 100644 --- a/flake.nix +++ b/flake.nix @@ -49,6 +49,8 @@ url = "github:terranix/terranix"; inputs.nixpkgs.follows = "nixpkgs"; }; + + nix-ai-tools.url = "github:numtide/nix-ai-tools"; }; outputs = diff --git a/hosts/modules/ai.nix b/hosts/modules/ai.nix new file mode 100644 index 0000000..ddf4fca --- /dev/null +++ b/hosts/modules/ai.nix @@ -0,0 +1,9 @@ +{ inputs, pkgs, ... }: + +{ + environment.systemPackages = with inputs.nix-ai-tools.packages.${pkgs.system}; [ + claude-desktop + claudebox + opencode + ]; +} diff --git a/hosts/modules/dev.nix b/hosts/modules/dev.nix index 82908f2..c4cca78 100644 --- a/hosts/modules/dev.nix +++ b/hosts/modules/dev.nix @@ -3,7 +3,6 @@ { environment.systemPackages = with pkgs; [ bat - claude-code lazygit fd fzf diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index ced8851..85fd378 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -10,6 +10,7 @@ in hostname = "rotterdam"; tags = [ "desktop" + "ai" "bluetooth" "dev" "ephemeral" @@ -25,6 +26,7 @@ in hostname = "io"; tags = [ "desktop" + "ai" "bluetooth" "dev" "ephemeral" From 6ec815a7668b8af89d2ff800ecee32253c916cfd Mon Sep 17 00:00:00 2001 From: William Date: Thu, 6 Nov 2025 19:59:58 -0300 Subject: [PATCH 076/206] fix disko usage for io --- hosts/io/disko.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/io/disko.nix b/hosts/io/disko.nix index 37f3160..4e6c9d5 100644 --- a/hosts/io/disko.nix +++ b/hosts/io/disko.nix @@ -1,4 +1,8 @@ +{ inputs, ... }: + { + imports = [ inputs.disko.nixosModules.default ]; + disko.devices.disk.main = { type = "disk"; device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689"; From 59cda1884dfd49bed2852fca8ca1af82e1fcfcd3 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 7 Nov 2025 06:17:28 -0300 Subject: [PATCH 077/206] add recipient to oci alert --- terranix/oci/trantor.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/terranix/oci/trantor.nix b/terranix/oci/trantor.nix index 37c12ae..2037d87 100644 --- a/terranix/oci/trantor.nix +++ b/terranix/oci/trantor.nix @@ -229,6 +229,7 @@ threshold = 5; threshold_type = "PERCENTAGE"; display_name = "daily-spend-alert"; + recipients = "baduhai@proton.me"; description = "Alert when daily spending exceeds $0.05"; message = "Daily spending has exceeded $0.05 in the trantor compartment"; }; From 45f89a1663187983364c38e04a1f5c857d21a3bb Mon Sep 17 00:00:00 2001 From: William Date: Fri, 7 Nov 2025 07:15:12 -0300 Subject: [PATCH 078/206] add claude-code back --- hosts/modules/ai.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/ai.nix b/hosts/modules/ai.nix index ddf4fca..e2dd9d2 100644 --- a/hosts/modules/ai.nix +++ b/hosts/modules/ai.nix @@ -3,6 +3,7 @@ { environment.systemPackages = with inputs.nix-ai-tools.packages.${pkgs.system}; [ claude-desktop + claude-code claudebox opencode ]; From d3ef56c724a2eed6b0544e0a01f69ceb33adb70d Mon Sep 17 00:00:00 2001 From: William Date: Fri, 7 Nov 2025 11:55:27 -0300 Subject: [PATCH 079/206] add presenterm to desktops --- hosts/modules/desktop/desktop.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 5258442..f2418ce 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -35,6 +35,7 @@ libreoffice onlyoffice-desktopeditors papers + presenterm rnote ### Graphics & Design ### gimp From 5baff5a68e44900d13e0579a3479cfcf5ab92b2f Mon Sep 17 00:00:00 2001 From: William Date: Fri, 7 Nov 2025 12:13:47 -0300 Subject: [PATCH 080/206] added kanshi to manage displays --- users/modules/desktop/niri.nix | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 16955d9..283d940 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -14,19 +14,27 @@ in { imports = [ inputs.noctalia.homeModules.default ]; + services.kanshi = { + enable = true; + settings = [ + { + profile.name = "default"; + profile.outputs = [ + { + criteria = "*"; + scale = 1.0; + } + ]; + } + ]; + }; + home = { packages = with pkgs; [ xwayland-satellite ]; sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; }; xdg.configFile."niri/config.kdl".text = '' - output "eDP-1" { - scale 1.0 - } - output "DP-3" { - scale 1.0 - } - input { keyboard { xkb { From 52eaf14b0950fa725e86bfb521a40fbdabe4969f Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 13:02:22 -0300 Subject: [PATCH 081/206] noto emoji font name change; niri window/workspace up/down keybind --- users/modules/desktop/niri.nix | 8 ++++---- users/modules/stylix.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 283d940..1f6a1bf 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -163,13 +163,13 @@ in Mod+Shift+Q { close-window; } Alt+F4 { close-window; } Mod+Left { focus-column-left; } - Mod+Down { focus-window-down; } - Mod+Up { focus-window-up; } + Mod+Down { focus-window-or-workspace-down; } + Mod+Up { focus-window-or-workspace-up; } Mod+Right { focus-column-right; } Mod+H { focus-column-left; } Mod+L { focus-column-right; } - Mod+J { focus-window-down; } - Mod+K { focus-window-up; } + Mod+J { focus-window-or-workspace-down; } + Mod+K { focus-window-or-workspace-up; } Ctrl+Alt+J { focus-workspace-down; } Ctrl+Alt+K { focus-workspace-up; } Ctrl+Alt+Down { focus-workspace-down; } diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix index 13ba8b6..f1c7e44 100644 --- a/users/modules/stylix.nix +++ b/users/modules/stylix.nix @@ -46,7 +46,7 @@ name = "FiraCode Nerd Font"; }; emoji = { - package = pkgs.noto-fonts-emoji; + package = pkgs.noto-fonts-color-emoji; name = "Noto Color Emoji"; }; sizes = { From a1369e5818cd0bf26ae7dfd5970b81e81272d682 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 20:46:38 -0300 Subject: [PATCH 082/206] rekeyd secrets --- hosts/alexandria/firewall.nix | 11 ----------- secrets/cloudflare.age | 18 ++++++++++-------- secrets/nextcloud-adminpass.age | Bin 465 -> 465 bytes secrets/nextcloud-secrets.json.age | Bin 537 -> 537 bytes secrets/secrets.nix | 3 ++- 5 files changed, 12 insertions(+), 20 deletions(-) delete mode 100644 hosts/alexandria/firewall.nix diff --git a/hosts/alexandria/firewall.nix b/hosts/alexandria/firewall.nix deleted file mode 100644 index f6fded2..0000000 --- a/hosts/alexandria/firewall.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: - -{ - networking.firewall = { - allowedTCPPorts = [ - 80 - 443 - ]; - allowedUDPPorts = [ ]; - }; -} diff --git a/secrets/cloudflare.age b/secrets/cloudflare.age index 9e989ec..028e964 100644 --- a/secrets/cloudflare.age +++ b/secrets/cloudflare.age @@ -1,9 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 Kfdnog gEZvRtLBhGslmS97VaRqoucgExvOopsHAAne4lCmEEY -NkIeFYuQFntDOBqd3k0/OVYMcM7h73uO0jPXaHzEcZc --> ssh-ed25519 8YSAiw bVV4jIDbBKxsr6mQ4Tv0rP6ylrAEOJWkqjpyvXjnQRU -6kUe5Syw7sd+aF2QEgr6Yj+fOPL5zSJN1PJvY9Kdhlg --> ssh-ed25519 J6tVTA 4JMlJmhHAYUgjiWwB1Q278TSjJypwecALmfnosxan0s -WIubcIFrjMV0GpyU1ZGc48YwrqOtSmJxweonw1KnR+U ---- 78A7re4LLB/0n5AXLRlVqiMNFMAQ2ZvjjK21YGRveRE -_4pkVCKm#~kI8Em3kp|0^tSk s/΅?=l,7~̈́c{ȞAݭ>ZlGTJsGY //B4e'IIc ,"< \ No newline at end of file +-> ssh-ed25519 Kfdnog IHXv4c5we36dCUsB1v8uEF23tIRlDQ/8WR1hX4GQ+Uc +Cwccw64BYBdSZUdkSqKESIU7E17cLNtiAZZ3Y1xV87A +-> ssh-ed25519 8YSAiw Ce3vdMG111ubjcFgd3+q2Qw2+7dsoUz7SiudtuLDr0Y +JUodwFsKfOTZXxFyRrEk/4gxJ4goPkwvYeThi893M0U +-> ssh-ed25519 J6tVTA bExFuITTGXkTvhW25nushN7zT/PJGDoezsqu7fLKemI +4a90v0F4wgcZeqWBQ/EpqOZ9OCgT7qruwVvlGZeFmN8 +-> ssh-ed25519 Qt3Q+A j1oo46pNh1+yPEtxpgj+QPQPf5m82jL0DHGMacY8UFA +vy52Hl1WLTdKNA8+4p7A48Sg9+QkMXbECf/uxVMCLYk +--- 429vzgFnmFbEqDMwdvC0/EYDJlKU64YEGgE0AqPqlBs +b/!8O3Df/&kNQhurt%&]ucjH]_5@D$>N8Ϧ >9:CvѦ69W'X]X^ƻ$}|c/ ߸={uɳs \ No newline at end of file diff --git a/secrets/nextcloud-adminpass.age b/secrets/nextcloud-adminpass.age index 3b6ff2affb50a87f4b2cf91edf585c73272a134f..b4a29fa2568f59e840bde1dbd55ace544626f3b8 100644 GIT binary patch delta 411 zcmcb}e35yAPJLc}VR4C}dq`2WO`Myv3IVvL6L8scd>U?K~-UTm4BX#r?KG0mcUv|0t$UXy zYw%v)XTN@Qb=HR#cxf*wE0#>Rwz7U4vS89VhUCO=pI6L?lj>d;)?c@4p5y5@N3J!G G_5lEIGm+c? delta 411 zcmcb}e35yAPJN=QslG{oagj-?Nm_<^np>o&wn1{HNuFtHy0fQcM1^l?aad@eS6ObB zE0?EFPKckAv5Aqhk6%GbghjAxUT|KOYhhMdaF#`Ju1l7?Q(#0^pm9N1GMBEMLUD11 zZfc5=si~o*f<r!^a)3v8o{zS6 zKu~a&lc%EzS5UTzt3_~G@Up1{UVQPR0R6-rmM3AwdPXK53yI+6Cc`X67NT9$x;r=~;%_j=_;!1t~sx zQQ>8Q9+iHUIZ>s-CRtf!#d+>|soEjFQ3e5t>1AnUfnE__;YQ_Ly1Kdw8D0fp!J(EF zemRNBmX={IMrN4?rQv2?<@%xe&iVeyj^!R+!J*FC28qeVT=(tk|74sxcJ}$9S=Tr| zUC=zrvWa)yQ#P5uo^SfEFZ_L>-MeDyY#FQdRyLBIo4j}xE;xlv{`2(FH{WY-E9QK> HX5a$=F~*Zs diff --git a/secrets/nextcloud-secrets.json.age b/secrets/nextcloud-secrets.json.age index 473f3cb97a38fcb01d2d7512306b9576963b2754..02d170dce9315c545774f3510a4f81541ea6137b 100644 GIT binary patch delta 484 zcmbQqGLvP3PQ6z|j%%7%ieq-3zL8r*x=V;jQD#MOc$%-Lvt?CaMxuU5o>_WoWx0`K zD3@1ZMWTClMs`7Rv1Nuum7{xPxxYtAQGS|5dUjcaafz#^OF?i-Xhm41374*&LUD11 zZfc5=si~o*f< zX0BmgWnNf5SDIx~g^9aSPx`V~&;o}nqJ!ByE@KHC1S zWzH3;5ozv~mZ{oK`X(V&AucJ!kshU9Zk_>&`V}R~X+D<8hIxTpy1KdwQKd;0Ri)a# zzMh5UMyc-Ef&OMCIjIqr&fccJk)h@Rj()!NK_%sep8f^NTp_t{KN=*=`v32=CU@f6 zb#FN=XRdnX61Z;tXEo;=u{B8>C9)d2%j>GzX8&-0mcX=iT4s;Z!JaS{UQVIjmu}Dg`A2*!eD> delta 484 zcmbQqGLvP3PJO0XiLpzFzh#AQNn);vWkgQCr*S~0WqGArij$dviAk_QSZ;`iSz(S_ zI#-&0mVa7ma8X5Kv44tBiiJyNm2*jsN485=q;E!Xfu~WjWoEd0PJym@eV`;dXWol`1s#~N8Yibt+vabaO-L10yezH4OQ z#E;_j>DfLeVL4vq0YAn`FS4cuD+&brAEGP6;8pP7JI(# g=e#`y61#*wLgp)0cI;b{`b%#~@#5{@wobYM08OvE1ONa4 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index d47309f..84b14d6 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -7,7 +7,7 @@ let alexandria = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK95QueW+jp1ZmF299Xr3XkgHJ6dL7aZVsfWxqbOKVKA root@alexandria"; - trantor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINkGuGLZPnYJbCGY4BhJ9uTupp6ruuR1NZ7FEYEaLPA7 root@alexandria"; + trantor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIh/2u5pr/iPVeavlsor5hbTtsgUfP1JpzZVco2YQAo3 root@trantor"; in { @@ -15,6 +15,7 @@ in io-user rotterdam-user alexandria + trantor ]; "nextcloud-adminpass.age".publicKeys = [ io-user From 2289f0e6e46b5adabb087b2dad5b35cb281fd03a Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 20:47:21 -0300 Subject: [PATCH 083/206] beginnings of split dns --- devShells.nix | 6 +-- hosts/alexandria/forgejo.nix | 9 +++++ hosts/alexandria/jellyfin.nix | 9 +++++ hosts/alexandria/librespeed.nix | 9 +++++ hosts/alexandria/nextcloud.nix | 9 +++++ hosts/alexandria/nginx.nix | 5 +++ hosts/alexandria/unbound.nix | 67 ++++++++++++++++++++++++++++++++ hosts/alexandria/vaultwarden.nix | 9 +++++ hosts/modules/split-dns.nix | 28 +++++++++++++ utils.nix | 29 ++++++++++++++ 10 files changed, 177 insertions(+), 3 deletions(-) create mode 100644 hosts/alexandria/unbound.nix create mode 100644 hosts/modules/split-dns.nix diff --git a/devShells.nix b/devShells.nix index 72b2695..f7e9627 100644 --- a/devShells.nix +++ b/devShells.nix @@ -1,12 +1,12 @@ -{ ... }: +{ inputs, ... }: { perSystem = - { pkgs, ... }: + { pkgs, system, ... }: { devShells.default = pkgs.mkShell { packages = with pkgs; [ - agenix-cli + inputs.agenix.packages.${system}.default deploy-rs nil nixfmt-rfc-style diff --git a/hosts/alexandria/forgejo.nix b/hosts/alexandria/forgejo.nix index 909d1d1..d9860f6 100644 --- a/hosts/alexandria/forgejo.nix +++ b/hosts/alexandria/forgejo.nix @@ -32,4 +32,13 @@ in domains."git.baduhai.dev".locations."/".proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; }; + + # Register this domain for split DNS + services.splitDNS.entries = [ + { + domain = "git.baduhai.dev"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + } + ]; } diff --git a/hosts/alexandria/jellyfin.nix b/hosts/alexandria/jellyfin.nix index 9555c89..994f972 100644 --- a/hosts/alexandria/jellyfin.nix +++ b/hosts/alexandria/jellyfin.nix @@ -13,4 +13,13 @@ in acmeHost = "baduhai.dev"; domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; }; + + # Register this domain for split DNS + services.splitDNS.entries = [ + { + domain = "jellyfin.baduhai.dev"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + } + ]; } diff --git a/hosts/alexandria/librespeed.nix b/hosts/alexandria/librespeed.nix index e36a81d..9b59685 100644 --- a/hosts/alexandria/librespeed.nix +++ b/hosts/alexandria/librespeed.nix @@ -27,4 +27,13 @@ in acmeHost = "baduhai.dev"; domains."speedtest.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:58080/"; }; + + # Register this domain for split DNS + services.splitDNS.entries = [ + { + domain = "speedtest.baduhai.dev"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + } + ]; } diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 9e606d9..e12d12b 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -79,6 +79,15 @@ in acmeHost = "baduhai.dev"; domains."cloud.baduhai.dev" = { }; }; + + # Register this domain for split DNS + splitDNS.entries = [ + { + domain = "cloud.baduhai.dev"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + } + ]; }; age.secrets = { diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix index 0a0a261..54640c1 100644 --- a/hosts/alexandria/nginx.nix +++ b/hosts/alexandria/nginx.nix @@ -38,6 +38,11 @@ in users.users.nginx.extraGroups = [ "acme" ]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + age.secrets.cloudflare = { file = ../../secrets/cloudflare.age; owner = "nginx"; diff --git a/hosts/alexandria/unbound.nix b/hosts/alexandria/unbound.nix new file mode 100644 index 0000000..e923318 --- /dev/null +++ b/hosts/alexandria/unbound.nix @@ -0,0 +1,67 @@ +{ config, inputs, lib, ... }: + +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkSplitDNS; +in + +{ + imports = [ ../modules/split-dns.nix ]; + + services.unbound = { + enable = true; + enableRootTrustAnchor = true; + settings = { + server = { + interface = [ + "0.0.0.0" + "::" + ]; + access-control = [ + "127.0.0.0/8 allow" + "192.168.0.0/16 allow" + "100.64.0.0/10 allow" # Tailscale CGNAT range + "::1/128 allow" + "fd7a:115c:a1e0::/48 allow" # Tailscale IPv6 + ]; + + # Enable views for split DNS + access-control-view = [ + "100.64.0.0/10 tailscale" + "fd7a:115c:a1e0::/48 tailscale" + "192.168.0.0/16 lan" + ]; + + num-threads = 2; + msg-cache-size = "50m"; + rrset-cache-size = "100m"; + cache-min-ttl = 300; + cache-max-ttl = 86400; + prefetch = true; + prefetch-key = true; + hide-identity = true; + hide-version = true; + so-rcvbuf = "1m"; + so-sndbuf = "1m"; + }; + # Split DNS views - automatically collected from all service files + view = mkSplitDNS config.services.splitDNS.entries; + + forward-zone = [ + { + name = "."; + forward-addr = [ + "1.1.1.1@853#cloudflare-dns.com" + "1.0.0.1@853#cloudflare-dns.com" + ]; + forward-tls-upstream = true; + } + ]; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; +} diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix index fd10d6b..68387ee 100644 --- a/hosts/alexandria/vaultwarden.nix +++ b/hosts/alexandria/vaultwarden.nix @@ -24,4 +24,13 @@ in domains."pass.baduhai.dev".locations."/".proxyPass = "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; }; + + # Register this domain for split DNS + services.splitDNS.entries = [ + { + domain = "pass.baduhai.dev"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + } + ]; } diff --git a/hosts/modules/split-dns.nix b/hosts/modules/split-dns.nix new file mode 100644 index 0000000..0998816 --- /dev/null +++ b/hosts/modules/split-dns.nix @@ -0,0 +1,28 @@ +{ config, lib, ... }: + +{ + options.services.splitDNS = { + entries = lib.mkOption { + type = lib.types.listOf ( + lib.types.submodule { + options = { + domain = lib.mkOption { + type = lib.types.str; + description = "The domain name to configure"; + }; + lanIP = lib.mkOption { + type = lib.types.str; + description = "IP address to return for LAN requests"; + }; + tailscaleIP = lib.mkOption { + type = lib.types.str; + description = "IP address to return for Tailscale requests"; + }; + }; + } + ); + default = [ ]; + description = "List of domains to configure for split DNS"; + }; + }; +} diff --git a/utils.nix b/utils.nix index 38cf968..c803fe5 100644 --- a/utils.nix +++ b/utils.nix @@ -190,4 +190,33 @@ in }; in lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) domains; + + # Split DNS utilities for unbound + # Generates unbound view config from a list of DNS entries + mkSplitDNS = + entries: + let + # Generate view entries for a single domain + mkEntry = + { + domain, + lanIP, + tailscaleIP, + }: + [ + { + name = "tailscale"; + view-first = true; + local-zone = ''"baduhai.dev." transparent''; + local-data = ''"${domain}. IN A ${tailscaleIP}"''; + } + { + name = "lan"; + view-first = true; + local-zone = ''"baduhai.dev." transparent''; + local-data = ''"${domain}. IN A ${lanIP}"''; + } + ]; + in + builtins.concatMap mkEntry entries; } From af444584d09eda850d4327af2d74874be3028a75 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 21:35:13 -0300 Subject: [PATCH 084/206] Add shared services infrastructure for cross-host data Created centralized service definitions in shared/services.nix to store service metadata (domains, IPs, ports) that need to be accessible across multiple hosts. This replaces the per-service split DNS module approach with a single source of truth. Services are now exported through utils.nix for easy access in host configs. --- hosts/alexandria/librespeed.nix | 39 ---------------------------- shared/services.nix | 39 ++++++++++++++++++++++++++++ utils.nix | 46 +++++++++++++++++---------------- 3 files changed, 63 insertions(+), 61 deletions(-) delete mode 100644 hosts/alexandria/librespeed.nix create mode 100644 shared/services.nix diff --git a/hosts/alexandria/librespeed.nix b/hosts/alexandria/librespeed.nix deleted file mode 100644 index 9b59685..0000000 --- a/hosts/alexandria/librespeed.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in - -{ - virtualisation.oci-containers.containers."librespeed" = { - image = "lscr.io/linuxserver/librespeed:latest"; - environment = { - TZ = "America/Bahia"; - }; - ports = [ "127.0.0.1:58080:80" ]; - extraOptions = [ - "--pull=newer" - "--label=io.containers.autoupdate=registry" - ]; - }; - - services.nginx.virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; - domains."speedtest.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:58080/"; - }; - - # Register this domain for split DNS - services.splitDNS.entries = [ - { - domain = "speedtest.baduhai.dev"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - } - ]; -} diff --git a/shared/services.nix b/shared/services.nix new file mode 100644 index 0000000..f55e4d2 --- /dev/null +++ b/shared/services.nix @@ -0,0 +1,39 @@ +# Shared service definitions for cross-host configuration +# Used by: +# - alexandria: DNS server (LAN) + service hosting (vaultwarden, nextcloud, jellyfin) +# - trantor: DNS server (Tailnet) + service hosting (forgejo) +{ + services = [ + { + name = "vaultwarden"; + domain = "vault.baduhai.dev"; + host = "alexandria"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + port = 8222; + } + { + name = "forgejo"; + domain = "git.baduhai.dev"; + host = "trantor"; + tailscaleIP = "100.108.5.90"; + port = 3000; + } + { + name = "nextcloud"; + domain = "cloud.baduhai.dev"; + host = "alexandria"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + port = 443; + } + { + name = "jellyfin"; + domain = "jellyfin.baduhai.dev"; + host = "alexandria"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + port = 8096; + } + ]; +} diff --git a/utils.nix b/utils.nix index c803fe5..740bad0 100644 --- a/utils.nix +++ b/utils.nix @@ -8,9 +8,14 @@ let home-manager agenix ; + + # Import shared service definitions + sharedServices = import ./shared/services.nix; in { + # Re-export shared services for use in host configs + inherit (sharedServices) services; # Tag-based host configuration system mkHost = { @@ -196,27 +201,24 @@ in mkSplitDNS = entries: let - # Generate view entries for a single domain - mkEntry = - { - domain, - lanIP, - tailscaleIP, - }: - [ - { - name = "tailscale"; - view-first = true; - local-zone = ''"baduhai.dev." transparent''; - local-data = ''"${domain}. IN A ${tailscaleIP}"''; - } - { - name = "lan"; - view-first = true; - local-zone = ''"baduhai.dev." transparent''; - local-data = ''"${domain}. IN A ${lanIP}"''; - } - ]; + # Generate local-data entries for all domains + tailscaleData = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') entries; + lanData = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') entries; in - builtins.concatMap mkEntry entries; + [ + # Single Tailscale view with all domains + { + name = "tailscale"; + view-first = true; + local-zone = ''"baduhai.dev." transparent''; + local-data = tailscaleData; + } + # Single LAN view with all domains + { + name = "lan"; + view-first = true; + local-zone = ''"baduhai.dev." transparent''; + local-data = lanData; + } + ]; } From 8d8847e2fbbe3a88b8b50e5d050be86c89cb745d Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 21:35:33 -0300 Subject: [PATCH 085/206] Remove split DNS module and per-service entries Removed the split-dns.nix module and all service-specific splitDNS.entries configurations. Service DNS records are now sourced from the centralized shared/services.nix file instead of being declared individually in each service configuration. --- hosts/alexandria/forgejo.nix | 9 --------- hosts/alexandria/jellyfin.nix | 9 --------- hosts/alexandria/nextcloud.nix | 9 --------- hosts/alexandria/vaultwarden.nix | 9 --------- hosts/modules/split-dns.nix | 28 ---------------------------- 5 files changed, 64 deletions(-) delete mode 100644 hosts/modules/split-dns.nix diff --git a/hosts/alexandria/forgejo.nix b/hosts/alexandria/forgejo.nix index d9860f6..909d1d1 100644 --- a/hosts/alexandria/forgejo.nix +++ b/hosts/alexandria/forgejo.nix @@ -32,13 +32,4 @@ in domains."git.baduhai.dev".locations."/".proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; }; - - # Register this domain for split DNS - services.splitDNS.entries = [ - { - domain = "git.baduhai.dev"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - } - ]; } diff --git a/hosts/alexandria/jellyfin.nix b/hosts/alexandria/jellyfin.nix index 994f972..9555c89 100644 --- a/hosts/alexandria/jellyfin.nix +++ b/hosts/alexandria/jellyfin.nix @@ -13,13 +13,4 @@ in acmeHost = "baduhai.dev"; domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; }; - - # Register this domain for split DNS - services.splitDNS.entries = [ - { - domain = "jellyfin.baduhai.dev"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - } - ]; } diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index e12d12b..9e606d9 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -79,15 +79,6 @@ in acmeHost = "baduhai.dev"; domains."cloud.baduhai.dev" = { }; }; - - # Register this domain for split DNS - splitDNS.entries = [ - { - domain = "cloud.baduhai.dev"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - } - ]; }; age.secrets = { diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix index 68387ee..fd10d6b 100644 --- a/hosts/alexandria/vaultwarden.nix +++ b/hosts/alexandria/vaultwarden.nix @@ -24,13 +24,4 @@ in domains."pass.baduhai.dev".locations."/".proxyPass = "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; }; - - # Register this domain for split DNS - services.splitDNS.entries = [ - { - domain = "pass.baduhai.dev"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - } - ]; } diff --git a/hosts/modules/split-dns.nix b/hosts/modules/split-dns.nix deleted file mode 100644 index 0998816..0000000 --- a/hosts/modules/split-dns.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, lib, ... }: - -{ - options.services.splitDNS = { - entries = lib.mkOption { - type = lib.types.listOf ( - lib.types.submodule { - options = { - domain = lib.mkOption { - type = lib.types.str; - description = "The domain name to configure"; - }; - lanIP = lib.mkOption { - type = lib.types.str; - description = "IP address to return for LAN requests"; - }; - tailscaleIP = lib.mkOption { - type = lib.types.str; - description = "IP address to return for Tailscale requests"; - }; - }; - } - ); - default = [ ]; - description = "List of domains to configure for split DNS"; - }; - }; -} From ee1a7c4d180bf9bff5d0261cf3708d1374f78093 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 21:35:53 -0300 Subject: [PATCH 086/206] Split DNS servers: alexandria for LAN, trantor for tailnet Alexandria's unbound now only serves LAN clients (192.168.0.0/16) and returns LAN IPs for service domains. Created new unbound instance on trantor to serve Tailscale clients (100.64.0.0/10) and return tailscale IPs for service domains. Both configurations pull service records from shared/services.nix. --- hosts/alexandria/unbound.nix | 21 ++++--------- hosts/trantor/unbound.nix | 58 ++++++++++++++++++++++++++++++++++++ nixosConfigurations.nix | 1 - 3 files changed, 64 insertions(+), 16 deletions(-) create mode 100644 hosts/trantor/unbound.nix diff --git a/hosts/alexandria/unbound.nix b/hosts/alexandria/unbound.nix index e923318..31363aa 100644 --- a/hosts/alexandria/unbound.nix +++ b/hosts/alexandria/unbound.nix @@ -1,13 +1,10 @@ -{ config, inputs, lib, ... }: +{ inputs, lib, ... }: let utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkSplitDNS; in { - imports = [ ../modules/split-dns.nix ]; - services.unbound = { enable = true; enableRootTrustAnchor = true; @@ -20,16 +17,7 @@ in access-control = [ "127.0.0.0/8 allow" "192.168.0.0/16 allow" - "100.64.0.0/10 allow" # Tailscale CGNAT range "::1/128 allow" - "fd7a:115c:a1e0::/48 allow" # Tailscale IPv6 - ]; - - # Enable views for split DNS - access-control-view = [ - "100.64.0.0/10 tailscale" - "fd7a:115c:a1e0::/48 tailscale" - "192.168.0.0/16 lan" ]; num-threads = 2; @@ -43,9 +31,12 @@ in hide-version = true; so-rcvbuf = "1m"; so-sndbuf = "1m"; + + # LAN-only DNS records + local-zone = ''"baduhai.dev." transparent''; + local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') + (lib.filter (e: e ? lanIP) utils.services); }; - # Split DNS views - automatically collected from all service files - view = mkSplitDNS config.services.splitDNS.entries; forward-zone = [ { diff --git a/hosts/trantor/unbound.nix b/hosts/trantor/unbound.nix new file mode 100644 index 0000000..46808c6 --- /dev/null +++ b/hosts/trantor/unbound.nix @@ -0,0 +1,58 @@ +{ inputs, lib, ... }: + +let + utils = import ../../utils.nix { inherit inputs lib; }; +in + +{ + services.unbound = { + enable = true; + enableRootTrustAnchor = true; + settings = { + server = { + interface = [ + "0.0.0.0" + "::" + ]; + access-control = [ + "127.0.0.0/8 allow" + "100.64.0.0/10 allow" # Tailscale CGNAT range + "::1/128 allow" + "fd7a:115c:a1e0::/48 allow" # Tailscale IPv6 + ]; + + num-threads = 2; + msg-cache-size = "50m"; + rrset-cache-size = "100m"; + cache-min-ttl = 300; + cache-max-ttl = 86400; + prefetch = true; + prefetch-key = true; + hide-identity = true; + hide-version = true; + so-rcvbuf = "1m"; + so-sndbuf = "1m"; + + # Tailnet DNS records from shared services + local-zone = ''"baduhai.dev." transparent''; + local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') utils.services; + }; + + forward-zone = [ + { + name = "."; + forward-addr = [ + "1.1.1.1@853#cloudflare-dns.com" + "1.0.0.1@853#cloudflare-dns.com" + ]; + forward-tls-upstream = true; + } + ]; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; +} diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index 85fd378..c4969c1 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -40,7 +40,6 @@ in tags = [ # "server" TODO: uncomment when 25.11 is out. "fwupd" - "podman" ]; }; From 34622a05cbf2308e27f692efc8f3e04aa84b3942 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 21:47:16 -0300 Subject: [PATCH 087/206] Move forgejo from alexandria to trantor Migrated forgejo service and configuration to trantor. Added nginx reverse proxy support on trantor with ACME configuration for SSL certificates. Fixed vaultwarden domain in shared services from vault.baduhai.dev to pass.baduhai.dev to match actual nginx configuration. --- hosts/{alexandria => trantor}/forgejo.nix | 1 - hosts/trantor/nginx.nix | 50 +++++++++++++++++++++++ shared/services.nix | 2 +- 3 files changed, 51 insertions(+), 2 deletions(-) rename hosts/{alexandria => trantor}/forgejo.nix (96%) create mode 100644 hosts/trantor/nginx.nix diff --git a/hosts/alexandria/forgejo.nix b/hosts/trantor/forgejo.nix similarity index 96% rename from hosts/alexandria/forgejo.nix rename to hosts/trantor/forgejo.nix index 909d1d1..c11573e 100644 --- a/hosts/alexandria/forgejo.nix +++ b/hosts/trantor/forgejo.nix @@ -28,7 +28,6 @@ in }; services.nginx.virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; domains."git.baduhai.dev".locations."/".proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; }; diff --git a/hosts/trantor/nginx.nix b/hosts/trantor/nginx.nix new file mode 100644 index 0000000..6879bfc --- /dev/null +++ b/hosts/trantor/nginx.nix @@ -0,0 +1,50 @@ +{ + config, + lib, + inputs, + ... +}: + +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in + +{ + security.acme = { + acceptTerms = true; + defaults = { + email = "baduhai@proton.me"; + dnsResolver = "1.1.1.1:53"; + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.cloudflare.path; + }; + }; + + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = { + "_" = { + default = true; + locations."/".return = "444"; + }; + }; + }; + + users.users.nginx.extraGroups = [ "acme" ]; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + + age.secrets.cloudflare = { + file = ../../secrets/cloudflare.age; + owner = "nginx"; + group = "nginx"; + }; +} diff --git a/shared/services.nix b/shared/services.nix index f55e4d2..fd4e440 100644 --- a/shared/services.nix +++ b/shared/services.nix @@ -6,7 +6,7 @@ services = [ { name = "vaultwarden"; - domain = "vault.baduhai.dev"; + domain = "pass.baduhai.dev"; host = "alexandria"; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; From 73db53426937916050da864ee45e53520da34294 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 21:47:41 -0300 Subject: [PATCH 088/206] Switch from wildcard to per-domain SSL certificates Updated mkNginxVHosts to use per-domain certificates (enableACME) instead of shared wildcard certificates (useACMEHost). Each service now requests its own certificate, avoiding conflicts between hosts and following the principle of least privilege. Removed wildcard certificate configuration from both alexandria and trantor. Each host now only obtains certificates for domains it actually serves: - Alexandria: pass.baduhai.dev, cloud.baduhai.dev, jellyfin.baduhai.dev - Trantor: git.baduhai.dev --- hosts/alexandria/jellyfin.nix | 1 - hosts/alexandria/nextcloud.nix | 1 - hosts/alexandria/nginx.nix | 11 +++++------ hosts/alexandria/vaultwarden.nix | 1 - utils.nix | 7 ++----- 5 files changed, 7 insertions(+), 14 deletions(-) diff --git a/hosts/alexandria/jellyfin.nix b/hosts/alexandria/jellyfin.nix index 9555c89..6ceac09 100644 --- a/hosts/alexandria/jellyfin.nix +++ b/hosts/alexandria/jellyfin.nix @@ -10,7 +10,6 @@ in }; services.nginx.virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; }; } diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 9e606d9..2368a3c 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -76,7 +76,6 @@ in }; nginx.virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; domains."cloud.baduhai.dev" = { }; }; }; diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix index 54640c1..6879bfc 100644 --- a/hosts/alexandria/nginx.nix +++ b/hosts/alexandria/nginx.nix @@ -19,9 +19,6 @@ in dnsProvider = "cloudflare"; credentialsFile = config.age.secrets.cloudflare.path; }; - certs."baduhai.dev" = { - extraDomainNames = [ "*.baduhai.dev" ]; - }; }; services.nginx = { @@ -30,9 +27,11 @@ in recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; - domains."_".locations."/".return = "444"; + virtualHosts = { + "_" = { + default = true; + locations."/".return = "444"; + }; }; }; diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix index fd10d6b..2335ee0 100644 --- a/hosts/alexandria/vaultwarden.nix +++ b/hosts/alexandria/vaultwarden.nix @@ -20,7 +20,6 @@ in }; services.nginx.virtualHosts = mkNginxVHosts { - acmeHost = "baduhai.dev"; domains."pass.baduhai.dev".locations."/".proxyPass = "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; }; diff --git a/utils.nix b/utils.nix index 740bad0..7a81af7 100644 --- a/utils.nix +++ b/utils.nix @@ -183,13 +183,10 @@ in # Nginx virtual host utilities mkNginxVHosts = - { - acmeHost, - domains, - }: + { domains }: let commonVHostConfig = { - useACMEHost = acmeHost; + enableACME = true; forceSSL = true; kTLS = true; }; From 952a55f03d392d504728065191f5edddebc453ba Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 21:57:27 -0300 Subject: [PATCH 089/206] Add Kanidm identity provider to alexandria Added Kanidm server configuration to serve as central identity provider for all services. Configuration includes: - Server on auth.baduhai.dev with HTTPS - LDAP support on port 636 for legacy integrations - Nginx reverse proxy with SSL termination - Added to shared services for DNS resolution Kanidm will provide OAuth2/OIDC authentication for Nextcloud, Vaultwarden, Forgejo, and other services. --- hosts/alexandria/kanidm.nix | 78 +++++++++++++++++++++++++++++++++++++ shared/services.nix | 10 ++++- 2 files changed, 87 insertions(+), 1 deletion(-) create mode 100644 hosts/alexandria/kanidm.nix diff --git a/hosts/alexandria/kanidm.nix b/hosts/alexandria/kanidm.nix new file mode 100644 index 0000000..ee56bc1 --- /dev/null +++ b/hosts/alexandria/kanidm.nix @@ -0,0 +1,78 @@ +{ + config, + lib, + inputs, + pkgs, + ... +}: + +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; + kanidmCertDir = "/var/lib/kanidm/certs"; +in + +{ + services.kanidm = { + enableServer = true; + package = pkgs.kanidm; + + serverSettings = { + domain = "auth.baduhai.dev"; + origin = "https://auth.baduhai.dev"; + bindaddress = "127.0.0.1:8443"; + ldapbindaddress = "127.0.0.1:636"; + trust_x_forward_for = true; + # Use self-signed certificates for internal TLS + tls_chain = "${kanidmCertDir}/cert.pem"; + tls_key = "${kanidmCertDir}/key.pem"; + }; + }; + + services.nginx.virtualHosts = mkNginxVHosts { + domains."auth.baduhai.dev" = { + locations."/" = { + proxyPass = "https://127.0.0.1:8443"; + extraConfig = '' + proxy_ssl_verify off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + ''; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 636 ]; + + # Generate self-signed certificates for kanidm's internal TLS + systemd.services.kanidm-generate-certs = { + description = "Generate self-signed TLS certificates for Kanidm"; + wantedBy = [ "multi-user.target" ]; + before = [ "kanidm.service" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + mkdir -p ${kanidmCertDir} + if [ ! -f ${kanidmCertDir}/key.pem ]; then + ${pkgs.openssl}/bin/openssl req -x509 -newkey rsa:4096 \ + -keyout ${kanidmCertDir}/key.pem \ + -out ${kanidmCertDir}/cert.pem \ + -days 3650 -nodes \ + -subj "/CN=localhost" \ + -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" + chown -R kanidm:kanidm ${kanidmCertDir} + chmod 600 ${kanidmCertDir}/key.pem + chmod 644 ${kanidmCertDir}/cert.pem + fi + ''; + }; + + # Ensure certificate generation runs before kanidm starts + systemd.services.kanidm = { + after = [ "kanidm-generate-certs.service" ]; + wants = [ "kanidm-generate-certs.service" ]; + }; +} diff --git a/shared/services.nix b/shared/services.nix index fd4e440..8870258 100644 --- a/shared/services.nix +++ b/shared/services.nix @@ -1,9 +1,17 @@ # Shared service definitions for cross-host configuration # Used by: -# - alexandria: DNS server (LAN) + service hosting (vaultwarden, nextcloud, jellyfin) +# - alexandria: DNS server (LAN) + service hosting (vaultwarden, nextcloud, jellyfin, kanidm) # - trantor: DNS server (Tailnet) + service hosting (forgejo) { services = [ + { + name = "kanidm"; + domain = "auth.baduhai.dev"; + host = "alexandria"; + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + port = 8443; + } { name = "vaultwarden"; domain = "pass.baduhai.dev"; From 58fec035791726b213ac648902513589fa11ab7e Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 22:53:18 -0300 Subject: [PATCH 090/206] Switch ACME to DNS-01 challenge with auto-configured certificates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Changed certificate generation from HTTP-01 to DNS-01 challenge to support services behind Tailscale/CGNAT IPs. HTTP-01 challenges fail because Let's Encrypt cannot reach private Tailscale IPs (100.x.x.x) that Cloudflare DNS points to. Changes: - Pre-configure certificates in security.acme.certs using DNS-01 via Cloudflare - Auto-generate certificate configs from shared/services.nix - Alexandria: filters services with host == "alexandria" - Trantor: filters services with host == "trantor" - Updated mkNginxVHosts to use useACMEHost instead of enableACME - Each domain gets its own certificate configured with DNS-01 challenge This ensures all services get valid Let's Encrypt certificates even when accessible only through Tailscale or private networks. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- hosts/alexandria/nginx.nix | 11 ++++++++++- hosts/trantor/nginx.nix | 13 ++++++++++++- utils.nix | 14 ++++++++------ 3 files changed, 30 insertions(+), 8 deletions(-) diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix index 6879bfc..274f645 100644 --- a/hosts/alexandria/nginx.nix +++ b/hosts/alexandria/nginx.nix @@ -7,7 +7,15 @@ let utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + inherit (utils) mkNginxVHosts services; + + # Get all unique domains from shared services that have LAN IPs (served by this host) + localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "alexandria") services)); + + # Generate ACME cert configs for all local domains + acmeCerts = lib.genAttrs localDomains (domain: { + group = "nginx"; + }); in { @@ -19,6 +27,7 @@ in dnsProvider = "cloudflare"; credentialsFile = config.age.secrets.cloudflare.path; }; + certs = acmeCerts; }; services.nginx = { diff --git a/hosts/trantor/nginx.nix b/hosts/trantor/nginx.nix index 6879bfc..56eed7c 100644 --- a/hosts/trantor/nginx.nix +++ b/hosts/trantor/nginx.nix @@ -7,7 +7,17 @@ let utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + inherit (utils) mkNginxVHosts services; + + # Get all unique domains from shared services on trantor (host = "trantor") + localDomains = lib.unique ( + map (s: s.domain) (lib.filter (s: s.host == "trantor") services) + ); + + # Generate ACME cert configs for all local domains + acmeCerts = lib.genAttrs localDomains (domain: { + group = "nginx"; + }); in { @@ -19,6 +29,7 @@ in dnsProvider = "cloudflare"; credentialsFile = config.age.secrets.cloudflare.path; }; + certs = acmeCerts; }; services.nginx = { diff --git a/utils.nix b/utils.nix index 7a81af7..8c20ab9 100644 --- a/utils.nix +++ b/utils.nix @@ -185,13 +185,15 @@ in mkNginxVHosts = { domains }: let - commonVHostConfig = { - enableACME = true; - forceSSL = true; - kTLS = true; - }; + # Extract domain name and apply it as useACMEHost + mkVHostConfig = domain: config: + lib.recursiveUpdate { + useACMEHost = domain; + forceSSL = true; + kTLS = true; + } config; in - lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) domains; + lib.mapAttrs mkVHostConfig domains; # Split DNS utilities for unbound # Generates unbound view config from a list of DNS entries From 258bcac59750a5ef585ab28c39d1972b9479326d Mon Sep 17 00:00:00 2001 From: William Date: Sat, 8 Nov 2025 23:56:40 -0300 Subject: [PATCH 091/206] Integrate Kanidm with Nextcloud via OIDC MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Added Kanidm identity provider integration with Nextcloud: - Enabled Kanidm client in kanidm.nix for CLI access - Added user_oidc app to Nextcloud for OpenID Connect authentication - Configured allow_local_remote_servers to permit Nextcloud to reach Kanidm at auth.baduhai.dev (resolves to local IP 192.168.15.142) OAuth2 client configuration (done via kanidm CLI): - Client ID: nextcloud - Scopes: openid, email, profile mapped to idm_all_accounts group - Redirect URI: https://cloud.baduhai.dev/apps/user_oidc/code - User mapping: name claim maps to Nextcloud username This allows users to authenticate to Nextcloud using their Kanidm credentials, with existing Nextcloud accounts linked via username. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- hosts/alexandria/kanidm.nix | 5 +++++ hosts/alexandria/nextcloud.nix | 2 ++ 2 files changed, 7 insertions(+) diff --git a/hosts/alexandria/kanidm.nix b/hosts/alexandria/kanidm.nix index ee56bc1..eaaa9b9 100644 --- a/hosts/alexandria/kanidm.nix +++ b/hosts/alexandria/kanidm.nix @@ -15,6 +15,7 @@ in { services.kanidm = { enableServer = true; + enableClient = true; package = pkgs.kanidm; serverSettings = { @@ -27,6 +28,10 @@ in tls_chain = "${kanidmCertDir}/cert.pem"; tls_key = "${kanidmCertDir}/key.pem"; }; + + clientSettings = { + uri = "https://auth.baduhai.dev"; + }; }; services.nginx.virtualHosts = mkNginxVHosts { diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 2368a3c..c449cce 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -29,6 +29,7 @@ in contacts notes tasks + user_oidc ; }; extraAppsEnable = true; @@ -40,6 +41,7 @@ in trusted_proxies = [ "127.0.0.1" ]; default_phone_region = "BR"; maintenance_window_start = "4"; + allow_local_remote_servers = true; enabledPreviewProviders = [ "OC\\Preview\\BMP" "OC\\Preview\\EMF" From 095d881ad995325d8a1ad1ecd40c510941562df0 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 00:00:00 -0300 Subject: [PATCH 092/206] no ghostty notifications --- users/modules/desktop/desktop.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index ba30852..742a6ea 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -22,7 +22,7 @@ url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; }}"; - bell-features = "border"; + bell-features = ""; gtk-titlebar-style = "tabs"; keybind = [ "shift+enter=text:\\x1b\\r" ]; }; From 92f5593611ac78e163ebff7292656759e393218d Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 07:55:42 -0300 Subject: [PATCH 093/206] junction default browser; remove brave --- hosts/modules/desktop/desktop.nix | 1 - users/modules/desktop/desktop.nix | 15 +++++---------- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index f2418ce..03ec04b 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -20,7 +20,6 @@ systemPackages = with pkgs; [ ### Web ### bitwarden-desktop - brave fragments nextcloud-client tor-browser diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index 742a6ea..df6f380 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -41,33 +41,28 @@ enable = true; defaultApplications = { "text/html" = [ - "com.github.timecraft.junction.desktop" + "re.sonny.Junction.desktop" "zen-browser.desktop" - "brave-browser.desktop" "torbrowser.desktop" ]; "x-scheme-handler/http" = [ - "com.github.timecraft.junction.desktop" + "re.sonny.Junction.desktop" "zen-browser.desktop" - "brave-browser.desktop" "torbrowser.desktop" ]; "x-scheme-handler/https" = [ - "com.github.timecraft.junction.desktop" + "re.sonny.Junction.desktop" "zen-browser.desktop" - "brave-browser.desktop" "torbrowser.desktop" ]; "x-scheme-handler/about" = [ - "com.github.timecraft.junction.desktop" + "re.sonny.Junction.desktop" "zen-browser.desktop" - "brave-browser.desktop" "torbrowser.desktop" ]; "x-scheme-handler/unknown" = [ - "com.github.timecraft.junction.desktop" + "re.sonny.Junction.desktop" "zen-browser.desktop" - "brave-browser.desktop" "torbrowser.desktop" ]; "image/jpeg" = "org.gnome.Loupe.desktop"; From 808bccf0a2665dadd303e309d9f061c360723e8b Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 10:29:45 -0300 Subject: [PATCH 094/206] Add Tailscale tailnet DNS configuration via Terranix MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Configure global DNS nameservers for the Tailscale tailnet, setting trantor as the primary DNS server with Cloudflare as fallback. This enables custom DNS resolution across the entire tailnet. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- terranix/cloudflare/baduhai.dev.nix | 77 +++++++++++++++++++++++++++++ terranix/tailscale/tailnet.nix | 43 ++++++++++++++++ terranixConfigurations.nix | 8 +++ 3 files changed, 128 insertions(+) diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix index e69de29..56d25ad 100644 --- a/terranix/cloudflare/baduhai.dev.nix +++ b/terranix/cloudflare/baduhai.dev.nix @@ -0,0 +1,77 @@ +# Required environment variables: +# CLOUDFLARE_API_TOKEN - API token with "Edit zone DNS" permissions +# TF_VAR_zone_id - Zone ID for baduhai.dev (find in Cloudflare dashboard) +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + +{ config, ... }: + +{ + terraform.required_providers.cloudflare = { + source = "cloudflare/cloudflare"; + version = "~> 5.0"; + }; + + terraform.backend.s3 = { + bucket = "terraform-state"; + key = "cloudflare/baduhai.dev.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + + variable = { + zone_id = { + description = "Cloudflare zone ID for baduhai.dev"; + type = "string"; + sensitive = true; + }; + }; + + data = { + terraform_remote_state.trantor = { + backend = "s3"; + config = { + bucket = "terraform-state"; + key = "oci/trantor.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + }; + }; + + resource = { + cloudflare_record.root = { + zone_id = config.variable.zone_id; + name = "@"; + type = "A"; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value"; + proxied = true; + }; + + cloudflare_record.www = { + zone_id = config.variable.zone_id; + name = "www"; + type = "A"; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value"; + proxied = true; + }; + + cloudflare_record.wildcard = { + zone_id = config.variable.zone_id; + name = "*"; + type = "A"; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value"; + proxied = true; + }; + }; +} diff --git a/terranix/tailscale/tailnet.nix b/terranix/tailscale/tailnet.nix index e69de29..929e79b 100644 --- a/terranix/tailscale/tailnet.nix +++ b/terranix/tailscale/tailnet.nix @@ -0,0 +1,43 @@ +# Required environment variables: +# TAILSCALE_API_KEY - Tailscale API key with appropriate permissions +# TAILSCALE_TAILNET - Your tailnet name (e.g., "user@example.com" or "example.org.github") +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + +{ config, ... }: + +{ + terraform.required_providers.tailscale = { + source = "tailscale/tailscale"; + version = "~> 0.17"; + }; + + terraform.backend.s3 = { + bucket = "terraform-state"; + key = "tailscale/tailnet.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + + variable = { + trantor_tailscale_ip = { + default = "100.108.5.90"; + type = "string"; + }; + }; + + resource = { + tailscale_dns_nameservers.global = { + nameservers = [ + config.variable.trantor_tailscale_ip.default + "1.1.1.1" + "1.0.0.1" + ]; + }; + }; +} diff --git a/terranixConfigurations.nix b/terranixConfigurations.nix index fc84f17..12c90d1 100644 --- a/terranixConfigurations.nix +++ b/terranixConfigurations.nix @@ -14,6 +14,14 @@ modules = [ ./terranix/oci/trantor.nix ]; terraformWrapper.package = pkgs.opentofu; }; + cloudflare-baduhaidev = { + modules = [ ./terranix/cloudflare/baduhai.dev.nix ]; + terraformWrapper.package = pkgs.opentofu; + }; + tailscale-tailnet = { + modules = [ ./terranix/tailscale/tailnet.nix ]; + terraformWrapper.package = pkgs.opentofu; + }; }; }; } From 1b1d7896e6c9fbe87d64ea02b5adbc89b34bd685 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 10:29:54 -0300 Subject: [PATCH 095/206] Document required environment variables for OCI configuration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add documentation about required OCI and AWS credentials for the trantor configuration, clarifying that ~/.oci/config can be used as an alternative to environment variables. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- terranix/oci/trantor.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/terranix/oci/trantor.nix b/terranix/oci/trantor.nix index 2037d87..bb06585 100644 --- a/terranix/oci/trantor.nix +++ b/terranix/oci/trantor.nix @@ -1,3 +1,13 @@ +# Required environment variables: +# instead of OCI variables, ~/.oci/config may also be used +# OCI_TENANCY_OCID - Oracle tenancy OCID (or use TF_VAR_* to override variables) +# OCI_USER_OCID - Oracle user OCID +# OCI_FINGERPRINT - API key fingerprint +# OCI_PRIVATE_KEY_PATH - Path to OCI API private key +# AWS variables are required +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + { config, ... }: { From 1921aad1bdd51292baaf18187106b42a874aa28c Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 10:30:02 -0300 Subject: [PATCH 096/206] Update Cloudflare DNS configuration with explicit zone ID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace sensitive zone_id variable with hardcoded value and update DNS record configuration to use cloudflare_dns_record resource type. Disable proxying and set explicit TTL for better control over DNS propagation. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- terranix/cloudflare/baduhai.dev.nix | 31 +++++++++++++++-------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix index 56d25ad..b74484c 100644 --- a/terranix/cloudflare/baduhai.dev.nix +++ b/terranix/cloudflare/baduhai.dev.nix @@ -1,6 +1,5 @@ # Required environment variables: # CLOUDFLARE_API_TOKEN - API token with "Edit zone DNS" permissions -# TF_VAR_zone_id - Zone ID for baduhai.dev (find in Cloudflare dashboard) # AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage # AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage @@ -26,9 +25,8 @@ variable = { zone_id = { - description = "Cloudflare zone ID for baduhai.dev"; + default = "c63a8332fdddc4a8e5612ddc54557044"; type = "string"; - sensitive = true; }; }; @@ -50,28 +48,31 @@ }; resource = { - cloudflare_record.root = { - zone_id = config.variable.zone_id; + cloudflare_dns_record.root = { + zone_id = config.variable.zone_id.default; name = "@"; type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value"; - proxied = true; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; + proxied = false; + ttl = 3600; }; - cloudflare_record.www = { - zone_id = config.variable.zone_id; + cloudflare_dns_record.www = { + zone_id = config.variable.zone_id.default; name = "www"; type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value"; - proxied = true; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; + proxied = false; + ttl = 3600; }; - cloudflare_record.wildcard = { - zone_id = config.variable.zone_id; + cloudflare_dns_record.wildcard = { + zone_id = config.variable.zone_id.default; name = "*"; type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value"; - proxied = true; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; + proxied = false; + ttl = 3600; }; }; } From 14c4440dd1fa31f0589ed6c3a8f91cfa6fab2f20 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 10:34:57 -0300 Subject: [PATCH 097/206] forgejo: disable singup; document root password --- hosts/trantor/forgejo.nix | 1 + secrets/forgejo-root-password.age | Bin 0 -> 465 bytes secrets/secrets.nix | 5 +++++ 3 files changed, 6 insertions(+) create mode 100644 secrets/forgejo-root-password.age diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix index c11573e..a89526d 100644 --- a/hosts/trantor/forgejo.nix +++ b/hosts/trantor/forgejo.nix @@ -24,6 +24,7 @@ in log.LEVEL = "Warn"; mailer.ENABLED = false; actions.ENABLED = false; + service.DISABLE_REGISTRATION = true; }; }; diff --git a/secrets/forgejo-root-password.age b/secrets/forgejo-root-password.age new file mode 100644 index 0000000000000000000000000000000000000000..90be612af57adcc9b8db836f5f02ed55ff0377b3 GIT binary patch literal 465 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlPD{zlPge*@GRiN@ zHVXH)D2u9$DhM{M@-y(LEGW&3(66X4_6rKl3(GSP49cuB_T(z{3yw514D|_h%SlNs ztnlzRGPg7fb#pc;&#KTb&aTSNkF+R{NHj0fH$k_}A~M)9vs|Gf%AnB8#VIu0(=EKn zqd;5R$EncB)6_WIH7YgS$uuv|JkKPoB0xVl!-6X{#XrN(AS=QnDX*%+G$hC@E6*`M zG^jYpJU3t4Ei=p2FW0!ZJkLGQ&jQ`Hz!Kv?ZAXQaLU)6RLf5nsSAYG)l3YhW-w59b zzyEz)TZU*ATZz{cZdy`tCv literal 0 HcmV?d00001 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 84b14d6..a90cd74 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -27,4 +27,9 @@ in rotterdam-user alexandria ]; + "forgejo-root-password.age".publicKeys = [ + io-user + rotterdam-user + trantor + ]; } From 6f1aca7b01a825e71bb7db10e9968ade435e57b0 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 11:11:55 -0300 Subject: [PATCH 098/206] Configure Forgejo OAuth2 and disable public registration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add OAuth2 client configuration to enable auto-registration via SSO with Kanidm, while disabling direct public registration. Users can now authenticate through the identity provider with automatic account creation and avatar syncing. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- hosts/trantor/forgejo.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix index a89526d..9688458 100644 --- a/hosts/trantor/forgejo.nix +++ b/hosts/trantor/forgejo.nix @@ -25,6 +25,12 @@ in mailer.ENABLED = false; actions.ENABLED = false; service.DISABLE_REGISTRATION = true; + oauth2_client = { + ENABLE_AUTO_REGISTRATION = true; + UPDATE_AVATAR = true; + ACCOUNT_LINKING = "login"; + USERNAME = "preferred_username"; + }; }; }; From 878c4aa3ea7d8c642c2979895c33bf533094f54f Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 11:12:06 -0300 Subject: [PATCH 099/206] Add public visibility flags to service definitions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mark services as public or private to control external access: - Public: vaultwarden, forgejo, nextcloud - Private: kanidm, jellyfin This enables proper routing and firewall configuration based on intended service visibility. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- shared/services.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/shared/services.nix b/shared/services.nix index 8870258..ebd51de 100644 --- a/shared/services.nix +++ b/shared/services.nix @@ -8,6 +8,7 @@ name = "kanidm"; domain = "auth.baduhai.dev"; host = "alexandria"; + public = false; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 8443; @@ -16,6 +17,7 @@ name = "vaultwarden"; domain = "pass.baduhai.dev"; host = "alexandria"; + public = true; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 8222; @@ -24,6 +26,7 @@ name = "forgejo"; domain = "git.baduhai.dev"; host = "trantor"; + public = true; tailscaleIP = "100.108.5.90"; port = 3000; } @@ -31,6 +34,7 @@ name = "nextcloud"; domain = "cloud.baduhai.dev"; host = "alexandria"; + public = true; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 443; @@ -39,6 +43,7 @@ name = "jellyfin"; domain = "jellyfin.baduhai.dev"; host = "alexandria"; + public = false; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 8096; From ad9d565a8f365d2530b0889edb15613dc6ea330a Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 11:20:21 -0300 Subject: [PATCH 100/206] Route DNS based on service visibility flags MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace wildcard DNS with dynamic service-based routing that reads from shared/services.nix. Public services (forgejo, vaultwarden, nextcloud) point to trantor's public IP for external access, while private services (kanidm, jellyfin) point to tailscale IPs for internal-only access. This provides granular control over service exposure without manual DNS management. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- shared/services.nix | 2 - terranix/cloudflare/baduhai.dev.nix | 74 +++++++++++++++++++---------- 2 files changed, 49 insertions(+), 27 deletions(-) diff --git a/shared/services.nix b/shared/services.nix index ebd51de..d267792 100644 --- a/shared/services.nix +++ b/shared/services.nix @@ -8,7 +8,6 @@ name = "kanidm"; domain = "auth.baduhai.dev"; host = "alexandria"; - public = false; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 8443; @@ -43,7 +42,6 @@ name = "jellyfin"; domain = "jellyfin.baduhai.dev"; host = "alexandria"; - public = false; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 8096; diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix index b74484c..3a5e6ee 100644 --- a/terranix/cloudflare/baduhai.dev.nix +++ b/terranix/cloudflare/baduhai.dev.nix @@ -3,7 +3,38 @@ # AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage # AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage -{ config, ... }: +{ config, lib, ... }: + +let + inherit (import ../../shared/services.nix) services; + + # Helper to extract subdomain from full domain (e.g., "git.baduhai.dev" -> "git") + getSubdomain = domain: lib.head (lib.splitString "." domain); + + # Generate DNS records for services + # Public services point to trantor's public IP + # Private services point to their tailscale IP + mkServiceRecords = lib.listToAttrs ( + lib.imap0 (i: svc: + let + subdomain = getSubdomain svc.domain; + targetIP = if svc.public or false + then config.data.terraform_remote_state.trantor "outputs.instance_public_ip" + else svc.tailscaleIP; + in { + name = "service_${toString i}"; + value = { + zone_id = config.variable.zone_id.default; + name = subdomain; + type = "A"; + content = targetIP; + proxied = false; + ttl = 3600; + }; + } + ) services + ); +in { terraform.required_providers.cloudflare = { @@ -48,31 +79,24 @@ }; resource = { - cloudflare_dns_record.root = { - zone_id = config.variable.zone_id.default; - name = "@"; - type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; - proxied = false; - ttl = 3600; - }; + cloudflare_dns_record = mkServiceRecords // { + root = { + zone_id = config.variable.zone_id.default; + name = "@"; + type = "A"; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; + proxied = false; + ttl = 3600; + }; - cloudflare_dns_record.www = { - zone_id = config.variable.zone_id.default; - name = "www"; - type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; - proxied = false; - ttl = 3600; - }; - - cloudflare_dns_record.wildcard = { - zone_id = config.variable.zone_id.default; - name = "*"; - type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; - proxied = false; - ttl = 3600; + www = { + zone_id = config.variable.zone_id.default; + name = "www"; + type = "A"; + content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; + proxied = false; + ttl = 3600; + }; }; }; } From cd17bf25617f3922b7ccbdfd5a1bfdb9b7b10002 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 12:36:43 -0300 Subject: [PATCH 101/206] only forgejo is public for now --- shared/services.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/shared/services.nix b/shared/services.nix index d267792..44f9208 100644 --- a/shared/services.nix +++ b/shared/services.nix @@ -16,7 +16,6 @@ name = "vaultwarden"; domain = "pass.baduhai.dev"; host = "alexandria"; - public = true; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 8222; @@ -33,7 +32,6 @@ name = "nextcloud"; domain = "cloud.baduhai.dev"; host = "alexandria"; - public = true; lanIP = "192.168.15.142"; tailscaleIP = "100.76.19.50"; port = 443; From f1b6be6f3ff1311d7041b194ebdd3956a70fb71d Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 13:00:17 -0300 Subject: [PATCH 102/206] Add fail2ban configuration for SSH and Forgejo on Trantor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Configure fail2ban with progressive ban times (1h base, up to 10000h max) - Add SSH jail with password authentication disabled - Add Forgejo jail using systemd journal backend - Ignore private networks and Tailscale IPs - Set Forgejo to 10 retries per hour, 15min initial ban 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- hosts/trantor/fail2ban.nix | 43 +++++++++++++++++++++++++ hosts/trantor/forgejo.nix | 65 ++++++++++++++++++++++++-------------- hosts/trantor/openssh.nix | 23 ++++++++++++++ 3 files changed, 107 insertions(+), 24 deletions(-) create mode 100644 hosts/trantor/fail2ban.nix create mode 100644 hosts/trantor/openssh.nix diff --git a/hosts/trantor/fail2ban.nix b/hosts/trantor/fail2ban.nix new file mode 100644 index 0000000..4ef1bbc --- /dev/null +++ b/hosts/trantor/fail2ban.nix @@ -0,0 +1,43 @@ +{ config, pkgs, ... }: + +{ + services.fail2ban = { + enable = true; + maxretry = 5; + ignoreIP = [ + "127.0.0.0/8" + "::1" + "10.0.0.0/8" + "172.16.0.0/12" + "192.168.0.0/16" + "100.64.0.0/10" + ]; + + bantime = "1h"; + bantime-increment = { + enable = true; + multipliers = "1 2 4 8 16 32 64"; + maxtime = "10000h"; + overalljails = true; + }; + + jails.forgejo = { + settings = { + enabled = true; + filter = "forgejo"; + backend = "systemd"; + maxretry = 10; + findtime = "1h"; + bantime = "15m"; + }; + }; + }; + + # Custom fail2ban filter for Forgejo using systemd journal + environment.etc."fail2ban/filter.d/forgejo.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + journalmatch = _SYSTEMD_UNIT=forgejo.service + failregex = Failed authentication attempt for .+ from :\d+: + ignoreregex = + ''); +} diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix index 9688458..227bcb4 100644 --- a/hosts/trantor/forgejo.nix +++ b/hosts/trantor/forgejo.nix @@ -9,33 +9,50 @@ let inherit (utils) mkNginxVHosts; in { - services.forgejo = { - enable = true; - repositoryRoot = "/data/forgejo"; - settings = { - session.COOKIE_SECURE = true; - server = { - PROTOCOL = "http+unix"; - DOMAIN = "git.baduhai.dev"; - ROOT_URL = "https://git.baduhai.dev"; - OFFLINE_MODE = true; # disable use of CDNs - SSH_DOMAIN = "baduhai.dev"; + services = { + forgejo = { + enable = true; + repositoryRoot = "/data/forgejo"; + settings = { + session.COOKIE_SECURE = true; + server = { + PROTOCOL = "http+unix"; + DOMAIN = "git.baduhai.dev"; + ROOT_URL = "https://git.baduhai.dev"; + OFFLINE_MODE = true; # disable use of CDNs + SSH_DOMAIN = "baduhai.dev"; + }; + log.LEVEL = "Warn"; + mailer.ENABLED = false; + actions.ENABLED = false; + service.DISABLE_REGISTRATION = true; + oauth2_client = { + ENABLE_AUTO_REGISTRATION = true; + UPDATE_AVATAR = true; + ACCOUNT_LINKING = "login"; + USERNAME = "preferred_username"; + }; }; - log.LEVEL = "Warn"; - mailer.ENABLED = false; - actions.ENABLED = false; - service.DISABLE_REGISTRATION = true; - oauth2_client = { - ENABLE_AUTO_REGISTRATION = true; - UPDATE_AVATAR = true; - ACCOUNT_LINKING = "login"; - USERNAME = "preferred_username"; + }; + nginx.virtualHosts = mkNginxVHosts { + domains."git.baduhai.dev".locations."/".proxyPass = + "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; + }; + fail2ban.jails.forgejo = { + settings = { + enabled = true; + filter = "forgejo"; + logpath = "${config.services.forgejo.stateDir}/log/forgejo.log"; + maxretry = 10; + findtime = "1h"; + bantime = "15m"; }; }; }; - services.nginx.virtualHosts = mkNginxVHosts { - domains."git.baduhai.dev".locations."/".proxyPass = - "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; - }; + environment.etc."fail2ban/filter.d/forgejo.conf".text = '' + [Definition] + failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from + ignoreregex = + ''; } diff --git a/hosts/trantor/openssh.nix b/hosts/trantor/openssh.nix new file mode 100644 index 0000000..51d8795 --- /dev/null +++ b/hosts/trantor/openssh.nix @@ -0,0 +1,23 @@ +{ ... }: + +{ + services = { + openssh = { + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; + fail2ban.jails.sshd = { + settings = { + enabled = true; + port = "ssh"; + filter = "sshd"; + logpath = "/var/log/auth.log"; + maxretry = 5; + findtime = "10m"; + bantime = "1h"; + }; + }; + }; +} From f979314a3cc34dc37c99f2928cd163f0327907d1 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 13:15:12 -0300 Subject: [PATCH 103/206] new readme --- readme.md | 184 ++++++++++++++++++++++-------------------------------- 1 file changed, 74 insertions(+), 110 deletions(-) diff --git a/readme.md b/readme.md index 2804237..1f44455 100644 --- a/readme.md +++ b/readme.md @@ -1,123 +1,87 @@ # NixOS Configuration -A declarative, modular NixOS/Home Manager flake configuration managing multiple systems with a tag-based architecture for maximum code reuse and flexibility. +My personal NixOS configuration for multiple hosts, users, resources... too many things to list. If I could put my life in a flake I would. ## Hosts -| Host | Type | System | Version | Description | -|------|------|--------|---------|-------------| -| **rotterdam** | Desktop | x86_64-linux | NixOS Unstable | Primary workstation with gaming, development | -| **io** | Laptop | x86_64-linux | NixOS Unstable | Mobile workstation | -| **alexandria** | Server/NAS | x86_64-linux | NixOS 25.05 | Personal server running Nextcloud, Forgejo, Jellyfin, Vaultwarden | -| **trantor** | VPS | aarch64-linux | NixOS 25.05 | Oracle Cloud instance | +### Desktop Systems +- **rotterdam** - Main desktop workstation (x86_64) + - Features: Desktop, AI tools, Bluetooth, Dev environment, Gaming, Virtualization (libvirtd), Podman + - Storage: Ephemeral root with LUKS encryption -## Key Features +- **io** - Secondary desktop (x86_64) + - Features: Desktop, AI tools, Bluetooth, Dev environment, Podman + - Storage: Ephemeral root with LUKS encryption -### Architecture -- **Tag-based module system** - Compose configurations using tags instead of traditional inheritance -- **Flake-based** - Fully reproducible builds with locked dependencies -- **Multi-platform** - Supports both x86_64 and aarch64 architectures -- **Deployment automation** - Remote deployment via deploy-rs +### Servers +- **alexandria** - Home server (x86_64) + - Hosts: Nextcloud, Vaultwarden, Jellyfin, Kanidm -### Desktop Experience -- **Niri compositor** - Custom fork with auto-centering window columns -- **Unified theming** - Stylix-based theming -- **Wayland-native** - Full Wayland support -- **Ephemeral root** - Impermanent filesystem using BTRFS for atomic rollback capability +- **trantor** - Cloud server (aarch64) + - Hosts: Forgejo + - Cloud provider: Oracle Cloud Infrastructure + - Storage: Ephemeral root with btrfs -### Self-Hosted Services -- **Nextcloud** - Cloud storage with calendar, contacts, and notes -- **Forgejo** - Self-hosted Git server -- **Jellyfin** - Media streaming -- **Vaultwarden** - Password manager backend -- **LibreSpeed** - Network speed testing -- All services behind Nginx and Tailscale with automatic SSL via Let's Encrypt +## Home Manager Configurations + +- **user@rotterdam** - Full desktop setup with gaming, OBS, and complete development environment +- **user@io** - Lightweight desktop setup + +Both configurations include: +- btop, direnv, helix, starship, tmux +- Stylix theme management +- Fish shell with custom configurations + +## Terranix Configurations + +Infrastructure as code using Terranix (NixOS + Terraform/OpenTofu): + +- **oci-trantor** - Oracle Cloud Infrastructure provisioning for Trantor server +- **cloudflare-baduhaidev** - DNS and CDN configuration for baduhai.dev domain +- **tailscale-tailnet** - Tailscale network ACL and device management + +## Services + +All services are accessible via custom domains under baduhai.dev: + +- **Kanidm** (auth.baduhai.dev) - Identity and access management +- **Vaultwarden** (pass.baduhai.dev) - Password manager +- **Forgejo** (git.baduhai.dev) - Git forge (publicly accessible) +- **Nextcloud** (cloud.baduhai.dev) - File sync and collaboration +- **Jellyfin** (jellyfin.baduhai.dev) - Media server + +Services are accessible via: +- LAN for alexandria-hosted services +- Tailscale VPN for all services +- Public internet for Forgejo only + +## Notable Features + +### Ephemeral Root +Rotterdam, io, and trantor use an ephemeral root filesystem that resets on every boot: +- Root filesystem is automatically rolled back using btrfs snapshots +- Old snapshots retained for 30 days +- Persistent data stored in dedicated subvolumes +- Implements truly stateless systems + +### Custom DNS Architecture +- Unbound DNS servers on both alexandria and trantor +- Service routing based on visibility flags (public/LAN/Tailscale) +- Split-horizon DNS for optimal access paths ### Security -- **Agenix** - Encrypted secrets management -- **Tailscale** - Zero-config VPN mesh network -- **Firewall** - Configured on all hosts -- SSH key-based authentication +- LUKS full-disk encryption on desktop systems +- Fail2ban on public-facing servers +- agenix for secrets management +- Tailscale for secure remote access -## Repository Structure +### Desktop Environment +- Custom Niri window manager (Wayland compositor) +- Using forked version with auto-centering feature +- Stylix for consistent theming -``` -. -├── flake.nix # Main flake definition -├── utils.nix # Tag-based module system utilities -├── nixosConfigurations.nix # Host definitions with tags -├── homeConfigurations.nix # User configurations -├── deploy.nix # Remote deployment configuration -├── hosts/ -│ ├── alexandria/ # Server-specific config -│ ├── io/ # Laptop-specific config -│ ├── rotterdam/ # Desktop-specific config -│ ├── trantor/ # VPS-specific config -│ └── modules/ -│ ├── common/ # Shared base configuration -│ ├── desktop/ # Desktop environment setup -│ ├── server/ # Server-specific modules -│ └── [tag].nix # Optional feature modules -├── users/ -│ └── modules/ # Home Manager configurations -│ └── [tag].nix # Optional feature modules -├── packages/ # Custom package definitions -└── secrets/ # Encrypted secrets (agenix) -``` - -## Tag System - -Configurations are composed using tags that map to modules: - -**Common Tags** (all hosts): -- `common` - Base system configuration (automatically applied) - -**General Tags**: -- `desktop` - *Mostly* full desktop environment with Niri WM -- `dev` - Development tools and environments -- `gaming` - Steam, Heroic, gamemode, controller support -- `ephemeral` - Impermanent root filesystem -- `networkmanager` - WiFi and network management -- `libvirtd` - KVM/QEMU virtualization -- `podman` - Container runtime -- `bluetooth` - Bluetooth support -- `fwupd` - Firmware update daemon - -**Server Tags**: -- `server` - Server-specific configuration - -## Usage - -### Rebuilding a Configuration - -```bash -# Local rebuild -sudo nixos-rebuild switch --flake .#hostname - -# Remote deployment -deploy .#hostname -``` - -### Updating Dependencies - -```bash -nix flake update -``` - -### Adding a New Host - -1. Create host directory in `hosts/` -2. Define configuration in `nixosConfigurations.nix` with appropriate tags -3. Add deployment profile in `deploy.nix` if needed - -## Dependencies - -- [nixpkgs](https://github.com/NixOS/nixpkgs) - Stable (25.05) and unstable channels -- [home-manager](https://github.com/nix-community/home-manager) - User configuration -- [agenix](https://github.com/ryantm/agenix) - Secrets management -- [disko](https://github.com/nix-community/disko) - Declarative disk partitioning -- [stylix](https://github.com/danth/stylix) - System-wide theming -- [niri-flake](https://github.com/sodiboo/niri-flake) - Wayland compositor (custom fork) -- [impermanence](https://github.com/nix-community/impermanence) - Ephemeral filesystem support -- [deploy-rs](https://github.com/serokell/deploy-rs) - Remote deployment -- [nix-flatpak](https://github.com/gmodena/nix-flatpak) - Declarative Flatpak management +### Development Setup +- Nix flakes for reproducible builds +- deploy-rs for automated deployments +- Podman for containerization +- Complete AI tooling integration From 0961eb8f767d8be58798df36fbac01522f187745 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 13:37:04 -0300 Subject: [PATCH 104/206] dns records only for actual services --- .gitignore | 2 ++ terranix/cloudflare/baduhai.dev.nix | 36 ++++++++--------------------- 2 files changed, 12 insertions(+), 26 deletions(-) diff --git a/.gitignore b/.gitignore index b59fd44..73105bb 100644 --- a/.gitignore +++ b/.gitignore @@ -3,6 +3,8 @@ result result-* .direnv/ oci-trantor/ +tailscale-tailnet/ +cloudflare-baduhaidev # Personal notes and temporary files todo.md diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix index 3a5e6ee..1b456f3 100644 --- a/terranix/cloudflare/baduhai.dev.nix +++ b/terranix/cloudflare/baduhai.dev.nix @@ -15,13 +15,17 @@ let # Public services point to trantor's public IP # Private services point to their tailscale IP mkServiceRecords = lib.listToAttrs ( - lib.imap0 (i: svc: + lib.imap0 ( + i: svc: let subdomain = getSubdomain svc.domain; - targetIP = if svc.public or false - then config.data.terraform_remote_state.trantor "outputs.instance_public_ip" - else svc.tailscaleIP; - in { + targetIP = + if svc.public or false then + config.data.terraform_remote_state.trantor "outputs.instance_public_ip" + else + svc.tailscaleIP; + in + { name = "service_${toString i}"; value = { zone_id = config.variable.zone_id.default; @@ -78,25 +82,5 @@ in }; }; - resource = { - cloudflare_dns_record = mkServiceRecords // { - root = { - zone_id = config.variable.zone_id.default; - name = "@"; - type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; - proxied = false; - ttl = 3600; - }; - - www = { - zone_id = config.variable.zone_id.default; - name = "www"; - type = "A"; - content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip"; - proxied = false; - ttl = 3600; - }; - }; - }; + resource.cloudflare_dns_record = mkServiceRecords; } From 3d71b8c1b849fa6b31ae1480a03f66f0a26b3d01 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 13:41:41 -0300 Subject: [PATCH 105/206] update readme.md --- readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/readme.md b/readme.md index 1f44455..7de1cbe 100644 --- a/readme.md +++ b/readme.md @@ -1,6 +1,6 @@ -# NixOS Configuration +# Nix Configuration -My personal NixOS configuration for multiple hosts, users, resources... too many things to list. If I could put my life in a flake I would. +My personal Nix configuration for multiple NixOS hosts, home-manager users, miscellaneous resources... too many things to list. If I could put my life in a flake I would. ## Hosts From 09a4092b92ad0492d486a893232352775cff3105 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 13:56:57 -0300 Subject: [PATCH 106/206] better noctalia integration for niri --- users/modules/desktop/niri.nix | 43 ++++++++++++++++------------------ 1 file changed, 20 insertions(+), 23 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 1f6a1bf..4d18e6a 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -8,7 +8,6 @@ let isRotterdam = hostname == "rotterdam"; - noctalia = "${lib.getExe inputs.noctalia.packages.${pkgs.system}.default}"; in { @@ -30,7 +29,10 @@ in }; home = { - packages = with pkgs; [ xwayland-satellite ]; + packages = with pkgs; [ + xwayland-satellite + inputs.noctalia.packages.${pkgs.system}.default + ]; sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; }; @@ -91,23 +93,18 @@ in inactive-color "#505050" urgent-color "#9b0000" } - tab-indicator { - width 4 - gap 4 - place-within-column - } - ${lib.optionalString isRotterdam '' - struts { - left 8 - right 8 - }''} + tab-indicator { + width 4 + gap 4 + place-within-column + } } overview { zoom 0.65 } - spawn-at-startup "${noctalia}" + spawn-at-startup "noctalia-shell" "-d" layer-rule { match namespace="^wallpaper$" place-within-backdrop true @@ -143,18 +140,18 @@ in } binds { - Alt+Space { spawn "${noctalia}" "ipc" "call" "launcher" "toggle"; } - XF86AudioRaiseVolume allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "volume" "increase"; } - XF86AudioLowerVolume allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "volume" "decrease"; } - XF86AudioMute allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "volume" "muteOutput"; } - XF86MonBrightnessUp allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "brightness" "increase"; } - XF86MonBrightnessDown allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "brightness" "decrease"; } + Alt+Space { spawn "noctalia-shell" "ipc" "call" "launcher" "toggle"; } + XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; } + XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; } + XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; } + XF86MonBrightnessUp allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "increase"; } + XF86MonBrightnessDown allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "decrease"; } XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; } XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } - Mod+V { spawn "${noctalia}" "ipc" "call" "launcher" "clipboard"; } - Mod+Shift+L { spawn "${noctalia}" "ipc" "call" "lockScreen" "toggle"; } + Mod+V { spawn "noctalia-shell" "ipc" "call" "launcher" "clipboard"; } + Mod+Shift+L { spawn "noctalia-shell" "ipc" "call" "lockScreen" "toggle"; } Mod+Return { spawn "ghostty"; } Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } Mod+W repeat=false { toggle-overview; } @@ -228,8 +225,8 @@ in Mod+Print { screenshot; } Ctrl+Print { screenshot-window; } Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } - Mod+Alt+E { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } - Ctrl+Alt+Delete { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } + Mod+Alt+E { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } + Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } Mod+Ctrl+P { power-off-monitors; } } ''; From 5af6c53d817710c3a26e403b9b9c3d0439311efd Mon Sep 17 00:00:00 2001 From: william Date: Sun, 9 Nov 2025 16:28:17 -0300 Subject: [PATCH 107/206] Update readme.md --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 7de1cbe..a2b815f 100644 --- a/readme.md +++ b/readme.md @@ -9,7 +9,7 @@ My personal Nix configuration for multiple NixOS hosts, home-manager users, misc - Features: Desktop, AI tools, Bluetooth, Dev environment, Gaming, Virtualization (libvirtd), Podman - Storage: Ephemeral root with LUKS encryption -- **io** - Secondary desktop (x86_64) +- **io** - Laptop workstation (x86_64) - Features: Desktop, AI tools, Bluetooth, Dev environment, Podman - Storage: Ephemeral root with LUKS encryption From 5906fa6f3656db778ff9e9e09b510b5091286fa7 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 16:31:52 -0300 Subject: [PATCH 108/206] fix forgejo's ssh domain --- hosts/trantor/forgejo.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix index 227bcb4..25acf4e 100644 --- a/hosts/trantor/forgejo.nix +++ b/hosts/trantor/forgejo.nix @@ -20,7 +20,7 @@ in DOMAIN = "git.baduhai.dev"; ROOT_URL = "https://git.baduhai.dev"; OFFLINE_MODE = true; # disable use of CDNs - SSH_DOMAIN = "baduhai.dev"; + SSH_DOMAIN = "git.baduhai.dev"; }; log.LEVEL = "Warn"; mailer.ENABLED = false; From ae6d46012baec67e00c58328fbb5148da6cfad53 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 16:57:17 -0300 Subject: [PATCH 109/206] fail2ban: fix config; forgejo: repository path and persistency --- hosts/trantor/fail2ban.nix | 20 -------------------- hosts/trantor/forgejo.nix | 34 ++++++++++++++++++++++++---------- hosts/trantor/openssh.nix | 2 +- 3 files changed, 25 insertions(+), 31 deletions(-) diff --git a/hosts/trantor/fail2ban.nix b/hosts/trantor/fail2ban.nix index 4ef1bbc..bc05139 100644 --- a/hosts/trantor/fail2ban.nix +++ b/hosts/trantor/fail2ban.nix @@ -12,7 +12,6 @@ "192.168.0.0/16" "100.64.0.0/10" ]; - bantime = "1h"; bantime-increment = { enable = true; @@ -20,24 +19,5 @@ maxtime = "10000h"; overalljails = true; }; - - jails.forgejo = { - settings = { - enabled = true; - filter = "forgejo"; - backend = "systemd"; - maxretry = 10; - findtime = "1h"; - bantime = "15m"; - }; - }; }; - - # Custom fail2ban filter for Forgejo using systemd journal - environment.etc."fail2ban/filter.d/forgejo.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - journalmatch = _SYSTEMD_UNIT=forgejo.service - failregex = Failed authentication attempt for .+ from :\d+: - ignoreregex = - ''); } diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix index 25acf4e..fdfa64a 100644 --- a/hosts/trantor/forgejo.nix +++ b/hosts/trantor/forgejo.nix @@ -4,15 +4,16 @@ inputs, ... }: + let utils = import ../../utils.nix { inherit inputs lib; }; inherit (utils) mkNginxVHosts; in + { services = { forgejo = { enable = true; - repositoryRoot = "/data/forgejo"; settings = { session.COOKIE_SECURE = true; server = { @@ -42,17 +43,30 @@ in settings = { enabled = true; filter = "forgejo"; - logpath = "${config.services.forgejo.stateDir}/log/forgejo.log"; - maxretry = 10; - findtime = "1h"; - bantime = "15m"; + maxretry = 3; + findtime = "10m"; + bantime = "1h"; }; }; }; - environment.etc."fail2ban/filter.d/forgejo.conf".text = '' - [Definition] - failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from - ignoreregex = - ''; + environment = { + etc."fail2ban/filter.d/forgejo.conf".text = '' + [Definition] + failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from + ignoreregex = + journalmatch = _SYSTEMD_UNIT=forgejo.service + ''; + + persistence.main.directories = [ + { + directory = config.services.forgejo.stateDir; + inherit (config.services.forgejo) user group; + mode = "0700"; + } + ]; + }; + + # Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories + systemd.services.forgejo.serviceConfig.PrivateMounts = lib.mkForce false; } diff --git a/hosts/trantor/openssh.nix b/hosts/trantor/openssh.nix index 51d8795..704b3df 100644 --- a/hosts/trantor/openssh.nix +++ b/hosts/trantor/openssh.nix @@ -14,7 +14,7 @@ port = "ssh"; filter = "sshd"; logpath = "/var/log/auth.log"; - maxretry = 5; + maxretry = 3; findtime = "10m"; bantime = "1h"; }; From bb0ea2769656f6278e632ad65310bc57d6569513 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 9 Nov 2025 19:01:37 -0300 Subject: [PATCH 110/206] niri keybinds --- users/modules/desktop/niri.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 4d18e6a..08bcc4a 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -167,10 +167,6 @@ in Mod+L { focus-column-right; } Mod+J { focus-window-or-workspace-down; } Mod+K { focus-window-or-workspace-up; } - Ctrl+Alt+J { focus-workspace-down; } - Ctrl+Alt+K { focus-workspace-up; } - Ctrl+Alt+Down { focus-workspace-down; } - Ctrl+Alt+Up { focus-workspace-up; } Mod+Ctrl+Left { move-column-left; } Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } From b602a78bb33f941deaa4d74c911ab9b8e8574f82 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 10 Nov 2025 07:51:29 -0300 Subject: [PATCH 111/206] vicinae as a launcher --- flake.lock | 71 ++++++++++++++++++++++++++++++- flake.nix | 2 + users/modules/desktop/desktop.nix | 8 +++- users/modules/desktop/niri.nix | 4 +- 4 files changed, 81 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 3b994bf..893a87d 100644 --- a/flake.lock +++ b/flake.lock @@ -299,6 +299,24 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_8" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "fromYaml": { "flake": false, "locked": { @@ -647,6 +665,22 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1762111121, + "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1755615617, "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", @@ -877,6 +911,7 @@ "noctalia": "noctalia", "stylix": "stylix", "terranix": "terranix", + "vicinae": "vicinae", "zen-browser": "zen-browser" } }, @@ -1060,6 +1095,21 @@ "type": "github" } }, + "systems_8": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "terranix": { "inputs": { "flake-parts": "flake-parts_3", @@ -1202,6 +1252,25 @@ "type": "github" } }, + "vicinae": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_10" + }, + "locked": { + "lastModified": 1762709887, + "narHash": "sha256-8BoGGsWfkS/2ODBSCYd5HJNFGuLY8fFl27rXmWClXQw=", + "owner": "vicinaehq", + "repo": "vicinae", + "rev": "54722e36137d8273ef0a5db37776fb8302c79238", + "type": "github" + }, + "original": { + "owner": "vicinaehq", + "repo": "vicinae", + "type": "github" + } + }, "xwayland-satellite-stable": { "flake": false, "locked": { @@ -1238,7 +1307,7 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_11" }, "locked": { "lastModified": 1762131860, diff --git a/flake.nix b/flake.nix index af148c1..c5c3880 100644 --- a/flake.nix +++ b/flake.nix @@ -51,6 +51,8 @@ }; nix-ai-tools.url = "github:numtide/nix-ai-tools"; + + vicinae.url = "github:vicinaehq/vicinae"; }; outputs = diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index df6f380..6940e1f 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -1,15 +1,21 @@ { - config, inputs, pkgs, ... }: { + imports = [ inputs.vicinae.homeManagerModules.default ]; + fonts.fontconfig.enable = true; home.packages = with pkgs; [ xwayland-satellite ]; + services.vicinae = { + enable = true; + autoStart = true; + }; + programs = { ghostty = { diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 08bcc4a..09767e6 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -140,7 +140,7 @@ in } binds { - Alt+Space { spawn "noctalia-shell" "ipc" "call" "launcher" "toggle"; } + Alt+Space repeat=false { spawn "vicinae" "toggle"; } XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; } XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; } XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; } @@ -150,7 +150,7 @@ in XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } - Mod+V { spawn "noctalia-shell" "ipc" "call" "launcher" "clipboard"; } + Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; } Mod+Shift+L { spawn "noctalia-shell" "ipc" "call" "lockScreen" "toggle"; } Mod+Return { spawn "ghostty"; } Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } From e95ba0215b47cdabb5a05749baea80146bea95ec Mon Sep 17 00:00:00 2001 From: William Date: Mon, 10 Nov 2025 11:04:55 -0300 Subject: [PATCH 112/206] new ssh key for himalia --- hosts/modules/common/users.nix | 3 ++- terranix/oci/trantor.nix | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/hosts/modules/common/users.nix b/hosts/modules/common/users.nix index 0572153..7dd6490 100644 --- a/hosts/modules/common/users.nix +++ b/hosts/modules/common/users.nix @@ -10,8 +10,9 @@ "wheel" ]; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" ]; hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; }; diff --git a/terranix/oci/trantor.nix b/terranix/oci/trantor.nix index bb06585..170ad04 100644 --- a/terranix/oci/trantor.nix +++ b/terranix/oci/trantor.nix @@ -53,6 +53,7 @@ ssh_public_keys = { default = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" ]; From 489af5a79fe4b563018c39b9d1862a816eebec6b Mon Sep 17 00:00:00 2001 From: William Date: Mon, 10 Nov 2025 11:46:54 -0300 Subject: [PATCH 113/206] new noctalia ipc command --- users/modules/desktop/niri.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 09767e6..0cb5db8 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -151,7 +151,7 @@ in XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; } - Mod+Shift+L { spawn "noctalia-shell" "ipc" "call" "lockScreen" "toggle"; } + Mod+Shift+L repeat=false { spawn "noctalia-shell" "ipc" "call" "lockScreen" "lock"; } Mod+Return { spawn "ghostty"; } Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } Mod+W repeat=false { toggle-overview; } From 0925a66f2218434b3bb70cd0f14b440db7b5fbc7 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 13 Nov 2025 14:26:35 -0300 Subject: [PATCH 114/206] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nix-ai-tools': 'github:numtide/nix-ai-tools/aaee8f2df1325c7f212d769515092162bcac31a7?narHash=sha256-aWt5CgOsQiiq%2BcaxF0iqp56kfHRkv8Tnz0X9DhJeBEE%3D' (2025-11-06) → 'github:numtide/nix-ai-tools/58d5d222d6802a75c1ed637d049ea438d199051a?narHash=sha256-pQ2XzsB/n8E5FWYnICZu/BzkKy8a50EzmUGTCo5SeHg%3D' (2025-11-13) • Updated input 'nix-ai-tools/nixpkgs': 'github:NixOS/nixpkgs/b3d51a0365f6695e7dd5cdf3e180604530ed33b4?narHash=sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw%3D' (2025-11-02) → 'github:NixOS/nixpkgs/9da7f1cf7f8a6e2a7cb3001b048546c92a8258b4?narHash=sha256-SlybxLZ1/e4T2lb1czEtWVzDCVSTvk9WLwGhmxFmBxI%3D' (2025-11-11) • Updated input 'nix-ai-tools/treefmt-nix': 'github:numtide/treefmt-nix/97a30861b13c3731a84e09405414398fbf3e109f?narHash=sha256-aF5fvoZeoXNPxT0bejFUBXeUjXfHLSL7g%2BmjR/p5TEg%3D' (2025-11-06) → 'github:numtide/treefmt-nix/5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4?narHash=sha256-AlEObg0syDl%2BSpi4LsZIBrjw%2BsnSVU4T8MOeuZJUJjM%3D' (2025-11-12) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 893a87d..1a520bd 100644 --- a/flake.lock +++ b/flake.lock @@ -511,11 +511,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1762442079, - "narHash": "sha256-aWt5CgOsQiiq+caxF0iqp56kfHRkv8Tnz0X9DhJeBEE=", + "lastModified": 1763040477, + "narHash": "sha256-pQ2XzsB/n8E5FWYnICZu/BzkKy8a50EzmUGTCo5SeHg=", "owner": "numtide", "repo": "nix-ai-tools", - "rev": "aaee8f2df1325c7f212d769515092162bcac31a7", + "rev": "58d5d222d6802a75c1ed637d049ea438d199051a", "type": "github" }, "original": { @@ -746,11 +746,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1762111121, - "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "lastModified": 1762844143, + "narHash": "sha256-SlybxLZ1/e4T2lb1czEtWVzDCVSTvk9WLwGhmxFmBxI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "rev": "9da7f1cf7f8a6e2a7cb3001b048546c92a8258b4", "type": "github" }, "original": { @@ -1221,11 +1221,11 @@ ] }, "locked": { - "lastModified": 1762410071, - "narHash": "sha256-aF5fvoZeoXNPxT0bejFUBXeUjXfHLSL7g+mjR/p5TEg=", + "lastModified": 1762938485, + "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "97a30861b13c3731a84e09405414398fbf3e109f", + "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4", "type": "github" }, "original": { From eebacb0f1fb1107076f5bd3cebafd95216ab1bad Mon Sep 17 00:00:00 2001 From: William Date: Thu, 13 Nov 2025 19:16:08 -0300 Subject: [PATCH 115/206] add power profiles daemon to io --- hosts/io/services.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/io/services.nix b/hosts/io/services.nix index 90fb737..df41a6f 100644 --- a/hosts/io/services.nix +++ b/hosts/io/services.nix @@ -49,6 +49,7 @@ }; }; upower.enable = true; + power-profiles-daemon.enable = true; }; # TODO: remove once gmodena/nix-flatpak/issues/45 fixed From 1dc55be5e1c4784b14e6eb655029528abf0cdcd1 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 18 Nov 2025 19:09:57 -0300 Subject: [PATCH 116/206] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nix-ai-tools': 'github:numtide/nix-ai-tools/58d5d222d6802a75c1ed637d049ea438d199051a?narHash=sha256-pQ2XzsB/n8E5FWYnICZu/BzkKy8a50EzmUGTCo5SeHg%3D' (2025-11-13) → 'github:numtide/nix-ai-tools/a2dfa932ed37e5b6224b39b4982c85cd8ebcca14?narHash=sha256-n6bChFrCf2/uHzTsZdABUt1%2BUa3n0jinNfamHd5DmBA%3D' (2025-11-17) • Updated input 'nix-ai-tools/blueprint': 'github:numtide/blueprint/633af1961cae8e02bc6195e6e599a6b09bf75217?narHash=sha256-wTQzbbQ6XHtvNJVuhJj%2BytZDRyNtwUKbrIfIvMvKNfQ%3D' (2025-10-28) → 'github:numtide/blueprint/5a9bba070f801d63e2af3c9ef00b86b212429f4f?narHash=sha256-O9Y%2BWer8wOh%2BN%2B4kcCK5p/VLrXyX%2Bktk0/s3HdZvJzk%3D' (2025-11-16) • Updated input 'nix-ai-tools/nixpkgs': 'github:NixOS/nixpkgs/9da7f1cf7f8a6e2a7cb3001b048546c92a8258b4?narHash=sha256-SlybxLZ1/e4T2lb1czEtWVzDCVSTvk9WLwGhmxFmBxI%3D' (2025-11-11) → 'github:NixOS/nixpkgs/85a6c4a07faa12aaccd81b36ba9bfc2bec974fa1?narHash=sha256-3YJkOBrFpmcusnh7i8GXXEyh7qZG/8F5z5%2B717550Hk%3D' (2025-11-16) --- flake.lock | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index 1a520bd..27c3580 100644 --- a/flake.lock +++ b/flake.lock @@ -100,11 +100,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1761645416, - "narHash": "sha256-wTQzbbQ6XHtvNJVuhJj+ytZDRyNtwUKbrIfIvMvKNfQ=", + "lastModified": 1763308703, + "narHash": "sha256-O9Y+Wer8wOh+N+4kcCK5p/VLrXyX+ktk0/s3HdZvJzk=", "owner": "numtide", "repo": "blueprint", - "rev": "633af1961cae8e02bc6195e6e599a6b09bf75217", + "rev": "5a9bba070f801d63e2af3c9ef00b86b212429f4f", "type": "github" }, "original": { @@ -511,11 +511,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1763040477, - "narHash": "sha256-pQ2XzsB/n8E5FWYnICZu/BzkKy8a50EzmUGTCo5SeHg=", + "lastModified": 1763412165, + "narHash": "sha256-n6bChFrCf2/uHzTsZdABUt1+Ua3n0jinNfamHd5DmBA=", "owner": "numtide", "repo": "nix-ai-tools", - "rev": "58d5d222d6802a75c1ed637d049ea438d199051a", + "rev": "a2dfa932ed37e5b6224b39b4982c85cd8ebcca14", "type": "github" }, "original": { @@ -746,16 +746,16 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1762844143, - "narHash": "sha256-SlybxLZ1/e4T2lb1czEtWVzDCVSTvk9WLwGhmxFmBxI=", + "lastModified": 1763312402, + "narHash": "sha256-3YJkOBrFpmcusnh7i8GXXEyh7qZG/8F5z5+717550Hk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9da7f1cf7f8a6e2a7cb3001b048546c92a8258b4", + "rev": "85a6c4a07faa12aaccd81b36ba9bfc2bec974fa1", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } From 53bce23a05b974de409f31ab033de1117f89ed44 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 27 Nov 2025 19:16:59 -0300 Subject: [PATCH 117/206] allow vm interface in firewall --- hosts/modules/libvirtd.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/modules/libvirtd.nix b/hosts/modules/libvirtd.nix index 41cfa27..aa2ae71 100644 --- a/hosts/modules/libvirtd.nix +++ b/hosts/modules/libvirtd.nix @@ -5,6 +5,8 @@ programs.virt-manager.enable = true; + networking.firewall.trustedInterfaces = [ "virbr0" ]; + users.users.user.extraGroups = [ "libvirt" "libvirtd" From b80fe6604ed6c2692e2fefffa2b731221ca1cc53 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 30 Nov 2025 09:46:19 -0300 Subject: [PATCH 118/206] add collabora office flatpak --- hosts/modules/desktop/desktop.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 03ec04b..55f19da 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -87,6 +87,15 @@ flatpak = { enable = true; packages = [ + ### Office & Productivity ### + rec { + appId = "com.collabora.Office"; + sha256 = "1im6s8p6wvj2hblr4mhn1g2rry77giccsi6mk76nk8d6bjp1fwa4"; + bundle = "${pkgs.fetchurl { + url = "https://cdn.collaboraoffice.com/collaboraoffice-v25.04.7.2_final.flatpak"; + inherit sha256; + }}"; + } ### Graphics & Design ### "com.boxy_svg.BoxySVG" rec { From fdf14765fd8bf4efd3031d7e17fd6e272ab33d1a Mon Sep 17 00:00:00 2001 From: William Date: Sun, 30 Nov 2025 09:46:47 -0300 Subject: [PATCH 119/206] cleaner shared services file --- shared/services.nix | 29 ++++++++++++----------------- utils.nix | 14 ++++++++++++-- 2 files changed, 24 insertions(+), 19 deletions(-) diff --git a/shared/services.nix b/shared/services.nix index 44f9208..1173b3b 100644 --- a/shared/services.nix +++ b/shared/services.nix @@ -1,48 +1,43 @@ # Shared service definitions for cross-host configuration -# Used by: -# - alexandria: DNS server (LAN) + service hosting (vaultwarden, nextcloud, jellyfin, kanidm) -# - trantor: DNS server (Tailnet) + service hosting (forgejo) { + # Host IP definitions + hosts = { + alexandria = { + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + }; + trantor = { + tailscaleIP = "100.108.5.90"; + }; + }; + + # Service definitions - IPs are inherited from host services = [ { name = "kanidm"; domain = "auth.baduhai.dev"; host = "alexandria"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - port = 8443; } { name = "vaultwarden"; domain = "pass.baduhai.dev"; host = "alexandria"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - port = 8222; } { name = "forgejo"; domain = "git.baduhai.dev"; host = "trantor"; public = true; - tailscaleIP = "100.108.5.90"; - port = 3000; } { name = "nextcloud"; domain = "cloud.baduhai.dev"; host = "alexandria"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - port = 443; } { name = "jellyfin"; domain = "jellyfin.baduhai.dev"; host = "alexandria"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - port = 8096; } ]; } diff --git a/utils.nix b/utils.nix index 8c20ab9..e65837c 100644 --- a/utils.nix +++ b/utils.nix @@ -11,11 +11,21 @@ let # Import shared service definitions sharedServices = import ./shared/services.nix; + + # Enrich services with host IP information + enrichedServices = builtins.map (svc: + let + hostInfo = sharedServices.hosts.${svc.host} or {}; + in + svc // lib.optionalAttrs (hostInfo ? lanIP) { inherit (hostInfo) lanIP; } + // lib.optionalAttrs (hostInfo ? tailscaleIP) { inherit (hostInfo) tailscaleIP; } + ) sharedServices.services; in { - # Re-export shared services for use in host configs - inherit (sharedServices) services; + # Re-export enriched services and hosts for use in host configs + services = enrichedServices; + inherit (sharedServices) hosts; # Tag-based host configuration system mkHost = { From 52169c319cfe17113522e36fdad334cfb951c765 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 30 Nov 2025 09:59:31 -0300 Subject: [PATCH 120/206] collabora is now the online office suite --- hosts/modules/desktop/desktop.nix | 2 -- users/modules/desktop/desktop.nix | 18 +++++++++--------- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 55f19da..cbb4fa0 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -31,8 +31,6 @@ aspellDicts.en aspellDicts.en-computers aspellDicts.pt_BR - libreoffice - onlyoffice-desktopeditors papers presenterm rnote diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index 6940e1f..0d95c56 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -100,17 +100,17 @@ "text/x-log" = "Helix.desktop"; "application/x-shellscript" = "Helix.desktop"; "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = - "onlyoffice-desktopeditors.desktop"; # DOCX + "com.collabora.Office.desktop"; # DOCX "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = - "onlyoffice-desktopeditors.desktop"; # XLSX + "com.collabora.Office.desktop"; # XLSX "application/vnd.openxmlformats-officedocument.presentationml.presentation" = - "onlyoffice-desktopeditors.desktop"; # PPTX - "application/vnd.oasis.opendocument.text" = "onlyoffice-desktopeditors.desktop"; # ODT - "application/vnd.oasis.opendocument.spreadsheet" = "onlyoffice-desktopeditors.desktop"; # ODS - "application/vnd.oasis.opendocument.presentation" = "onlyoffice-desktopeditors.desktop"; # ODP - "application/msword" = "onlyoffice-desktopeditors.desktop"; # DOC - "application/vnd.ms-excel" = "onlyoffice-desktopeditors.desktop"; # XLS - "application/vnd.ms-powerpoint" = "onlyoffice-desktopeditors.desktop"; # PPT + "com.collabora.Office.desktop"; # PPTX + "application/vnd.oasis.opendocument.text" = "com.collabora.Office.desktop"; # ODT + "application/vnd.oasis.opendocument.spreadsheet" = "com.collabora.Office.desktop"; # ODS + "application/vnd.oasis.opendocument.presentation" = "com.collabora.Office.desktop"; # ODP + "application/msword" = "com.collabora.Office.desktop"; # DOC + "application/vnd.ms-excel" = "com.collabora.Office.desktop"; # XLS + "application/vnd.ms-powerpoint" = "com.collabora.Office.desktop"; # PPT "application/zip" = "org.gnome.FileRoller.desktop"; "application/x-tar" = "org.gnome.FileRoller.desktop"; "application/x-compressed-tar" = "org.gnome.FileRoller.desktop"; From dc618a8d2853dbd344910cdaed22dac5371e965a Mon Sep 17 00:00:00 2001 From: William Date: Sun, 14 Dec 2025 11:01:03 -0300 Subject: [PATCH 121/206] update nixpkgs-stable to 25.11 --- flake.nix | 2 +- nixosConfigurations.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index c5c3880..d65e9d8 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ flake-parts.url = "github:hercules-ci/flake-parts"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05"; + nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11"; home-manager = { url = "github:nix-community/home-manager/master"; diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index c4969c1..43a0bba 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -38,7 +38,7 @@ in alexandria = mkHost { hostname = "alexandria"; tags = [ - # "server" TODO: uncomment when 25.11 is out. + "server" "fwupd" ]; }; From 7a0353280e49356d2641dc82630f08cd19baaed0 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 14 Dec 2025 11:02:15 -0300 Subject: [PATCH 122/206] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/9ba0d85de3eaa7afeab493fed622008b6e4924f5?narHash=sha256-lsNWuj4Z%2BpE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94%3D' (2025-10-28) → 'github:ryantm/agenix/fcdea223397448d35d9b31f798479227e80183f6?narHash=sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L%2BVSybPfiIgzU8lbQ%3D' (2025-11-08) • Updated input 'deploy-rs': 'github:serokell/deploy-rs/125ae9e3ecf62fb2c0fd4f2d894eb971f1ecaed2?narHash=sha256-N9gBKUmjwRKPxAafXEk1EGadfk2qDZPBQp4vXWPHINQ%3D' (2025-09-01) → 'github:serokell/deploy-rs/9c870f63e28ec1e83305f7f6cb73c941e699f74f?narHash=sha256-9I2H9x5We6Pl%2BDBYHjR1s3UT8wgwcpAH03kn9CqtdQc%3D' (2025-11-04) • Updated input 'disko': 'github:nix-community/disko/6f4cf5abbe318e4cd1e879506f6eeafd83f7b998?narHash=sha256-XOpKBp6HLzzMCbzW50TEuXN35zN5WGQREC7n34DcNMM%3D' (2025-10-31) → 'github:nix-community/disko/be1a6b8a05afdd5d5fa69fcaf3c4ead7014c9fd8?narHash=sha256-MjrytR2kiHYUnzX11cXaD31tS7kKdhM1KFaac0%2BKAig%3D' (2025-12-14) • Updated input 'disko/nixpkgs': 'github:NixOS/nixpkgs/dab3a6e781554f965bde3def0aa2fda4eb8f1708?narHash=sha256-lFNVsu/mHLq3q11MuGkMhUUoSXEdQjCHvpReaGP1S2k%3D' (2025-07-15) → 'github:NixOS/nixpkgs/a8d610af3f1a5fb71e23e08434d8d61a466fc942?narHash=sha256-v5afmLjn/uyD9EQuPBn7nZuaZVV9r%2BJerayK/4wvdWA%3D' (2025-11-20) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/0010412d62a25d959151790968765a70c436598b?narHash=sha256-z5PlZ47j50VNF3R%2BIMS9LmzI5fYRGY/Z5O5tol1c9I4%3D' (2025-11-01) → 'github:hercules-ci/flake-parts/5635c32d666a59ec9a55cab87e898889869f7b71?narHash=sha256-MhA7wmo/7uogLxiewwRRmIax70g6q1U/YemqTGoFHlM%3D' (2025-12-11) • Updated input 'home-manager': 'github:nix-community/home-manager/8c824254b1ed9e797f6235fc3c62f365893c561a?narHash=sha256-I%2B8yE5HVR2SFcHnW0771psQ/zn0qVzsKHY/gUM0nEVM%3D' (2025-11-03) → 'github:nix-community/home-manager/58bf3ecb2d0bba7bdf363fc8a6c4d49b4d509d03?narHash=sha256-yeCxFV/905Wr91yKt5zrVvK6O2CVXWRMSrxqlAZnLp0%3D' (2025-12-14) • Updated input 'niri-flake': 'github:sodiboo/niri-flake/df17789929ac80f4157b15724450db6a303a6dc9?narHash=sha256-U3SDbk7tIwLChpvb3FL66o8V0byaQ2RGMiy/3oLdxTI%3D' (2025-11-03) → 'github:sodiboo/niri-flake/ded1462ebc03ed723f0f9f5514e72469da687817?narHash=sha256-P9kQIIPSCqmKyHD/9wFZ4ezlqofnAzYBmolSF1f5xog%3D' (2025-12-14) • Updated input 'niri-flake/niri-unstable': 'github:YaLTeR/niri/a2ca2b3c866bc781b12c334a9f949b3db6d7c943?narHash=sha256-anRlNG6t7esBbF1%2BALDeathVBSclA0PEL52Vo0WnN5g%3D' (2025-11-03) → 'github:YaLTeR/niri/7c0898570ca5bd3f10fbf4cf2f8a00edc48d787b?narHash=sha256-Erk%2BypR8N%2BrCvjMdUB1N/v4jtm4QRH9k7r/9zh2HyC8%3D' (2025-12-14) • Updated input 'niri-flake/nixpkgs': 'github:NixOS/nixpkgs/2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15?narHash=sha256-kJ8lIZsiPOmbkJypG%2BB5sReDXSD1KGu2VEPNqhRa/ew%3D' (2025-10-31) → 'github:NixOS/nixpkgs/2fbfb1d73d239d2402a8fe03963e37aab15abe8b?narHash=sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0%3D' (2025-12-11) • Updated input 'niri-flake/nixpkgs-stable': 'github:NixOS/nixpkgs/3de8f8d73e35724bf9abef41f1bdbedda1e14a31?narHash=sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo%3D' (2025-11-01) → 'github:NixOS/nixpkgs/28bb483c11a1214a73f9fd2d9928a6e2ea86ec71?narHash=sha256-9Wx53UK0z8Di5iesJID0tS1dRKwGxI4i7tsSanOHhF0%3D' (2025-12-13) • Updated input 'niri-flake/xwayland-satellite-unstable': 'github:Supreeeme/xwayland-satellite/0728d59ff6463a502e001fb090f6eb92dbc04756?narHash=sha256-fBrUszJXmB4MY%2Bwf3QsCnqWHcz7u7fLq0QMAWCltIQg%3D' (2025-10-28) → 'github:Supreeeme/xwayland-satellite/f0ad674b7009a6afd80cea59d4fbf975dd68ee95?narHash=sha256-HtTPbV6z6AJPg2d0bHaJKFrnNha%2BSEbHvbJafKAQ614%3D' (2025-12-10) • Updated input 'nix-ai-tools': 'github:numtide/nix-ai-tools/a2dfa932ed37e5b6224b39b4982c85cd8ebcca14?narHash=sha256-n6bChFrCf2/uHzTsZdABUt1%2BUa3n0jinNfamHd5DmBA%3D' (2025-11-17) → 'github:numtide/nix-ai-tools/053759f30ef14cbd87c0a1a1d3e7c729ca0db83f?narHash=sha256-VPcX5z0A58pcbRb3I42fBig3zTPm9a71iwrfgkte2J4%3D' (2025-12-14) • Updated input 'nix-ai-tools/nixpkgs': 'github:NixOS/nixpkgs/85a6c4a07faa12aaccd81b36ba9bfc2bec974fa1?narHash=sha256-3YJkOBrFpmcusnh7i8GXXEyh7qZG/8F5z5%2B717550Hk%3D' (2025-11-16) → 'github:NixOS/nixpkgs/23735a82a828372c4ef92c660864e82fbe2f5fbe?narHash=sha256-yqHBL2wYGwjGL2GUF2w3tofWl8qO9tZEuI4wSqbCrtE%3D' (2025-12-13) • Updated input 'nix-index-database': 'github:nix-community/nix-index-database/359ff6333a7b0b60819d4c20ed05a3a1f726771f?narHash=sha256-Pu1v3mlFhRzZiSxVHb2/i/f5yeYyRNqr0RvEUJ4UgHo%3D' (2025-11-02) → 'github:nix-community/nix-index-database/82befcf7dc77c909b0f2a09f5da910ec95c5b78f?narHash=sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws%3D' (2025-12-09) • Updated input 'nixos-cli': 'github:nix-community/nixos-cli/5c259f72ae1eaa00b99354d81130d8fddb7f9a7a?narHash=sha256-IUm2nkbKlDkG94ruTmIYLERpBn6gXydm3scZIKzpcKs%3D' (2025-11-01) → 'github:nix-community/nixos-cli/a2019789319c1678be8dc68ecf34c83f948e7475?narHash=sha256-ToKVLDYAzKyStJgCA7W%2BRZObvwABK9fQ8i1wLUUOdLM%3D' (2025-12-11) • Added input 'nixos-cli/flake-parts': 'github:hercules-ci/flake-parts/2cccadc7357c0ba201788ae99c4dfa90728ef5e0?narHash=sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q%3D' (2025-11-21) • Added input 'nixos-cli/flake-parts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/719359f4562934ae99f5443f20aa06c2ffff91fc?narHash=sha256-b0yj6kfvO8ApcSE%2BQmA6mUfu8IYG6/uU28OFn4PaC8M%3D' (2025-10-29) • Updated input 'nixos-cli/nixpkgs': 'github:NixOS/nixpkgs/a7fc11be66bdfb5cdde611ee5ce381c183da8386?narHash=sha256-QoJjGd4NstnyOG4mm4KXF%2BweBzA2AH/7gn1Pmpfcb0A%3D' (2025-10-31) → 'github:NixOS/nixpkgs/23258e03aaa49b3a68597e3e50eb0cbce7e42e9d?narHash=sha256-nA5ywiGKl76atrbdZ5Aucd8SjF/v8ew9b9QsC%2BMKL14%3D' (2025-11-30) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15?narHash=sha256-kJ8lIZsiPOmbkJypG%2BB5sReDXSD1KGu2VEPNqhRa/ew%3D' (2025-10-31) → 'github:nixos/nixpkgs/2fbfb1d73d239d2402a8fe03963e37aab15abe8b?narHash=sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0%3D' (2025-12-11) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/3de8f8d73e35724bf9abef41f1bdbedda1e14a31?narHash=sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo%3D' (2025-11-01) → 'github:nixos/nixpkgs/28bb483c11a1214a73f9fd2d9928a6e2ea86ec71?narHash=sha256-9Wx53UK0z8Di5iesJID0tS1dRKwGxI4i7tsSanOHhF0%3D' (2025-12-13) • Updated input 'noctalia': 'github:noctalia-dev/noctalia-shell/5ca5aa602f58a8e0e73fedbef351f1cdf8cbe981?narHash=sha256-gHfzrTDSnNC5yRJwkZfP55fPHUc8DuB4OQEIBSQSs18%3D' (2025-11-03) → 'github:noctalia-dev/noctalia-shell/04852ccdc10ab7e289a4bd6f5987972196744e9d?narHash=sha256-4CUoczVKiEEGCVl4qw3jo9YRCpX6d53hw0KMptdaFCQ%3D' (2025-12-14) • Removed input 'noctalia/quickshell' • Removed input 'noctalia/quickshell/nixpkgs' • Removed input 'noctalia/systems' • Updated input 'stylix': 'github:danth/stylix/8c0640d5722a02178c8ee80a62c5f019cab4b3c1?narHash=sha256-wGiL2K3kAyBBmIZpJEskaSIgyzzpg0zwfvri%2BSy6/CI%3D' (2025-11-02) → 'github:danth/stylix/dd14de4432a94e93e10d0159f1d411487e435e1e?narHash=sha256-sDG%2Bc73xEnIw1pFNRWffKDnTWiTuyZiEP%2BIub0D3mWA%3D' (2025-12-11) • Updated input 'stylix/base16-helix': 'github:tinted-theming/base16-helix/27cf1e66e50abc622fb76a3019012dc07c678fac?narHash=sha256-0CQM%2BFkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM%3D' (2025-07-20) → 'github:tinted-theming/base16-helix/d646af9b7d14bff08824538164af99d0c521b185?narHash=sha256-m82fGUYns4uHd%2BZTdoLX2vlHikzwzdu2s2rYM2bNwzw%3D' (2025-10-17) • Updated input 'stylix/firefox-gnome-theme': 'github:rafaelmardojai/firefox-gnome-theme/0909cfe4a2af8d358ad13b20246a350e14c2473d?narHash=sha256-lizRM2pj6PHrR25yimjyFn04OS4wcdbc38DCdBVa2rk%3D' (2025-09-17) → 'github:rafaelmardojai/firefox-gnome-theme/66b7c635763d8e6eb86bd766de5a1e1fbfcc1047?narHash=sha256-OkFLrD3pFR952TrjQi1%2BVdj604KLcMnkpa7lkW7XskI%3D' (2025-12-03) • Updated input 'stylix/flake-parts': 'github:hercules-ci/flake-parts/4524271976b625a4a605beefd893f270620fd751?narHash=sha256-%2BuWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw%3D' (2025-09-01) → 'github:hercules-ci/flake-parts/2cccadc7357c0ba201788ae99c4dfa90728ef5e0?narHash=sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q%3D' (2025-11-21) • Updated input 'stylix/gnome-shell': 'github:GNOME/gnome-shell/8c88f917db0f1f0d80fa55206c863d3746fa18d0?narHash=sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0%3D' (2025-05-25) → 'gitlab:GNOME/gnome-shell/c0e1ad9f0f703fd0519033b8f46c3267aab51a22?host=gitlab.gnome.org&narHash=sha256-bTmNn3Q4tMQ0J/P0O5BfTQwqEnCiQIzOGef9/aqAZvk%3D' (2025-11-30) • Updated input 'stylix/nixpkgs': 'github:NixOS/nixpkgs/e643668fd71b949c53f8626614b21ff71a07379d?narHash=sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o%3D' (2025-09-24) → 'github:NixOS/nixpkgs/2d293cbfa5a793b4c50d17c05ef9e385b90edf6c?narHash=sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4%3D' (2025-11-30) • Updated input 'stylix/nur': 'github:nix-community/NUR/ba8d9c98f5f4630bcb0e815ab456afd90c930728?narHash=sha256-VLx0z396gDCGSiowLMFz5XRO/XuNV%2B4EnDYjdJhHvUk%3D' (2025-09-27) → 'github:nix-community/NUR/1d9616689e98beded059ad0384b9951e967a17fa?narHash=sha256-mCBl7MD1WZ7yCG6bR9MmpPO2VydpNkWFgnslJRIT1YU%3D' (2025-12-03) • Updated input 'stylix/tinted-schemes': 'github:tinted-theming/schemes/317a5e10c35825a6c905d912e480dfe8e71c7559?narHash=sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St%2BUrqkM%3D' (2025-09-12) → 'github:tinted-theming/schemes/0f6be815d258e435c9b137befe5ef4ff24bea32c?narHash=sha256-Hju0WtMf3iForxtOwXqGp3Ynipo0EYx1AqMKLPp9BJw%3D' (2025-11-23) • Updated input 'stylix/tinted-tmux': 'github:tinted-theming/tinted-tmux/d217ba31c846006e9e0ae70775b0ee0f00aa6b1e?narHash=sha256-n5ZJgmzGZXOD9pZdAl1OnBu3PIqD%2BX3vEBUGbTi4JiI%3D' (2025-09-14) → 'github:tinted-theming/tinted-tmux/edf89a780e239263cc691a987721f786ddc4f6aa?narHash=sha256-lbSVPqLEk2SqMrnpvWuKYGCaAlfWFMA6MVmcOFJjdjE%3D' (2025-11-30) • Updated input 'stylix/tinted-zed': 'github:tinted-theming/base16-zed/824fe0aacf82b3c26690d14e8d2cedd56e18404e?narHash=sha256-4EFOUyLj85NRL3OacHoLGEo0wjiRJzfsXtR4CZWAn6w%3D' (2025-09-14) → 'github:tinted-theming/base16-zed/907dbba5fb8cf69ebfd90b00813418a412d0a29a?narHash=sha256-rCD/pAhkMdCx6blsFwxIyvBJbPZZ1oL2sVFrH07lmqg%3D' (2025-11-30) • Updated input 'terranix': 'github:terranix/terranix/a79a47b4617dfb92184e2e5b8f5aa6fc06c659c8?narHash=sha256-J1L1yP29NVBJO04LA/JGM6kwhnjeNhEsX0tLFnuN3FI%3D' (2025-11-03) → 'github:terranix/terranix/3b5947a48da5694094b301a3b1ef7b22ec8b19fc?narHash=sha256-iVS4sxVgGn%2BT74rGJjEJbzx%2BkjsuaP3wdQVXBNJ79A0%3D' (2025-11-06) • Updated input 'vicinae': 'github:vicinaehq/vicinae/54722e36137d8273ef0a5db37776fb8302c79238?narHash=sha256-8BoGGsWfkS/2ODBSCYd5HJNFGuLY8fFl27rXmWClXQw%3D' (2025-11-09) → 'github:vicinaehq/vicinae/32cf6b1f82e007cddba9c9ae037eff670219cd55?narHash=sha256-etv2HJA9OWvTkjnrjaNSqvebu9gWLIGPYb9PWr4qkfM%3D' (2025-12-09) • Removed input 'vicinae/flake-utils' • Removed input 'vicinae/flake-utils/systems' • Added input 'vicinae/systems': 'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e?narHash=sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768%3D' (2023-04-09) • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/10e69cb268b1d3dc91135e72f5462b2acfbcc3aa?narHash=sha256-sIPhzkDrfe6ptthZiwoxQyO6rKd9PgJnl%2BLOyythQkI%3D' (2025-11-03) → 'github:0xc000022070/zen-browser-flake/463d3f091ad2b0ba2a4982f4181d22e452b2659d?narHash=sha256-rAWVEEbfWZKTaiqBA/ogkeHvbzlkDHZjZPHbjWUnpw8%3D' (2025-12-14) • Updated input 'zen-browser/home-manager': 'github:nix-community/home-manager/e8c19a3cec2814c754f031ab3ae7316b64da085b?narHash=sha256-S%2BwmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR%2Bkw%3D' (2025-07-15) → 'github:nix-community/home-manager/827f2a23373a774a8805f84ca5344654c31f354b?narHash=sha256-RYHN8O/Aja59XDji6WSJZPkJpYVUfpSkyH%2BPEupBJqM%3D' (2025-11-12) • Updated input 'zen-browser/nixpkgs': 'github:nixos/nixpkgs/20075955deac2583bb12f07151c2df830ef346b4?narHash=sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs%2BStOp19xNsbqdOg%3D' (2025-08-19) → 'github:nixos/nixpkgs/c5ae371f1a6a7fd27823bc500d9390b38c05fa55?narHash=sha256-4PqRErxfe%2B2toFJFgcRKZ0UI9NSIOJa%2B7RXVtBhy4KE%3D' (2025-11-12) --- flake.lock | 328 +++++++++++++++++++++++++---------------------------- 1 file changed, 154 insertions(+), 174 deletions(-) diff --git a/flake.lock b/flake.lock index 27c3580..6920bc0 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1761656077, - "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=", + "lastModified": 1762618334, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5", + "rev": "fcdea223397448d35d9b31f798479227e80183f6", "type": "github" }, "original": { @@ -61,11 +61,11 @@ "base16-helix": { "flake": false, "locked": { - "lastModified": 1752979451, - "narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=", + "lastModified": 1760703920, + "narHash": "sha256-m82fGUYns4uHd+ZTdoLX2vlHikzwzdu2s2rYM2bNwzw=", "owner": "tinted-theming", "repo": "base16-helix", - "rev": "27cf1e66e50abc622fb76a3019012dc07c678fac", + "rev": "d646af9b7d14bff08824538164af99d0c521b185", "type": "github" }, "original": { @@ -142,11 +142,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1756719547, - "narHash": "sha256-N9gBKUmjwRKPxAafXEk1EGadfk2qDZPBQp4vXWPHINQ=", + "lastModified": 1762286984, + "narHash": "sha256-9I2H9x5We6Pl+DBYHjR1s3UT8wgwcpAH03kn9CqtdQc=", "owner": "serokell", "repo": "deploy-rs", - "rev": "125ae9e3ecf62fb2c0fd4f2d894eb971f1ecaed2", + "rev": "9c870f63e28ec1e83305f7f6cb73c941e699f74f", "type": "github" }, "original": { @@ -160,11 +160,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1761899396, - "narHash": "sha256-XOpKBp6HLzzMCbzW50TEuXN35zN5WGQREC7n34DcNMM=", + "lastModified": 1765688338, + "narHash": "sha256-MjrytR2kiHYUnzX11cXaD31tS7kKdhM1KFaac0+KAig=", "owner": "nix-community", "repo": "disko", - "rev": "6f4cf5abbe318e4cd1e879506f6eeafd83f7b998", + "rev": "be1a6b8a05afdd5d5fa69fcaf3c4ead7014c9fd8", "type": "github" }, "original": { @@ -176,11 +176,11 @@ "firefox-gnome-theme": { "flake": false, "locked": { - "lastModified": 1758112371, - "narHash": "sha256-lizRM2pj6PHrR25yimjyFn04OS4wcdbc38DCdBVa2rk=", + "lastModified": 1764724327, + "narHash": "sha256-OkFLrD3pFR952TrjQi1+Vdj604KLcMnkpa7lkW7XskI=", "owner": "rafaelmardojai", "repo": "firefox-gnome-theme", - "rev": "0909cfe4a2af8d358ad13b20246a350e14c2473d", + "rev": "66b7c635763d8e6eb86bd766de5a1e1fbfcc1047", "type": "github" }, "original": { @@ -226,11 +226,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1762040540, - "narHash": "sha256-z5PlZ47j50VNF3R+IMS9LmzI5fYRGY/Z5O5tol1c9I4=", + "lastModified": 1765495779, + "narHash": "sha256-MhA7wmo/7uogLxiewwRRmIax70g6q1U/YemqTGoFHlM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "0010412d62a25d959151790968765a70c436598b", + "rev": "5635c32d666a59ec9a55cab87e898889869f7b71", "type": "github" }, "original": { @@ -241,17 +241,14 @@ }, "flake-parts_2": { "inputs": { - "nixpkgs-lib": [ - "stylix", - "nixpkgs" - ] + "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1756770412, - "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "lastModified": 1763759067, + "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "4524271976b625a4a605beefd893f270620fd751", + "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", "type": "github" }, "original": { @@ -261,6 +258,27 @@ } }, "flake-parts_3": { + "inputs": { + "nixpkgs-lib": [ + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1763759067, + "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "terranix", @@ -299,24 +317,6 @@ "type": "github" } }, - "flake-utils_2": { - "inputs": { - "systems": "systems_8" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "fromYaml": { "flake": false, "locked": { @@ -336,18 +336,20 @@ "gnome-shell": { "flake": false, "locked": { - "lastModified": 1748186689, - "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", + "host": "gitlab.gnome.org", + "lastModified": 1764524476, + "narHash": "sha256-bTmNn3Q4tMQ0J/P0O5BfTQwqEnCiQIzOGef9/aqAZvk=", "owner": "GNOME", "repo": "gnome-shell", - "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", - "type": "github" + "rev": "c0e1ad9f0f703fd0519033b8f46c3267aab51a22", + "type": "gitlab" }, "original": { + "host": "gitlab.gnome.org", "owner": "GNOME", - "ref": "48.2", + "ref": "gnome-49", "repo": "gnome-shell", - "type": "github" + "type": "gitlab" } }, "home-manager": { @@ -378,11 +380,11 @@ ] }, "locked": { - "lastModified": 1762178366, - "narHash": "sha256-I+8yE5HVR2SFcHnW0771psQ/zn0qVzsKHY/gUM0nEVM=", + "lastModified": 1765682243, + "narHash": "sha256-yeCxFV/905Wr91yKt5zrVvK6O2CVXWRMSrxqlAZnLp0=", "owner": "nix-community", "repo": "home-manager", - "rev": "8c824254b1ed9e797f6235fc3c62f365893c561a", + "rev": "58bf3ecb2d0bba7bdf363fc8a6c4d49b4d509d03", "type": "github" }, "original": { @@ -400,11 +402,11 @@ ] }, "locked": { - "lastModified": 1752603129, - "narHash": "sha256-S+wmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR+kw=", + "lastModified": 1762964643, + "narHash": "sha256-RYHN8O/Aja59XDji6WSJZPkJpYVUfpSkyH+PEupBJqM=", "owner": "nix-community", "repo": "home-manager", - "rev": "e8c19a3cec2814c754f031ab3ae7316b64da085b", + "rev": "827f2a23373a774a8805f84ca5344654c31f354b", "type": "github" }, "original": { @@ -458,11 +460,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1762152856, - "narHash": "sha256-U3SDbk7tIwLChpvb3FL66o8V0byaQ2RGMiy/3oLdxTI=", + "lastModified": 1765714461, + "narHash": "sha256-P9kQIIPSCqmKyHD/9wFZ4ezlqofnAzYBmolSF1f5xog=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "df17789929ac80f4157b15724450db6a303a6dc9", + "rev": "ded1462ebc03ed723f0f9f5514e72469da687817", "type": "github" }, "original": { @@ -491,11 +493,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1762146685, - "narHash": "sha256-anRlNG6t7esBbF1+ALDeathVBSclA0PEL52Vo0WnN5g=", + "lastModified": 1765687800, + "narHash": "sha256-Erk+ypR8N+rCvjMdUB1N/v4jtm4QRH9k7r/9zh2HyC8=", "owner": "YaLTeR", "repo": "niri", - "rev": "a2ca2b3c866bc781b12c334a9f949b3db6d7c943", + "rev": "7c0898570ca5bd3f10fbf4cf2f8a00edc48d787b", "type": "github" }, "original": { @@ -511,11 +513,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1763412165, - "narHash": "sha256-n6bChFrCf2/uHzTsZdABUt1+Ua3n0jinNfamHd5DmBA=", + "lastModified": 1765719830, + "narHash": "sha256-VPcX5z0A58pcbRb3I42fBig3zTPm9a71iwrfgkte2J4=", "owner": "numtide", "repo": "nix-ai-tools", - "rev": "a2dfa932ed37e5b6224b39b4982c85cd8ebcca14", + "rev": "053759f30ef14cbd87c0a1a1d3e7c729ca0db83f", "type": "github" }, "original": { @@ -547,11 +549,11 @@ ] }, "locked": { - "lastModified": 1762055842, - "narHash": "sha256-Pu1v3mlFhRzZiSxVHb2/i/f5yeYyRNqr0RvEUJ4UgHo=", + "lastModified": 1765267181, + "narHash": "sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "359ff6333a7b0b60819d4c20ed05a3a1f726771f", + "rev": "82befcf7dc77c909b0f2a09f5da910ec95c5b78f", "type": "github" }, "original": { @@ -584,15 +586,16 @@ "nixos-cli": { "inputs": { "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts_2", "nix-options-doc": "nix-options-doc", "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1761970410, - "narHash": "sha256-IUm2nkbKlDkG94ruTmIYLERpBn6gXydm3scZIKzpcKs=", + "lastModified": 1765423663, + "narHash": "sha256-ToKVLDYAzKyStJgCA7W+RZObvwABK9fQ8i1wLUUOdLM=", "owner": "nix-community", "repo": "nixos-cli", - "rev": "5c259f72ae1eaa00b99354d81130d8fddb7f9a7a", + "rev": "a2019789319c1678be8dc68ecf34c83f948e7475", "type": "github" }, "original": { @@ -632,34 +635,49 @@ "type": "github" } }, + "nixpkgs-lib_2": { + "locked": { + "lastModified": 1761765539, + "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { - "lastModified": 1761999846, - "narHash": "sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo=", + "lastModified": 1765608474, + "narHash": "sha256-9Wx53UK0z8Di5iesJID0tS1dRKwGxI4i7tsSanOHhF0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3de8f8d73e35724bf9abef41f1bdbedda1e14a31", + "rev": "28bb483c11a1214a73f9fd2d9928a6e2ea86ec71", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1761999846, - "narHash": "sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo=", + "lastModified": 1765608474, + "narHash": "sha256-9Wx53UK0z8Di5iesJID0tS1dRKwGxI4i7tsSanOHhF0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3de8f8d73e35724bf9abef41f1bdbedda1e14a31", + "rev": "28bb483c11a1214a73f9fd2d9928a6e2ea86ec71", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "repo": "nixpkgs", "type": "github" } @@ -682,11 +700,11 @@ }, "nixpkgs_11": { "locked": { - "lastModified": 1755615617, - "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", + "lastModified": 1762977756, + "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "20075955deac2583bb12f07151c2df830ef346b4", + "rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55", "type": "github" }, "original": { @@ -698,11 +716,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1752596105, - "narHash": "sha256-lFNVsu/mHLq3q11MuGkMhUUoSXEdQjCHvpReaGP1S2k=", + "lastModified": 1763618868, + "narHash": "sha256-v5afmLjn/uyD9EQuPBn7nZuaZVV9r+JerayK/4wvdWA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dab3a6e781554f965bde3def0aa2fda4eb8f1708", + "rev": "a8d610af3f1a5fb71e23e08434d8d61a466fc942", "type": "github" }, "original": { @@ -730,11 +748,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1761907660, - "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", + "lastModified": 1765472234, + "narHash": "sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", + "rev": "2fbfb1d73d239d2402a8fe03963e37aab15abe8b", "type": "github" }, "original": { @@ -746,11 +764,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1763312402, - "narHash": "sha256-3YJkOBrFpmcusnh7i8GXXEyh7qZG/8F5z5+717550Hk=", + "lastModified": 1765644376, + "narHash": "sha256-yqHBL2wYGwjGL2GUF2w3tofWl8qO9tZEuI4wSqbCrtE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "85a6c4a07faa12aaccd81b36ba9bfc2bec974fa1", + "rev": "23735a82a828372c4ef92c660864e82fbe2f5fbe", "type": "github" }, "original": { @@ -778,11 +796,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1761880412, - "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", + "lastModified": 1764527385, + "narHash": "sha256-nA5ywiGKl76atrbdZ5Aucd8SjF/v8ew9b9QsC+MKL14=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386", + "rev": "23258e03aaa49b3a68597e3e50eb0cbce7e42e9d", "type": "github" }, "original": { @@ -794,11 +812,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1761907660, - "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", + "lastModified": 1765472234, + "narHash": "sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", + "rev": "2fbfb1d73d239d2402a8fe03963e37aab15abe8b", "type": "github" }, "original": { @@ -810,11 +828,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1758690382, - "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", + "lastModified": 1764517877, + "narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e643668fd71b949c53f8626614b21ff71a07379d", + "rev": "2d293cbfa5a793b4c50d17c05ef9e385b90edf6c", "type": "github" }, "original": { @@ -828,16 +846,14 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ], - "quickshell": "quickshell", - "systems": "systems_5" + ] }, "locked": { - "lastModified": 1762156721, - "narHash": "sha256-gHfzrTDSnNC5yRJwkZfP55fPHUc8DuB4OQEIBSQSs18=", + "lastModified": 1765720248, + "narHash": "sha256-4CUoczVKiEEGCVl4qw3jo9YRCpX6d53hw0KMptdaFCQ=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "5ca5aa602f58a8e0e73fedbef351f1cdf8cbe981", + "rev": "04852ccdc10ab7e289a4bd6f5987972196744e9d", "type": "github" }, "original": { @@ -858,11 +874,11 @@ ] }, "locked": { - "lastModified": 1758998580, - "narHash": "sha256-VLx0z396gDCGSiowLMFz5XRO/XuNV+4EnDYjdJhHvUk=", + "lastModified": 1764773531, + "narHash": "sha256-mCBl7MD1WZ7yCG6bR9MmpPO2VydpNkWFgnslJRIT1YU=", "owner": "nix-community", "repo": "NUR", - "rev": "ba8d9c98f5f4630bcb0e815ab456afd90c930728", + "rev": "1d9616689e98beded059ad0384b9951e967a17fa", "type": "github" }, "original": { @@ -871,27 +887,6 @@ "type": "github" } }, - "quickshell": { - "inputs": { - "nixpkgs": [ - "noctalia", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1761821581, - "narHash": "sha256-nLuc6jA7z+H/6bHPEBSOYPbz7RtvNCZiTKmYItJuBmM=", - "ref": "refs/heads/master", - "rev": "db1777c20b936a86528c1095cbcb1ebd92801402", - "revCount": 699, - "type": "git", - "url": "https://git.outfoxxed.me/outfoxxed/quickshell" - }, - "original": { - "type": "git", - "url": "https://git.outfoxxed.me/outfoxxed/quickshell" - } - }, "root": { "inputs": { "agenix": "agenix", @@ -965,11 +960,11 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts_3", "gnome-shell": "gnome-shell", "nixpkgs": "nixpkgs_9", "nur": "nur", - "systems": "systems_6", + "systems": "systems_5", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -977,11 +972,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1762101397, - "narHash": "sha256-wGiL2K3kAyBBmIZpJEskaSIgyzzpg0zwfvri+Sy6/CI=", + "lastModified": 1765474444, + "narHash": "sha256-sDG+c73xEnIw1pFNRWffKDnTWiTuyZiEP+Iub0D3mWA=", "owner": "danth", "repo": "stylix", - "rev": "8c0640d5722a02178c8ee80a62c5f019cab4b3c1", + "rev": "dd14de4432a94e93e10d0159f1d411487e435e1e", "type": "github" }, "original": { @@ -1095,35 +1090,20 @@ "type": "github" } }, - "systems_8": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "terranix": { "inputs": { - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_4", "nixpkgs": [ "nixpkgs" ], - "systems": "systems_7" + "systems": "systems_6" }, "locked": { - "lastModified": 1762161791, - "narHash": "sha256-J1L1yP29NVBJO04LA/JGM6kwhnjeNhEsX0tLFnuN3FI=", + "lastModified": 1762472226, + "narHash": "sha256-iVS4sxVgGn+T74rGJjEJbzx+kjsuaP3wdQVXBNJ79A0=", "owner": "terranix", "repo": "terranix", - "rev": "a79a47b4617dfb92184e2e5b8f5aa6fc06c659c8", + "rev": "3b5947a48da5694094b301a3b1ef7b22ec8b19fc", "type": "github" }, "original": { @@ -1168,11 +1148,11 @@ "tinted-schemes": { "flake": false, "locked": { - "lastModified": 1757716333, - "narHash": "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM=", + "lastModified": 1763914658, + "narHash": "sha256-Hju0WtMf3iForxtOwXqGp3Ynipo0EYx1AqMKLPp9BJw=", "owner": "tinted-theming", "repo": "schemes", - "rev": "317a5e10c35825a6c905d912e480dfe8e71c7559", + "rev": "0f6be815d258e435c9b137befe5ef4ff24bea32c", "type": "github" }, "original": { @@ -1184,11 +1164,11 @@ "tinted-tmux": { "flake": false, "locked": { - "lastModified": 1757811970, - "narHash": "sha256-n5ZJgmzGZXOD9pZdAl1OnBu3PIqD+X3vEBUGbTi4JiI=", + "lastModified": 1764465359, + "narHash": "sha256-lbSVPqLEk2SqMrnpvWuKYGCaAlfWFMA6MVmcOFJjdjE=", "owner": "tinted-theming", "repo": "tinted-tmux", - "rev": "d217ba31c846006e9e0ae70775b0ee0f00aa6b1e", + "rev": "edf89a780e239263cc691a987721f786ddc4f6aa", "type": "github" }, "original": { @@ -1200,11 +1180,11 @@ "tinted-zed": { "flake": false, "locked": { - "lastModified": 1757811247, - "narHash": "sha256-4EFOUyLj85NRL3OacHoLGEo0wjiRJzfsXtR4CZWAn6w=", + "lastModified": 1764464512, + "narHash": "sha256-rCD/pAhkMdCx6blsFwxIyvBJbPZZ1oL2sVFrH07lmqg=", "owner": "tinted-theming", "repo": "base16-zed", - "rev": "824fe0aacf82b3c26690d14e8d2cedd56e18404e", + "rev": "907dbba5fb8cf69ebfd90b00813418a412d0a29a", "type": "github" }, "original": { @@ -1254,15 +1234,15 @@ }, "vicinae": { "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_10", + "systems": "systems_7" }, "locked": { - "lastModified": 1762709887, - "narHash": "sha256-8BoGGsWfkS/2ODBSCYd5HJNFGuLY8fFl27rXmWClXQw=", + "lastModified": 1765272078, + "narHash": "sha256-etv2HJA9OWvTkjnrjaNSqvebu9gWLIGPYb9PWr4qkfM=", "owner": "vicinaehq", "repo": "vicinae", - "rev": "54722e36137d8273ef0a5db37776fb8302c79238", + "rev": "32cf6b1f82e007cddba9c9ae037eff670219cd55", "type": "github" }, "original": { @@ -1291,11 +1271,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1761622056, - "narHash": "sha256-fBrUszJXmB4MY+wf3QsCnqWHcz7u7fLq0QMAWCltIQg=", + "lastModified": 1765343581, + "narHash": "sha256-HtTPbV6z6AJPg2d0bHaJKFrnNha+SEbHvbJafKAQ614=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "0728d59ff6463a502e001fb090f6eb92dbc04756", + "rev": "f0ad674b7009a6afd80cea59d4fbf975dd68ee95", "type": "github" }, "original": { @@ -1310,11 +1290,11 @@ "nixpkgs": "nixpkgs_11" }, "locked": { - "lastModified": 1762131860, - "narHash": "sha256-sIPhzkDrfe6ptthZiwoxQyO6rKd9PgJnl+LOyythQkI=", + "lastModified": 1765715981, + "narHash": "sha256-rAWVEEbfWZKTaiqBA/ogkeHvbzlkDHZjZPHbjWUnpw8=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "10e69cb268b1d3dc91135e72f5462b2acfbcc3aa", + "rev": "463d3f091ad2b0ba2a4982f4181d22e452b2659d", "type": "github" }, "original": { From 106198878c82360240d1fcdb7de9afc542f38d32 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 16 Dec 2025 07:14:29 -0300 Subject: [PATCH 123/206] virtualisation usb passthrough --- hosts/modules/libvirtd.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hosts/modules/libvirtd.nix b/hosts/modules/libvirtd.nix index aa2ae71..6bd154f 100644 --- a/hosts/modules/libvirtd.nix +++ b/hosts/modules/libvirtd.nix @@ -1,7 +1,10 @@ { ... }: { - virtualisation.libvirtd.enable = true; + virtualisation = { + libvirtd.enable = true; + spiceUSBRedirection.enable = true; + }; programs.virt-manager.enable = true; From 97b0b01a48f0de1197bd9cdd88800dd12c0aeb65 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 16 Dec 2025 08:09:57 -0300 Subject: [PATCH 124/206] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nix-ai-tools': 'github:numtide/nix-ai-tools/053759f30ef14cbd87c0a1a1d3e7c729ca0db83f?narHash=sha256-VPcX5z0A58pcbRb3I42fBig3zTPm9a71iwrfgkte2J4%3D' (2025-12-14) → 'github:numtide/llm-agents.nix/9ee377d02d7e50e2903d9c7fa53138aebd9ae944?narHash=sha256-yrECdmBoMhUAA8FqUJ1LbtDjuwn%2B38OkFgRrwbEq/DU%3D' (2025-12-16) • Updated input 'nix-ai-tools/nixpkgs': 'github:NixOS/nixpkgs/23735a82a828372c4ef92c660864e82fbe2f5fbe?narHash=sha256-yqHBL2wYGwjGL2GUF2w3tofWl8qO9tZEuI4wSqbCrtE%3D' (2025-12-13) → 'github:NixOS/nixpkgs/09b8fda8959d761445f12b55f380d90375a1d6bb?narHash=sha256-aq%2BdQoaPONOSjtFIBnAXseDm9TUhIbe215TPmkfMYww%3D' (2025-12-15) --- flake.lock | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index 6920bc0..fe378cf 100644 --- a/flake.lock +++ b/flake.lock @@ -513,16 +513,16 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1765719830, - "narHash": "sha256-VPcX5z0A58pcbRb3I42fBig3zTPm9a71iwrfgkte2J4=", + "lastModified": 1765854155, + "narHash": "sha256-yrECdmBoMhUAA8FqUJ1LbtDjuwn+38OkFgRrwbEq/DU=", "owner": "numtide", - "repo": "nix-ai-tools", - "rev": "053759f30ef14cbd87c0a1a1d3e7c729ca0db83f", + "repo": "llm-agents.nix", + "rev": "9ee377d02d7e50e2903d9c7fa53138aebd9ae944", "type": "github" }, "original": { "owner": "numtide", - "repo": "nix-ai-tools", + "repo": "llm-agents.nix", "type": "github" } }, @@ -764,11 +764,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1765644376, - "narHash": "sha256-yqHBL2wYGwjGL2GUF2w3tofWl8qO9tZEuI4wSqbCrtE=", + "lastModified": 1765772535, + "narHash": "sha256-aq+dQoaPONOSjtFIBnAXseDm9TUhIbe215TPmkfMYww=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "23735a82a828372c4ef92c660864e82fbe2f5fbe", + "rev": "09b8fda8959d761445f12b55f380d90375a1d6bb", "type": "github" }, "original": { From 7a0fa96129fa886b0191ba623faf589ae890f6b5 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 16 Dec 2025 10:18:38 -0300 Subject: [PATCH 125/206] claude-desktop package --- flake.nix | 2 +- hosts/modules/ai.nix | 13 ++- overlays.nix | 1 + packages.nix | 11 +- packages/claude-desktop.nix | 221 ++++++++++++++++++++++++++++++++++++ 5 files changed, 239 insertions(+), 9 deletions(-) create mode 100644 packages/claude-desktop.nix diff --git a/flake.nix b/flake.nix index d65e9d8..20210f2 100644 --- a/flake.nix +++ b/flake.nix @@ -50,7 +50,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nix-ai-tools.url = "github:numtide/nix-ai-tools"; + nix-ai-tools.url = "github:numtide/llm-agents.nix"; vicinae.url = "github:vicinaehq/vicinae"; }; diff --git a/hosts/modules/ai.nix b/hosts/modules/ai.nix index e2dd9d2..b80ac38 100644 --- a/hosts/modules/ai.nix +++ b/hosts/modules/ai.nix @@ -1,10 +1,11 @@ { inputs, pkgs, ... }: { - environment.systemPackages = with inputs.nix-ai-tools.packages.${pkgs.system}; [ - claude-desktop - claude-code - claudebox - opencode - ]; + environment.systemPackages = + (with pkgs; [claude-desktop]) ++ + (with inputs.nix-ai-tools.packages.${pkgs.system}; [ + claude-code + claudebox + opencode + ]); } diff --git a/overlays.nix b/overlays.nix index eab4edf..b8f807f 100644 --- a/overlays.nix +++ b/overlays.nix @@ -4,6 +4,7 @@ flake.overlays = { default = final: prev: { base16-schemes = inputs.self.packages.${final.system}.base16-schemes; + claude-desktop = inputs.self.packages.${final.system}.claude-desktop; fastfetch = inputs.self.packages.${final.system}.fastfetch; hm-cli = inputs.self.packages.${final.system}.hm-cli; kwrite = inputs.self.packages.${final.system}.kwrite; diff --git a/packages.nix b/packages.nix index 46979f8..bf0319e 100644 --- a/packages.nix +++ b/packages.nix @@ -1,11 +1,18 @@ -{ ... }: +{ inputs, ... }: { perSystem = - { pkgs, system, ... }: + { system, ... }: + let + pkgs = import inputs.nixpkgs { + inherit system; + config.allowUnfree = true; + }; + in { packages = { base16-schemes = pkgs.callPackage ./packages/base16-schemes.nix { }; + claude-desktop = pkgs.callPackage ./packages/claude-desktop.nix { }; fastfetch = pkgs.callPackage ./packages/fastfetch.nix { }; hm-cli = pkgs.callPackage ./packages/hm-cli.nix { }; kwrite = pkgs.callPackage ./packages/kwrite.nix { }; diff --git a/packages/claude-desktop.nix b/packages/claude-desktop.nix new file mode 100644 index 0000000..e72fc37 --- /dev/null +++ b/packages/claude-desktop.nix @@ -0,0 +1,221 @@ +{ + lib, + stdenv, + fetchurl, + makeWrapper, + makeDesktopItem, + copyDesktopItems, + p7zip, + unzip, + electron, + nodejs, + asar, + graphicsmagick, +}: + +let + pname = "claude-desktop"; + version = "1.0.1768"; # Updated based on extracted nupkg + + srcs.x86_64-linux = fetchurl { + url = "https://downloads.claude.ai/releases/win32/x64/1.0.1768/Claude-67d01376d0e9d08b328455f6db9e63b0d603506a.exe"; + hash = "sha256-x76Qav38ya3ObpWIq3dDowo79LgvVquMfaZeH8M1LUk=;"; + }; + + src = + srcs.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); + + # Stub implementation for claude-native module + claudeNativeStub = '' + // Stub implementation of claude-native using KeyboardKey enum values + const KeyboardKey = { + Backspace: 43, Tab: 280, Enter: 261, Shift: 272, Control: 61, Alt: 40, + CapsLock: 56, Escape: 85, Space: 276, PageUp: 251, PageDown: 250, + End: 83, Home: 154, LeftArrow: 175, UpArrow: 282, RightArrow: 262, + DownArrow: 81, Delete: 79, Meta: 187 + }; + Object.freeze(KeyboardKey); + module.exports = { + getWindowsVersion: () => "10.0.0", + setWindowEffect: () => {}, + removeWindowEffect: () => {}, + getIsMaximized: () => false, + flashFrame: () => {}, + clearFlashFrame: () => {}, + showNotification: () => {}, + setProgressBar: () => {}, + clearProgressBar: () => {}, + setOverlayIcon: () => {}, + clearOverlayIcon: () => {}, + KeyboardKey + }; + ''; + +in +stdenv.mkDerivation rec { + inherit pname version src; + + nativeBuildInputs = [ + makeWrapper + copyDesktopItems + p7zip + unzip + nodejs + graphicsmagick + ]; + + buildInputs = [ + electron + ]; + + desktopItems = [ + (makeDesktopItem { + name = "claude-desktop"; + desktopName = "Claude"; + comment = "AI assistant from Anthropic"; + exec = "claude-desktop %u"; + icon = "claude-desktop"; + categories = [ + "Network" + "Chat" + "Office" + ]; + mimeTypes = [ "x-scheme-handler/claude" ]; + startupNotify = true; + startupWMClass = "Claude"; + }) + ]; + + unpackPhase = '' + runHook preUnpack + + # Extract the Windows installer - use -y to auto-overwrite + 7z x -y $src -o./extracted + + # The installer contains a NuGet package + if [ -f ./extracted/AnthropicClaude-*-full.nupkg ]; then + echo "Found NuGet package, extracting..." + # NuGet packages are just zip files + unzip -q ./extracted/AnthropicClaude-*-full.nupkg -d ./nupkg + + # Extract app.asar to modify it + if [ -f ./nupkg/lib/net45/resources/app.asar ]; then + echo "Extracting app.asar..." + ${asar}/bin/asar extract ./nupkg/lib/net45/resources/app.asar ./app + + # Also copy the unpacked resources + if [ -d ./nupkg/lib/net45/resources/app.asar.unpacked ]; then + cp -r ./nupkg/lib/net45/resources/app.asar.unpacked/* ./app/ + fi + + # Copy additional resources + mkdir -p ./app/resources + mkdir -p ./app/resources/i18n + cp ./nupkg/lib/net45/resources/Tray* ./app/resources/ || true + cp ./nupkg/lib/net45/resources/*-*.json ./app/resources/i18n/ || true + fi + else + echo "NuGet package not found" + ls -la ./extracted/ + exit 1 + fi + + runHook postUnpack + ''; + + buildPhase = '' + runHook preBuild + + # Replace the Windows-specific claude-native module with a stub + if [ -d ./app/node_modules/claude-native ]; then + echo "Replacing claude-native module with Linux stub..." + rm -rf ./app/node_modules/claude-native/*.node + cat > ./app/node_modules/claude-native/index.js << 'EOF' + ${claudeNativeStub} + EOF + fi + + # Fix the title bar detection (from aaddrick script) + echo "Fixing title bar detection..." + SEARCH_BASE="./app/.vite/renderer/main_window/assets" + if [ -d "$SEARCH_BASE" ]; then + TARGET_FILE=$(find "$SEARCH_BASE" -type f -name "MainWindowPage-*.js" | head -1) + if [ -n "$TARGET_FILE" ]; then + echo "Found target file: $TARGET_FILE" + # Replace patterns like 'if(!VAR1 && VAR2)' with 'if(VAR1 && VAR2)' + sed -i -E 's/if\(!([a-zA-Z]+)[[:space:]]*&&[[:space:]]*([a-zA-Z]+)\)/if(\1 \&\& \2)/g' "$TARGET_FILE" + echo "Title bar fix applied" + fi + fi + + runHook postBuild + ''; + + installPhase = '' + runHook preInstall + + mkdir -p $out/lib/claude-desktop + + # Repack the modified app as app.asar + cd ./app + ${asar}/bin/asar pack . ../app.asar + cd .. + + # Copy resources + mkdir -p $out/lib/claude-desktop/resources + cp ./app.asar $out/lib/claude-desktop/resources/ + + # Create app.asar.unpacked directory with the stub + mkdir -p $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native + cat > $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native/index.js << 'EOF' + ${claudeNativeStub} + EOF + + # Copy other resources + if [ -d ./nupkg/lib/net45/resources ]; then + cp ./nupkg/lib/net45/resources/*.png $out/lib/claude-desktop/resources/ 2>/dev/null || true + cp ./nupkg/lib/net45/resources/*.ico $out/lib/claude-desktop/resources/ 2>/dev/null || true + cp ./nupkg/lib/net45/resources/*.json $out/lib/claude-desktop/resources/ 2>/dev/null || true + fi + + # Create wrapper script + makeWrapper ${electron}/bin/electron $out/bin/claude-desktop \ + --add-flags "$out/lib/claude-desktop/resources/app.asar" \ + --set DISABLE_AUTOUPDATER 1 \ + --set NODE_ENV production + + # Extract and install icons in multiple sizes + if [ -f ./extracted/setupIcon.ico ]; then + echo "Converting and installing icons..." + # Count frames in the ICO file and extract each one + frame_count=$(gm identify ./extracted/setupIcon.ico | wc -l) + for i in $(seq 0 $((frame_count - 1))); do + gm convert "./extracted/setupIcon.ico[$i]" "./extracted/setupIcon-$i.png" 2>/dev/null || true + done + + # Loop through converted icons and install them by size + for img in ./extracted/setupIcon-*.png; do + if [ -f "$img" ]; then + size=$(gm identify -format "%wx%h" "$img") + # Skip smallest icons (16x16 and 32x32) as they're too low quality + if [ "$size" != "16x16" ] && [ "$size" != "32x32" ]; then + mkdir -p "$out/share/icons/hicolor/$size/apps" + cp "$img" "$out/share/icons/hicolor/$size/apps/claude-desktop.png" + fi + fi + done + fi + + runHook postInstall + ''; + + meta = with lib; { + description = "Claude Desktop - AI assistant from Anthropic"; + homepage = "https://claude.ai"; + license = licenses.unfree; + sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; + maintainers = with maintainers; [ ]; + platforms = [ "x86_64-linux" ]; + mainProgram = "claude-desktop"; + }; +} From 1e0013b58e763926209a56bbe3948a4a3f690f6f Mon Sep 17 00:00:00 2001 From: William Date: Thu, 8 Jan 2026 14:03:23 -0300 Subject: [PATCH 126/206] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'deploy-rs': 'github:serokell/deploy-rs/9c870f63e28ec1e83305f7f6cb73c941e699f74f?narHash=sha256-9I2H9x5We6Pl%2BDBYHjR1s3UT8wgwcpAH03kn9CqtdQc%3D' (2025-11-04) → 'github:serokell/deploy-rs/d5eff7f948535b9c723d60cd8239f8f11ddc90fa?narHash=sha256-znKOwPXQnt3o7lDb3hdf19oDo0BLP4MfBOYiWkEHoik%3D' (2025-12-18) • Updated input 'disko': 'github:nix-community/disko/be1a6b8a05afdd5d5fa69fcaf3c4ead7014c9fd8?narHash=sha256-MjrytR2kiHYUnzX11cXaD31tS7kKdhM1KFaac0%2BKAig%3D' (2025-12-14) → 'github:nix-community/disko/916506443ecd0d0b4a0f4cf9d40a3c22ce39b378?narHash=sha256-P0kM%2B5o%2BDKnB6raXgFEk3azw8Wqg5FL6wyl9jD%2BG5a4%3D' (2025-12-19) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/5635c32d666a59ec9a55cab87e898889869f7b71?narHash=sha256-MhA7wmo/7uogLxiewwRRmIax70g6q1U/YemqTGoFHlM%3D' (2025-12-11) → 'github:hercules-ci/flake-parts/250481aafeb741edfe23d29195671c19b36b6dca?narHash=sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY%3D' (2026-01-05) • Updated input 'flake-parts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/719359f4562934ae99f5443f20aa06c2ffff91fc?narHash=sha256-b0yj6kfvO8ApcSE%2BQmA6mUfu8IYG6/uU28OFn4PaC8M%3D' (2025-10-29) → 'github:nix-community/nixpkgs.lib/2075416fcb47225d9b68ac469a5c4801a9c4dd85?narHash=sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo%3D' (2025-12-14) • Updated input 'home-manager': 'github:nix-community/home-manager/58bf3ecb2d0bba7bdf363fc8a6c4d49b4d509d03?narHash=sha256-yeCxFV/905Wr91yKt5zrVvK6O2CVXWRMSrxqlAZnLp0%3D' (2025-12-14) → 'github:nix-community/home-manager/92394f9deafa80b9de95d7e0f10de78d39ff0564?narHash=sha256-clGZcCXX4VLLdzFDu2YRflI%2BoKWbv41x0w0G06h88L0%3D' (2026-01-08) • Updated input 'impermanence': 'github:nix-community/impermanence/4b3e914cdf97a5b536a889e939fb2fd2b043a170?narHash=sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI%3D' (2025-01-25) → 'github:nix-community/impermanence/82e5bc4508cab9e8d5a136626276eb5bbce5e9c5?narHash=sha256-iyrn9AcPZCoyxX4OT8eMkBsjG7SRUQXXS/V1JzxS7rA%3D' (2026-01-07) • Added input 'impermanence/home-manager': 'github:nix-community/home-manager/7419250703fd5eb50e99bdfb07a86671939103ea?narHash=sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ%3D' (2025-05-23) • Added input 'impermanence/home-manager/nixpkgs': follows 'impermanence/nixpkgs' • Added input 'impermanence/nixpkgs': 'github:nixos/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D' (2025-05-23) • Updated input 'niri-flake': 'github:sodiboo/niri-flake/ded1462ebc03ed723f0f9f5514e72469da687817?narHash=sha256-P9kQIIPSCqmKyHD/9wFZ4ezlqofnAzYBmolSF1f5xog%3D' (2025-12-14) → 'github:sodiboo/niri-flake/a789aa1512a9157d5d3392b27e60621fd0d83438?narHash=sha256-HLr9k8g1Geq40PLsNw7I5N8TZkBYtQVjkgDPV/Kehxk%3D' (2026-01-08) • Updated input 'niri-flake/niri-unstable': 'github:YaLTeR/niri/7c0898570ca5bd3f10fbf4cf2f8a00edc48d787b?narHash=sha256-Erk%2BypR8N%2BrCvjMdUB1N/v4jtm4QRH9k7r/9zh2HyC8%3D' (2025-12-14) → 'github:YaLTeR/niri/10df9f4717cbd4efd20ae796eb6b0aa400127bdc?narHash=sha256-qS4tdG2iUQwSld9dTH1gk8GcIOrRi9umMgPv8MGDIA0%3D' (2026-01-07) • Updated input 'niri-flake/nixpkgs': 'github:NixOS/nixpkgs/2fbfb1d73d239d2402a8fe03963e37aab15abe8b?narHash=sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0%3D' (2025-12-11) → 'github:NixOS/nixpkgs/5912c1772a44e31bf1c63c0390b90501e5026886?narHash=sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4%3D' (2026-01-07) • Updated input 'niri-flake/nixpkgs-stable': 'github:NixOS/nixpkgs/28bb483c11a1214a73f9fd2d9928a6e2ea86ec71?narHash=sha256-9Wx53UK0z8Di5iesJID0tS1dRKwGxI4i7tsSanOHhF0%3D' (2025-12-13) → 'github:NixOS/nixpkgs/d351d0653aeb7877273920cd3e823994e7579b0b?narHash=sha256-r4GVX%2BFToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE%3D' (2026-01-07) • Updated input 'niri-flake/xwayland-satellite-unstable': 'github:Supreeeme/xwayland-satellite/f0ad674b7009a6afd80cea59d4fbf975dd68ee95?narHash=sha256-HtTPbV6z6AJPg2d0bHaJKFrnNha%2BSEbHvbJafKAQ614%3D' (2025-12-10) → 'github:Supreeeme/xwayland-satellite/74cf1a95a35fd7aec76432bc2cd9b310e0d908c5?narHash=sha256-0PgS7M1SV6JCN3MugFZPaP8J%2BMr2o7lSDFTPVYZSIAY%3D' (2026-01-07) • Updated input 'nix-ai-tools': 'github:numtide/llm-agents.nix/9ee377d02d7e50e2903d9c7fa53138aebd9ae944?narHash=sha256-yrECdmBoMhUAA8FqUJ1LbtDjuwn%2B38OkFgRrwbEq/DU%3D' (2025-12-16) → 'github:numtide/llm-agents.nix/1e0eaa265ba27a04f89b3265583bdf7da54a3972?narHash=sha256-Wo1jRV29yb3NwWf1hG80rmhrTC5x3F%2Bbvj5u/fvxMW4%3D' (2026-01-08) • Updated input 'nix-ai-tools/blueprint': 'github:numtide/blueprint/5a9bba070f801d63e2af3c9ef00b86b212429f4f?narHash=sha256-O9Y%2BWer8wOh%2BN%2B4kcCK5p/VLrXyX%2Bktk0/s3HdZvJzk%3D' (2025-11-16) → 'github:numtide/blueprint/0ed984d51a3031065925ab08812a5434f40b93d4?narHash=sha256-BJDu7dIMauO2nYRSL4aI8wDNtEm2KOb7lDKP3hxdrpo%3D' (2026-01-02) • Updated input 'nix-ai-tools/nixpkgs': 'github:NixOS/nixpkgs/09b8fda8959d761445f12b55f380d90375a1d6bb?narHash=sha256-aq%2BdQoaPONOSjtFIBnAXseDm9TUhIbe215TPmkfMYww%3D' (2025-12-15) → 'github:NixOS/nixpkgs/16c7794d0a28b5a37904d55bcca36003b9109aaa?narHash=sha256-fFUnEYMla8b7UKjijLnMe%2BoVFOz6HjijGGNS1l7dYaQ%3D' (2026-01-02) • Updated input 'nix-ai-tools/treefmt-nix': 'github:numtide/treefmt-nix/5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4?narHash=sha256-AlEObg0syDl%2BSpi4LsZIBrjw%2BsnSVU4T8MOeuZJUJjM%3D' (2025-11-12) → 'github:numtide/treefmt-nix/778a1d691f1ef45dd68c661715c5bf8cbf131c80?narHash=sha256-QfX6g3Wj2vQe7oBJEbTf0npvC6sJoDbF9hb2%2BgM5tf8%3D' (2026-01-07) • Updated input 'nixos-cli': 'github:nix-community/nixos-cli/a2019789319c1678be8dc68ecf34c83f948e7475?narHash=sha256-ToKVLDYAzKyStJgCA7W%2BRZObvwABK9fQ8i1wLUUOdLM%3D' (2025-12-11) → 'github:nix-community/nixos-cli/b68f36728504f1017591a9e296237a867e52156d?narHash=sha256-V/4vkr/tTJ50dh57GEKZbEikex%2BGqOVVF2SVYwLcSmQ%3D' (2026-01-02) • Updated input 'nixos-cli/flake-compat': 'github:edolstra/flake-compat/f387cd2afec9419c8ee37694406ca490c3f34ee5?narHash=sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4%3D' (2025-10-27) → 'github:edolstra/flake-compat/5edf11c44bc78a0d334f6334cdaf7d60d732daab?narHash=sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns%3D' (2025-12-29) • Updated input 'nixos-cli/flake-parts': 'github:hercules-ci/flake-parts/2cccadc7357c0ba201788ae99c4dfa90728ef5e0?narHash=sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q%3D' (2025-11-21) → 'github:hercules-ci/flake-parts/a34fae9c08a15ad73f295041fec82323541400a9?narHash=sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw%3D' (2025-12-15) • Updated input 'nixos-cli/flake-parts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/719359f4562934ae99f5443f20aa06c2ffff91fc?narHash=sha256-b0yj6kfvO8ApcSE%2BQmA6mUfu8IYG6/uU28OFn4PaC8M%3D' (2025-10-29) → 'github:nix-community/nixpkgs.lib/2075416fcb47225d9b68ac469a5c4801a9c4dd85?narHash=sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo%3D' (2025-12-14) • Removed input 'nixos-cli/nix-options-doc' • Removed input 'nixos-cli/nix-options-doc/flake-utils' • Removed input 'nixos-cli/nix-options-doc/flake-utils/systems' • Removed input 'nixos-cli/nix-options-doc/nixpkgs' • Removed input 'nixos-cli/nix-options-doc/rust-overlay' • Removed input 'nixos-cli/nix-options-doc/rust-overlay/nixpkgs' • Updated input 'nixos-cli/nixpkgs': 'github:NixOS/nixpkgs/23258e03aaa49b3a68597e3e50eb0cbce7e42e9d?narHash=sha256-nA5ywiGKl76atrbdZ5Aucd8SjF/v8ew9b9QsC%2BMKL14%3D' (2025-11-30) → 'github:NixOS/nixpkgs/f665af0cdb70ed27e1bd8f9fdfecaf451260fc55?narHash=sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8%3D' (2025-12-31) • Added input 'nixos-cli/optnix': 'github:water-sucks/optnix/01facc3de860bf479723bf19535586564e59fe73?narHash=sha256-33VCCXiEnEL9N2wVxo9FHLwL8KWH6qk%2BMNRcSThOPWs%3D' (2025-12-11) • Added input 'nixos-cli/optnix/flake-compat': 'github:edolstra/flake-compat/9100a0f413b0c601e0533d1d94ffd501ce2e7885?narHash=sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX%2BfjA8Xf8PUmqCY%3D' (2025-05-12) • Added input 'nixos-cli/optnix/nixpkgs': 'github:NixOS/nixpkgs/647e5c14cbd5067f44ac86b74f014962df460840?narHash=sha256-JVZl8NaVRYb0%2B381nl7LvPE%2BA774/dRpif01FKLrYFQ%3D' (2025-09-28) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/2fbfb1d73d239d2402a8fe03963e37aab15abe8b?narHash=sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0%3D' (2025-12-11) → 'github:nixos/nixpkgs/5912c1772a44e31bf1c63c0390b90501e5026886?narHash=sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4%3D' (2026-01-07) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/28bb483c11a1214a73f9fd2d9928a6e2ea86ec71?narHash=sha256-9Wx53UK0z8Di5iesJID0tS1dRKwGxI4i7tsSanOHhF0%3D' (2025-12-13) → 'github:nixos/nixpkgs/d351d0653aeb7877273920cd3e823994e7579b0b?narHash=sha256-r4GVX%2BFToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE%3D' (2026-01-07) • Updated input 'noctalia': 'github:noctalia-dev/noctalia-shell/04852ccdc10ab7e289a4bd6f5987972196744e9d?narHash=sha256-4CUoczVKiEEGCVl4qw3jo9YRCpX6d53hw0KMptdaFCQ%3D' (2025-12-14) → 'github:noctalia-dev/noctalia-shell/6a61bf185c1b9a508377bde924db58ff53ef2d93?narHash=sha256-/fDWzjo%2BukaTCBzxycwyR5xB10/4N%2Bi9wBfTOFNfYHQ%3D' (2026-01-08) • Updated input 'stylix': 'github:danth/stylix/dd14de4432a94e93e10d0159f1d411487e435e1e?narHash=sha256-sDG%2Bc73xEnIw1pFNRWffKDnTWiTuyZiEP%2BIub0D3mWA%3D' (2025-12-11) → 'github:danth/stylix/a525e4774f2576e0f10b8b183c2dfaf7d165c052?narHash=sha256-5/hrrHMZuwwJXqLb86MBElPKS61Efe%2BhgGkVvpbzJM4%3D' (2026-01-08) • Updated input 'stylix/base16-fish': 'github:tomyun/base16-fish/23ae20a0093dca0d7b39d76ba2401af0ccf9c561?narHash=sha256-l9xHIy%2B85FN%2BbEo6yquq2IjD1rSg9fjfjpyGP1W8YXo%3D' (2025-08-05) → 'github:tomyun/base16-fish/86cbea4dca62e08fb7fd83a70e96472f92574782?narHash=sha256-XCUQLoLfBJ8saWms2HCIj4NEN%2BxNsWBlU1NrEPcQG4s%3D' (2025-12-15) • Updated input 'stylix/firefox-gnome-theme': 'github:rafaelmardojai/firefox-gnome-theme/66b7c635763d8e6eb86bd766de5a1e1fbfcc1047?narHash=sha256-OkFLrD3pFR952TrjQi1%2BVdj604KLcMnkpa7lkW7XskI%3D' (2025-12-03) → 'github:rafaelmardojai/firefox-gnome-theme/f7ffd917ac0d253dbd6a3bf3da06888f57c69f92?narHash=sha256-1XPewtGMi%2B9wN9Ispoluxunw/RwozuTRVuuQOmxzt%2BA%3D' (2025-12-04) • Updated input 'stylix/flake-parts': 'github:hercules-ci/flake-parts/2cccadc7357c0ba201788ae99c4dfa90728ef5e0?narHash=sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q%3D' (2025-11-21) → 'github:hercules-ci/flake-parts/250481aafeb741edfe23d29195671c19b36b6dca?narHash=sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY%3D' (2026-01-05) • Updated input 'stylix/gnome-shell': 'gitlab:GNOME/gnome-shell/c0e1ad9f0f703fd0519033b8f46c3267aab51a22?host=gitlab.gnome.org&narHash=sha256-bTmNn3Q4tMQ0J/P0O5BfTQwqEnCiQIzOGef9/aqAZvk%3D' (2025-11-30) → 'gitlab:GNOME/gnome-shell/ef02db02bf0ff342734d525b5767814770d85b49?host=gitlab.gnome.org&narHash=sha256-eFujfIUQDgWnSJBablOuG%2B32hCai192yRdrNHTv0a%2Bs%3D' (2026-01-06) • Updated input 'stylix/nixpkgs': 'github:NixOS/nixpkgs/2d293cbfa5a793b4c50d17c05ef9e385b90edf6c?narHash=sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4%3D' (2025-11-30) → 'github:NixOS/nixpkgs/5912c1772a44e31bf1c63c0390b90501e5026886?narHash=sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4%3D' (2026-01-07) • Updated input 'stylix/nur': 'github:nix-community/NUR/1d9616689e98beded059ad0384b9951e967a17fa?narHash=sha256-mCBl7MD1WZ7yCG6bR9MmpPO2VydpNkWFgnslJRIT1YU%3D' (2025-12-03) → 'github:nix-community/NUR/dead29c804adc928d3a69dfe7f9f12d0eec1f1a4?narHash=sha256-ZKqhk772%2Bv/bujjhla9VABwcvz%2BhB2IaRyeLT6CFnT0%3D' (2026-01-07) • Updated input 'stylix/tinted-schemes': 'github:tinted-theming/schemes/0f6be815d258e435c9b137befe5ef4ff24bea32c?narHash=sha256-Hju0WtMf3iForxtOwXqGp3Ynipo0EYx1AqMKLPp9BJw%3D' (2025-11-23) → 'github:tinted-theming/schemes/2800e2b8ac90f678d7e4acebe4fa253f602e05b2?narHash=sha256-%2BW1EB79Jl0/gm4JqmO0Nuc5C7hRdp4vfsV/VdzI%2Bdes%3D' (2026-01-06) • Updated input 'stylix/tinted-tmux': 'github:tinted-theming/tinted-tmux/edf89a780e239263cc691a987721f786ddc4f6aa?narHash=sha256-lbSVPqLEk2SqMrnpvWuKYGCaAlfWFMA6MVmcOFJjdjE%3D' (2025-11-30) → 'github:tinted-theming/tinted-tmux/3c32729ccae99be44fe8a125d20be06f8d7d8184?narHash=sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU%3D' (2026-01-04) • Updated input 'stylix/tinted-zed': 'github:tinted-theming/base16-zed/907dbba5fb8cf69ebfd90b00813418a412d0a29a?narHash=sha256-rCD/pAhkMdCx6blsFwxIyvBJbPZZ1oL2sVFrH07lmqg%3D' (2025-11-30) → 'github:tinted-theming/base16-zed/11abb0b282ad3786a2aae088d3a01c60916f2e40?narHash=sha256-wVOj0qyil8m%2BouSsVZcNjl5ZR%2B1GdOOAooAatQXHbuU%3D' (2026-01-04) • Updated input 'vicinae': 'github:vicinaehq/vicinae/32cf6b1f82e007cddba9c9ae037eff670219cd55?narHash=sha256-etv2HJA9OWvTkjnrjaNSqvebu9gWLIGPYb9PWr4qkfM%3D' (2025-12-09) → 'github:vicinaehq/vicinae/aab965dcf29529c5fab67b9c2fb5f8168f76fa1b?narHash=sha256-OPBgcM2ZzbVEUS6lwRpJo2JBfiRK8TmYVSmZImEW2gA%3D' (2026-01-07) • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/463d3f091ad2b0ba2a4982f4181d22e452b2659d?narHash=sha256-rAWVEEbfWZKTaiqBA/ogkeHvbzlkDHZjZPHbjWUnpw8%3D' (2025-12-14) → 'github:0xc000022070/zen-browser-flake/8b2302d8c10369c9135552cc892da75cff5ddb03?narHash=sha256-5ysv8EuVAgDoYmNuXEUNf7vBzdeRaFxeIlIndv5HMvs%3D' (2026-01-07) • Updated input 'zen-browser/home-manager': 'github:nix-community/home-manager/827f2a23373a774a8805f84ca5344654c31f354b?narHash=sha256-RYHN8O/Aja59XDji6WSJZPkJpYVUfpSkyH%2BPEupBJqM%3D' (2025-11-12) → 'github:nix-community/home-manager/e4e78a2cbeaddd07ab7238971b16468cc1d14daf?narHash=sha256-GKgwu5//R%2BcLdKysZjGqvUEEOGXXLdt93sNXeb2M/Lk%3D' (2025-12-30) • Updated input 'zen-browser/nixpkgs': 'github:nixos/nixpkgs/c5ae371f1a6a7fd27823bc500d9390b38c05fa55?narHash=sha256-4PqRErxfe%2B2toFJFgcRKZ0UI9NSIOJa%2B7RXVtBhy4KE%3D' (2025-11-12) → 'github:nixos/nixpkgs/c0b0e0fddf73fd517c3471e546c0df87a42d53f4?narHash=sha256-coBu0ONtFzlwwVBzmjacUQwj3G%2BlybcZ1oeNSQkgC0M%3D' (2025-12-28) --- flake.lock | 450 ++++++++++++++++++++++++++--------------------------- 1 file changed, 225 insertions(+), 225 deletions(-) diff --git a/flake.lock b/flake.lock index fe378cf..081c9fd 100644 --- a/flake.lock +++ b/flake.lock @@ -44,17 +44,17 @@ "base16-fish": { "flake": false, "locked": { - "lastModified": 1754405784, - "narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=", + "lastModified": 1765809053, + "narHash": "sha256-XCUQLoLfBJ8saWms2HCIj4NEN+xNsWBlU1NrEPcQG4s=", "owner": "tomyun", "repo": "base16-fish", - "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", + "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", "type": "github" }, "original": { "owner": "tomyun", "repo": "base16-fish", - "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", + "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", "type": "github" } }, @@ -100,11 +100,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1763308703, - "narHash": "sha256-O9Y+Wer8wOh+N+4kcCK5p/VLrXyX+ktk0/s3HdZvJzk=", + "lastModified": 1767386128, + "narHash": "sha256-BJDu7dIMauO2nYRSL4aI8wDNtEm2KOb7lDKP3hxdrpo=", "owner": "numtide", "repo": "blueprint", - "rev": "5a9bba070f801d63e2af3c9ef00b86b212429f4f", + "rev": "0ed984d51a3031065925ab08812a5434f40b93d4", "type": "github" }, "original": { @@ -142,11 +142,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1762286984, - "narHash": "sha256-9I2H9x5We6Pl+DBYHjR1s3UT8wgwcpAH03kn9CqtdQc=", + "lastModified": 1766051518, + "narHash": "sha256-znKOwPXQnt3o7lDb3hdf19oDo0BLP4MfBOYiWkEHoik=", "owner": "serokell", "repo": "deploy-rs", - "rev": "9c870f63e28ec1e83305f7f6cb73c941e699f74f", + "rev": "d5eff7f948535b9c723d60cd8239f8f11ddc90fa", "type": "github" }, "original": { @@ -160,11 +160,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1765688338, - "narHash": "sha256-MjrytR2kiHYUnzX11cXaD31tS7kKdhM1KFaac0+KAig=", + "lastModified": 1766150702, + "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", "owner": "nix-community", "repo": "disko", - "rev": "be1a6b8a05afdd5d5fa69fcaf3c4ead7014c9fd8", + "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", "type": "github" }, "original": { @@ -176,11 +176,11 @@ "firefox-gnome-theme": { "flake": false, "locked": { - "lastModified": 1764724327, - "narHash": "sha256-OkFLrD3pFR952TrjQi1+Vdj604KLcMnkpa7lkW7XskI=", + "lastModified": 1764873433, + "narHash": "sha256-1XPewtGMi+9wN9Ispoluxunw/RwozuTRVuuQOmxzt+A=", "owner": "rafaelmardojai", "repo": "firefox-gnome-theme", - "rev": "66b7c635763d8e6eb86bd766de5a1e1fbfcc1047", + "rev": "f7ffd917ac0d253dbd6a3bf3da06888f57c69f92", "type": "github" }, "original": { @@ -208,11 +208,27 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1761588595, - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", "owner": "edolstra", "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -226,11 +242,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1765495779, - "narHash": "sha256-MhA7wmo/7uogLxiewwRRmIax70g6q1U/YemqTGoFHlM=", + "lastModified": 1767609335, + "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "5635c32d666a59ec9a55cab87e898889869f7b71", + "rev": "250481aafeb741edfe23d29195671c19b36b6dca", "type": "github" }, "original": { @@ -244,11 +260,11 @@ "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1763759067, - "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", + "lastModified": 1765835352, + "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", + "rev": "a34fae9c08a15ad73f295041fec82323541400a9", "type": "github" }, "original": { @@ -265,11 +281,11 @@ ] }, "locked": { - "lastModified": 1763759067, - "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", + "lastModified": 1767609335, + "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", + "rev": "250481aafeb741edfe23d29195671c19b36b6dca", "type": "github" }, "original": { @@ -299,24 +315,6 @@ "type": "github" } }, - "flake-utils": { - "inputs": { - "systems": "systems_4" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "fromYaml": { "flake": false, "locked": { @@ -337,11 +335,11 @@ "flake": false, "locked": { "host": "gitlab.gnome.org", - "lastModified": 1764524476, - "narHash": "sha256-bTmNn3Q4tMQ0J/P0O5BfTQwqEnCiQIzOGef9/aqAZvk=", + "lastModified": 1767737596, + "narHash": "sha256-eFujfIUQDgWnSJBablOuG+32hCai192yRdrNHTv0a+s=", "owner": "GNOME", "repo": "gnome-shell", - "rev": "c0e1ad9f0f703fd0519033b8f46c3267aab51a22", + "rev": "ef02db02bf0ff342734d525b5767814770d85b49", "type": "gitlab" }, "original": { @@ -380,11 +378,11 @@ ] }, "locked": { - "lastModified": 1765682243, - "narHash": "sha256-yeCxFV/905Wr91yKt5zrVvK6O2CVXWRMSrxqlAZnLp0=", + "lastModified": 1767890644, + "narHash": "sha256-clGZcCXX4VLLdzFDu2YRflI+oKWbv41x0w0G06h88L0=", "owner": "nix-community", "repo": "home-manager", - "rev": "58bf3ecb2d0bba7bdf363fc8a6c4d49b4d509d03", + "rev": "92394f9deafa80b9de95d7e0f10de78d39ff0564", "type": "github" }, "original": { @@ -395,6 +393,27 @@ } }, "home-manager_3": { + "inputs": { + "nixpkgs": [ + "impermanence", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747978958, + "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_4": { "inputs": { "nixpkgs": [ "zen-browser", @@ -402,11 +421,11 @@ ] }, "locked": { - "lastModified": 1762964643, - "narHash": "sha256-RYHN8O/Aja59XDji6WSJZPkJpYVUfpSkyH+PEupBJqM=", + "lastModified": 1767104570, + "narHash": "sha256-GKgwu5//R+cLdKysZjGqvUEEOGXXLdt93sNXeb2M/Lk=", "owner": "nix-community", "repo": "home-manager", - "rev": "827f2a23373a774a8805f84ca5344654c31f354b", + "rev": "e4e78a2cbeaddd07ab7238971b16468cc1d14daf", "type": "github" }, "original": { @@ -416,12 +435,16 @@ } }, "impermanence": { + "inputs": { + "home-manager": "home-manager_3", + "nixpkgs": "nixpkgs_3" + }, "locked": { - "lastModified": 1737831083, - "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", + "lastModified": 1767822991, + "narHash": "sha256-iyrn9AcPZCoyxX4OT8eMkBsjG7SRUQXXS/V1JzxS7rA=", "owner": "nix-community", "repo": "impermanence", - "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", + "rev": "82e5bc4508cab9e8d5a136626276eb5bbce5e9c5", "type": "github" }, "original": { @@ -432,7 +455,7 @@ }, "niri": { "inputs": { - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "rust-overlay": "rust-overlay" }, "locked": { @@ -454,17 +477,17 @@ "inputs": { "niri-stable": "niri-stable", "niri-unstable": "niri-unstable", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nixpkgs-stable": "nixpkgs-stable", "xwayland-satellite-stable": "xwayland-satellite-stable", "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1765714461, - "narHash": "sha256-P9kQIIPSCqmKyHD/9wFZ4ezlqofnAzYBmolSF1f5xog=", + "lastModified": 1767833217, + "narHash": "sha256-HLr9k8g1Geq40PLsNw7I5N8TZkBYtQVjkgDPV/Kehxk=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "ded1462ebc03ed723f0f9f5514e72469da687817", + "rev": "a789aa1512a9157d5d3392b27e60621fd0d83438", "type": "github" }, "original": { @@ -493,11 +516,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1765687800, - "narHash": "sha256-Erk+ypR8N+rCvjMdUB1N/v4jtm4QRH9k7r/9zh2HyC8=", + "lastModified": 1767792726, + "narHash": "sha256-qS4tdG2iUQwSld9dTH1gk8GcIOrRi9umMgPv8MGDIA0=", "owner": "YaLTeR", "repo": "niri", - "rev": "7c0898570ca5bd3f10fbf4cf2f8a00edc48d787b", + "rev": "10df9f4717cbd4efd20ae796eb6b0aa400127bdc", "type": "github" }, "original": { @@ -509,15 +532,15 @@ "nix-ai-tools": { "inputs": { "blueprint": "blueprint", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1765854155, - "narHash": "sha256-yrECdmBoMhUAA8FqUJ1LbtDjuwn+38OkFgRrwbEq/DU=", + "lastModified": 1767882842, + "narHash": "sha256-Wo1jRV29yb3NwWf1hG80rmhrTC5x3F+bvj5u/fvxMW4=", "owner": "numtide", "repo": "llm-agents.nix", - "rev": "9ee377d02d7e50e2903d9c7fa53138aebd9ae944", + "rev": "1e0eaa265ba27a04f89b3265583bdf7da54a3972", "type": "github" }, "original": { @@ -562,40 +585,19 @@ "type": "github" } }, - "nix-options-doc": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_6", - "rust-overlay": "rust-overlay_2" - }, - "locked": { - "lastModified": 1742115705, - "narHash": "sha256-RfXwJPWBoWswIU68+y/XZfTWtFHd/fK14bKvOlRmfPo=", - "owner": "Thunderbottom", - "repo": "nix-options-doc", - "rev": "2caa4b5756a8666d65d70122f413e295f56886e7", - "type": "github" - }, - "original": { - "owner": "Thunderbottom", - "ref": "v0.2.0", - "repo": "nix-options-doc", - "type": "github" - } - }, "nixos-cli": { "inputs": { "flake-compat": "flake-compat_2", "flake-parts": "flake-parts_2", - "nix-options-doc": "nix-options-doc", - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_7", + "optnix": "optnix" }, "locked": { - "lastModified": 1765423663, - "narHash": "sha256-ToKVLDYAzKyStJgCA7W+RZObvwABK9fQ8i1wLUUOdLM=", + "lastModified": 1767322536, + "narHash": "sha256-V/4vkr/tTJ50dh57GEKZbEikex+GqOVVF2SVYwLcSmQ=", "owner": "nix-community", "repo": "nixos-cli", - "rev": "a2019789319c1678be8dc68ecf34c83f948e7475", + "rev": "b68f36728504f1017591a9e296237a867e52156d", "type": "github" }, "original": { @@ -622,11 +624,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1761765539, - "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", + "lastModified": 1765674936, + "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", + "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", "type": "github" }, "original": { @@ -637,11 +639,11 @@ }, "nixpkgs-lib_2": { "locked": { - "lastModified": 1761765539, - "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", + "lastModified": 1765674936, + "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", + "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", "type": "github" }, "original": { @@ -652,11 +654,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1765608474, - "narHash": "sha256-9Wx53UK0z8Di5iesJID0tS1dRKwGxI4i7tsSanOHhF0=", + "lastModified": 1767799921, + "narHash": "sha256-r4GVX+FToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "28bb483c11a1214a73f9fd2d9928a6e2ea86ec71", + "rev": "d351d0653aeb7877273920cd3e823994e7579b0b", "type": "github" }, "original": { @@ -668,11 +670,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1765608474, - "narHash": "sha256-9Wx53UK0z8Di5iesJID0tS1dRKwGxI4i7tsSanOHhF0=", + "lastModified": 1767799921, + "narHash": "sha256-r4GVX+FToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "28bb483c11a1214a73f9fd2d9928a6e2ea86ec71", + "rev": "d351d0653aeb7877273920cd3e823994e7579b0b", "type": "github" }, "original": { @@ -683,6 +685,22 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1767767207, + "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1762111121, "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", @@ -698,13 +716,13 @@ "type": "github" } }, - "nixpkgs_11": { + "nixpkgs_12": { "locked": { - "lastModified": 1762977756, - "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=", + "lastModified": 1766902085, + "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55", + "rev": "c0b0e0fddf73fd517c3471e546c0df87a42d53f4", "type": "github" }, "original": { @@ -731,6 +749,22 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1748026106, + "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1757967192, "narHash": "sha256-/aA9A/OBmnuOMgwfzdsXRusqzUpd8rQnQY8jtrHK+To=", @@ -746,13 +780,13 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { - "lastModified": 1765472234, - "narHash": "sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0=", + "lastModified": 1767767207, + "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fbfb1d73d239d2402a8fe03963e37aab15abe8b", + "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", "type": "github" }, "original": { @@ -762,13 +796,13 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { - "lastModified": 1765772535, - "narHash": "sha256-aq+dQoaPONOSjtFIBnAXseDm9TUhIbe215TPmkfMYww=", + "lastModified": 1767364772, + "narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "09b8fda8959d761445f12b55f380d90375a1d6bb", + "rev": "16c7794d0a28b5a37904d55bcca36003b9109aaa", "type": "github" }, "original": { @@ -778,29 +812,13 @@ "type": "github" } }, - "nixpkgs_6": { - "locked": { - "lastModified": 1740695751, - "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "6313551cd05425cd5b3e63fe47dbc324eabb15e4", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_7": { "locked": { - "lastModified": 1764527385, - "narHash": "sha256-nA5ywiGKl76atrbdZ5Aucd8SjF/v8ew9b9QsC+MKL14=", + "lastModified": 1767151656, + "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "23258e03aaa49b3a68597e3e50eb0cbce7e42e9d", + "rev": "f665af0cdb70ed27e1bd8f9fdfecaf451260fc55", "type": "github" }, "original": { @@ -812,31 +830,31 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1765472234, - "narHash": "sha256-9VvC20PJPsleGMewwcWYKGzDIyjckEz8uWmT0vCDYK0=", - "owner": "nixos", + "lastModified": 1759070547, + "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fbfb1d73d239d2402a8fe03963e37aab15abe8b", + "rev": "647e5c14cbd5067f44ac86b74f014962df460840", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable", + "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_9": { "locked": { - "lastModified": 1764517877, - "narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=", - "owner": "NixOS", + "lastModified": 1767767207, + "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "2d293cbfa5a793b4c50d17c05ef9e385b90edf6c", + "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "nixos", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -849,11 +867,11 @@ ] }, "locked": { - "lastModified": 1765720248, - "narHash": "sha256-4CUoczVKiEEGCVl4qw3jo9YRCpX6d53hw0KMptdaFCQ=", + "lastModified": 1767890738, + "narHash": "sha256-/fDWzjo+ukaTCBzxycwyR5xB10/4N+i9wBfTOFNfYHQ=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "04852ccdc10ab7e289a4bd6f5987972196744e9d", + "rev": "6a61bf185c1b9a508377bde924db58ff53ef2d93", "type": "github" }, "original": { @@ -874,11 +892,11 @@ ] }, "locked": { - "lastModified": 1764773531, - "narHash": "sha256-mCBl7MD1WZ7yCG6bR9MmpPO2VydpNkWFgnslJRIT1YU=", + "lastModified": 1767810917, + "narHash": "sha256-ZKqhk772+v/bujjhla9VABwcvz+hB2IaRyeLT6CFnT0=", "owner": "nix-community", "repo": "NUR", - "rev": "1d9616689e98beded059ad0384b9951e967a17fa", + "rev": "dead29c804adc928d3a69dfe7f9f12d0eec1f1a4", "type": "github" }, "original": { @@ -887,6 +905,25 @@ "type": "github" } }, + "optnix": { + "inputs": { + "flake-compat": "flake-compat_3", + "nixpkgs": "nixpkgs_8" + }, + "locked": { + "lastModified": 1765418479, + "narHash": "sha256-33VCCXiEnEL9N2wVxo9FHLwL8KWH6qk+MNRcSThOPWs=", + "owner": "water-sucks", + "repo": "optnix", + "rev": "01facc3de860bf479723bf19535586564e59fe73", + "type": "github" + }, + "original": { + "owner": "water-sucks", + "repo": "optnix", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -901,7 +938,7 @@ "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_9", "nixpkgs-stable": "nixpkgs-stable_2", "noctalia": "noctalia", "stylix": "stylix", @@ -931,28 +968,6 @@ "type": "github" } }, - "rust-overlay_2": { - "inputs": { - "nixpkgs": [ - "nixos-cli", - "nix-options-doc", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1740796337, - "narHash": "sha256-FuoXrXZPoJEZQ3PF7t85tEpfBVID9JQIOnVKMNfTAb0=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "bbac9527bc6b28b6330b13043d0e76eac11720dc", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, "stylix": { "inputs": { "base16": "base16", @@ -962,9 +977,9 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_3", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_10", "nur": "nur", - "systems": "systems_5", + "systems": "systems_4", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -972,11 +987,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1765474444, - "narHash": "sha256-sDG+c73xEnIw1pFNRWffKDnTWiTuyZiEP+Iub0D3mWA=", + "lastModified": 1767886384, + "narHash": "sha256-5/hrrHMZuwwJXqLb86MBElPKS61Efe+hgGkVvpbzJM4=", "owner": "danth", "repo": "stylix", - "rev": "dd14de4432a94e93e10d0159f1d411487e435e1e", + "rev": "a525e4774f2576e0f10b8b183c2dfaf7d165c052", "type": "github" }, "original": { @@ -1075,28 +1090,13 @@ "type": "github" } }, - "systems_7": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "terranix": { "inputs": { "flake-parts": "flake-parts_4", "nixpkgs": [ "nixpkgs" ], - "systems": "systems_6" + "systems": "systems_5" }, "locked": { "lastModified": 1762472226, @@ -1148,11 +1148,11 @@ "tinted-schemes": { "flake": false, "locked": { - "lastModified": 1763914658, - "narHash": "sha256-Hju0WtMf3iForxtOwXqGp3Ynipo0EYx1AqMKLPp9BJw=", + "lastModified": 1767710407, + "narHash": "sha256-+W1EB79Jl0/gm4JqmO0Nuc5C7hRdp4vfsV/VdzI+des=", "owner": "tinted-theming", "repo": "schemes", - "rev": "0f6be815d258e435c9b137befe5ef4ff24bea32c", + "rev": "2800e2b8ac90f678d7e4acebe4fa253f602e05b2", "type": "github" }, "original": { @@ -1164,11 +1164,11 @@ "tinted-tmux": { "flake": false, "locked": { - "lastModified": 1764465359, - "narHash": "sha256-lbSVPqLEk2SqMrnpvWuKYGCaAlfWFMA6MVmcOFJjdjE=", + "lastModified": 1767489635, + "narHash": "sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU=", "owner": "tinted-theming", "repo": "tinted-tmux", - "rev": "edf89a780e239263cc691a987721f786ddc4f6aa", + "rev": "3c32729ccae99be44fe8a125d20be06f8d7d8184", "type": "github" }, "original": { @@ -1180,11 +1180,11 @@ "tinted-zed": { "flake": false, "locked": { - "lastModified": 1764464512, - "narHash": "sha256-rCD/pAhkMdCx6blsFwxIyvBJbPZZ1oL2sVFrH07lmqg=", + "lastModified": 1767488740, + "narHash": "sha256-wVOj0qyil8m+ouSsVZcNjl5ZR+1GdOOAooAatQXHbuU=", "owner": "tinted-theming", "repo": "base16-zed", - "rev": "907dbba5fb8cf69ebfd90b00813418a412d0a29a", + "rev": "11abb0b282ad3786a2aae088d3a01c60916f2e40", "type": "github" }, "original": { @@ -1201,11 +1201,11 @@ ] }, "locked": { - "lastModified": 1762938485, - "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=", + "lastModified": 1767801790, + "narHash": "sha256-QfX6g3Wj2vQe7oBJEbTf0npvC6sJoDbF9hb2+gM5tf8=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4", + "rev": "778a1d691f1ef45dd68c661715c5bf8cbf131c80", "type": "github" }, "original": { @@ -1234,15 +1234,15 @@ }, "vicinae": { "inputs": { - "nixpkgs": "nixpkgs_10", - "systems": "systems_7" + "nixpkgs": "nixpkgs_11", + "systems": "systems_6" }, "locked": { - "lastModified": 1765272078, - "narHash": "sha256-etv2HJA9OWvTkjnrjaNSqvebu9gWLIGPYb9PWr4qkfM=", + "lastModified": 1767815010, + "narHash": "sha256-OPBgcM2ZzbVEUS6lwRpJo2JBfiRK8TmYVSmZImEW2gA=", "owner": "vicinaehq", "repo": "vicinae", - "rev": "32cf6b1f82e007cddba9c9ae037eff670219cd55", + "rev": "aab965dcf29529c5fab67b9c2fb5f8168f76fa1b", "type": "github" }, "original": { @@ -1271,11 +1271,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1765343581, - "narHash": "sha256-HtTPbV6z6AJPg2d0bHaJKFrnNha+SEbHvbJafKAQ614=", + "lastModified": 1767830382, + "narHash": "sha256-0PgS7M1SV6JCN3MugFZPaP8J+Mr2o7lSDFTPVYZSIAY=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "f0ad674b7009a6afd80cea59d4fbf975dd68ee95", + "rev": "74cf1a95a35fd7aec76432bc2cd9b310e0d908c5", "type": "github" }, "original": { @@ -1286,15 +1286,15 @@ }, "zen-browser": { "inputs": { - "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_11" + "home-manager": "home-manager_4", + "nixpkgs": "nixpkgs_12" }, "locked": { - "lastModified": 1765715981, - "narHash": "sha256-rAWVEEbfWZKTaiqBA/ogkeHvbzlkDHZjZPHbjWUnpw8=", + "lastModified": 1767763594, + "narHash": "sha256-5ysv8EuVAgDoYmNuXEUNf7vBzdeRaFxeIlIndv5HMvs=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "463d3f091ad2b0ba2a4982f4181d22e452b2659d", + "rev": "8b2302d8c10369c9135552cc892da75cff5ddb03", "type": "github" }, "original": { From 4e05b20fa645abc480bb32fc9f178c0e928166cf Mon Sep 17 00:00:00 2001 From: William Date: Thu, 8 Jan 2026 14:44:05 -0300 Subject: [PATCH 127/206] added neededForBoot to /persistent --- hosts/modules/ephemeral.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/modules/ephemeral.nix b/hosts/modules/ephemeral.nix index cad5f41..e962a89 100644 --- a/hosts/modules/ephemeral.nix +++ b/hosts/modules/ephemeral.nix @@ -16,6 +16,8 @@ rootSubvolume = "@root"; }; + fileSystems."/persistent".neededForBoot = true; + environment.persistence.main = { persistentStoragePath = "/persistent"; files = [ From 14b58b346e06b3fdb1b0bf7fca844d4f3d10b220 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 8 Jan 2026 14:44:36 -0300 Subject: [PATCH 128/206] nixfmt-rfc-style is now nixfmt; programs.adb no longer a thing --- devShells.nix | 2 +- hosts/modules/dev.nix | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/devShells.nix b/devShells.nix index f7e9627..1c93cf3 100644 --- a/devShells.nix +++ b/devShells.nix @@ -9,7 +9,7 @@ inputs.agenix.packages.${system}.default deploy-rs nil - nixfmt-rfc-style + nixfmt ]; }; }; diff --git a/hosts/modules/dev.nix b/hosts/modules/dev.nix index c4cca78..d9c31f7 100644 --- a/hosts/modules/dev.nix +++ b/hosts/modules/dev.nix @@ -2,18 +2,17 @@ { environment.systemPackages = with pkgs; [ + android-tools bat lazygit fd fzf glow - nixfmt-rfc-style + nixfmt nix-init nix-output-monitor ripgrep ]; - programs.adb.enable = true; - users.users.user.extraGroups = [ "adbusers" ]; } From b8f9e8a19c7dac004605923d1c769783fffd3e1c Mon Sep 17 00:00:00 2001 From: William Date: Tue, 20 Jan 2026 15:42:26 -0300 Subject: [PATCH 129/206] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'disko': 'github:nix-community/disko/916506443ecd0d0b4a0f4cf9d40a3c22ce39b378?narHash=sha256-P0kM%2B5o%2BDKnB6raXgFEk3azw8Wqg5FL6wyl9jD%2BG5a4%3D' (2025-12-19) → 'github:nix-community/disko/00395d188e3594a1507f214a2f15d4ce5c07cb28?narHash=sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q%3D' (2026-01-20) • Updated input 'disko/nixpkgs': 'github:NixOS/nixpkgs/a8d610af3f1a5fb71e23e08434d8d61a466fc942?narHash=sha256-v5afmLjn/uyD9EQuPBn7nZuaZVV9r%2BJerayK/4wvdWA%3D' (2025-11-20) → 'github:NixOS/nixpkgs/3327b113f2ef698d380df83fbccefad7e83d7769?narHash=sha256-MJwOjrIISfOpdI9x4C%2B5WFQXvHtOuj5mqLZ4TMEtk1M%3D' (2026-01-17) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/250481aafeb741edfe23d29195671c19b36b6dca?narHash=sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY%3D' (2026-01-05) → 'github:hercules-ci/flake-parts/80daad04eddbbf5a4d883996a73f3f542fa437ac?narHash=sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY%3D' (2026-01-11) • Updated input 'home-manager': 'github:nix-community/home-manager/92394f9deafa80b9de95d7e0f10de78d39ff0564?narHash=sha256-clGZcCXX4VLLdzFDu2YRflI%2BoKWbv41x0w0G06h88L0%3D' (2026-01-08) → 'github:nix-community/home-manager/63a87808f5f9b6e4195a1d33f6ea25d23f4aa0df?narHash=sha256-zyMpWHqcpKVmRc1W2NEK7DAuyVJZV62Jdjqudg70b1k%3D' (2026-01-20) • Updated input 'impermanence': 'github:nix-community/impermanence/82e5bc4508cab9e8d5a136626276eb5bbce5e9c5?narHash=sha256-iyrn9AcPZCoyxX4OT8eMkBsjG7SRUQXXS/V1JzxS7rA%3D' (2026-01-07) → 'github:nix-community/impermanence/0d633a69480bb3a3e2f18c080d34a8fa81da6395?narHash=sha256-6nY0ixjGjPQCL%2B/sUC1B1MRiO1LOI3AkRSIywm3i3bE%3D' (2026-01-19) • Updated input 'impermanence/home-manager': 'github:nix-community/home-manager/7419250703fd5eb50e99bdfb07a86671939103ea?narHash=sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ%3D' (2025-05-23) → 'github:nix-community/home-manager/c47b2cc64a629f8e075de52e4742de688f930dc6?narHash=sha256-kkgA32s/f4jaa4UG%2B2f8C225Qvclxnqs76mf8zvTVPg%3D' (2026-01-16) • Updated input 'impermanence/nixpkgs': 'github:nixos/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D' (2025-05-23) → 'github:nixos/nixpkgs/e4bae1bd10c9c57b2cf517953ab70060a828ee6f?narHash=sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc%3D' (2026-01-16) • Updated input 'niri-flake': 'github:sodiboo/niri-flake/a789aa1512a9157d5d3392b27e60621fd0d83438?narHash=sha256-HLr9k8g1Geq40PLsNw7I5N8TZkBYtQVjkgDPV/Kehxk%3D' (2026-01-08) → 'github:sodiboo/niri-flake/6581f5458309233622c1b73c8902dcaea7be16eb?narHash=sha256-ct4qxmFJeJbaJKiOnXOZmRmVmk7TpT%2BlohuTgTr%2BkYQ%3D' (2026-01-20) • Updated input 'niri-flake/niri-unstable': 'github:YaLTeR/niri/10df9f4717cbd4efd20ae796eb6b0aa400127bdc?narHash=sha256-qS4tdG2iUQwSld9dTH1gk8GcIOrRi9umMgPv8MGDIA0%3D' (2026-01-07) → 'github:YaLTeR/niri/d7184a04b904e07113f4623610775ae78d32394c?narHash=sha256-Ub8eed4DsfIDWyg30xEe%2B8bSxL/z5Af/gCjmvJ0V/Hs%3D' (2026-01-17) • Updated input 'niri-flake/nixpkgs': 'github:NixOS/nixpkgs/5912c1772a44e31bf1c63c0390b90501e5026886?narHash=sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4%3D' (2026-01-07) → 'github:NixOS/nixpkgs/e4bae1bd10c9c57b2cf517953ab70060a828ee6f?narHash=sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc%3D' (2026-01-16) • Updated input 'niri-flake/nixpkgs-stable': 'github:NixOS/nixpkgs/d351d0653aeb7877273920cd3e823994e7579b0b?narHash=sha256-r4GVX%2BFToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE%3D' (2026-01-07) → 'github:NixOS/nixpkgs/77ef7a29d276c6d8303aece3444d61118ef71ac2?narHash=sha256-XsM7GP3jHlephymxhDE%2B/TKKO1Q16phz/vQiLBGhpF4%3D' (2026-01-18) • Updated input 'niri-flake/xwayland-satellite-unstable': 'github:Supreeeme/xwayland-satellite/74cf1a95a35fd7aec76432bc2cd9b310e0d908c5?narHash=sha256-0PgS7M1SV6JCN3MugFZPaP8J%2BMr2o7lSDFTPVYZSIAY%3D' (2026-01-07) → 'github:Supreeeme/xwayland-satellite/ed1cef792b4def3321ff9ab5479df09609f17a69?narHash=sha256-C1JbyJ3ftogmN3vmLNfyPtnJw2wY64TiUTIhFtk1Leg%3D' (2026-01-18) • Updated input 'nix-ai-tools': 'github:numtide/llm-agents.nix/1e0eaa265ba27a04f89b3265583bdf7da54a3972?narHash=sha256-Wo1jRV29yb3NwWf1hG80rmhrTC5x3F%2Bbvj5u/fvxMW4%3D' (2026-01-08) → 'github:numtide/llm-agents.nix/78f3fdc13ef903475aa5bfc0f85eeefaa36af837?narHash=sha256-gFoGvnW2YDWsxKD56kdiXbhh9vBPAU3yusssbXF0UMo%3D' (2026-01-20) • Updated input 'nix-ai-tools/nixpkgs': 'github:NixOS/nixpkgs/16c7794d0a28b5a37904d55bcca36003b9109aaa?narHash=sha256-fFUnEYMla8b7UKjijLnMe%2BoVFOz6HjijGGNS1l7dYaQ%3D' (2026-01-02) → 'github:NixOS/nixpkgs/bde09022887110deb780067364a0818e89258968?narHash=sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo%2Bw8KsY4%3D' (2026-01-19) • Updated input 'nix-ai-tools/treefmt-nix': 'github:numtide/treefmt-nix/778a1d691f1ef45dd68c661715c5bf8cbf131c80?narHash=sha256-QfX6g3Wj2vQe7oBJEbTf0npvC6sJoDbF9hb2%2BgM5tf8%3D' (2026-01-07) → 'github:numtide/treefmt-nix/e96d59dff5c0d7fddb9d113ba108f03c3ef99eca?narHash=sha256-67vyT1%2BxClLldnumAzCTBvU0jLZ1YBcf4vANRWP3%2BAk%3D' (2026-01-11) • Updated input 'nix-flatpak': 'github:gmodena/nix-flatpak/62f636b87ef6050760a8cb325cadb90674d1e23e?narHash=sha256-0bBqT%2B3XncgF8F03RFAamw9vdf0VmaDoIJLTGkjfQZs%3D' (2025-08-09) → 'github:gmodena/nix-flatpak/123fe29340a5b8671367055b75a6e7c320d6f89a?narHash=sha256-Sbh037scxKFm7xL0ahgSCw%2BX2/5ZKeOwI2clqrYr9j4%3D' (2026-01-17) • Updated input 'nixos-cli': 'github:nix-community/nixos-cli/b68f36728504f1017591a9e296237a867e52156d?narHash=sha256-V/4vkr/tTJ50dh57GEKZbEikex%2BGqOVVF2SVYwLcSmQ%3D' (2026-01-02) → 'github:nix-community/nixos-cli/5e79001c7a8b556c3c61d4ef38f0f0fa1187ee90?narHash=sha256-6w1Mhg6%2B46LlaheCa1O/jIk02ukerZ7DdUf9GlQVGxc%3D' (2026-01-18) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/5912c1772a44e31bf1c63c0390b90501e5026886?narHash=sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4%3D' (2026-01-07) → 'github:nixos/nixpkgs/e4bae1bd10c9c57b2cf517953ab70060a828ee6f?narHash=sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc%3D' (2026-01-16) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/d351d0653aeb7877273920cd3e823994e7579b0b?narHash=sha256-r4GVX%2BFToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE%3D' (2026-01-07) → 'github:nixos/nixpkgs/77ef7a29d276c6d8303aece3444d61118ef71ac2?narHash=sha256-XsM7GP3jHlephymxhDE%2B/TKKO1Q16phz/vQiLBGhpF4%3D' (2026-01-18) • Updated input 'noctalia': 'github:noctalia-dev/noctalia-shell/6a61bf185c1b9a508377bde924db58ff53ef2d93?narHash=sha256-/fDWzjo%2BukaTCBzxycwyR5xB10/4N%2Bi9wBfTOFNfYHQ%3D' (2026-01-08) → 'github:noctalia-dev/noctalia-shell/1ef5c0eb307e8a4f30dfa6bcc75cf90ae8c6af46?narHash=sha256-T4H/VMjGwBuHEIrPYWfXQ73XV0foCuFGgH7k3SNSJDo%3D' (2026-01-20) • Updated input 'stylix': 'github:danth/stylix/a525e4774f2576e0f10b8b183c2dfaf7d165c052?narHash=sha256-5/hrrHMZuwwJXqLb86MBElPKS61Efe%2BhgGkVvpbzJM4%3D' (2026-01-08) → 'github:danth/stylix/06684f00cfbee14da96fd4307b966884de272d3a?narHash=sha256-3%2Bh7OxqfrPIB/tRsiZXWE9sCbTm7NQN5Ie428p%2BS6BA%3D' (2026-01-18) • Updated input 'vicinae': 'github:vicinaehq/vicinae/aab965dcf29529c5fab67b9c2fb5f8168f76fa1b?narHash=sha256-OPBgcM2ZzbVEUS6lwRpJo2JBfiRK8TmYVSmZImEW2gA%3D' (2026-01-07) → 'github:vicinaehq/vicinae/934bc0ad47be6dbd6498a0dac655c4613fd0ab27?narHash=sha256-u5bWDuwk6oieTnvm1YjNotcYK8iJSddH5%2BS68%2BX4TSc%3D' (2026-01-19) • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/8b2302d8c10369c9135552cc892da75cff5ddb03?narHash=sha256-5ysv8EuVAgDoYmNuXEUNf7vBzdeRaFxeIlIndv5HMvs%3D' (2026-01-07) → 'github:0xc000022070/zen-browser-flake/37149a5b77e8fd2b5332e8cec9edf39ca5b8e8bc?narHash=sha256-w10iy/aqd5LtD78NDWWG%2BeKGzkb%2BcGhAAo7PVciLbWE%3D' (2026-01-20) • Updated input 'zen-browser/home-manager': 'github:nix-community/home-manager/e4e78a2cbeaddd07ab7238971b16468cc1d14daf?narHash=sha256-GKgwu5//R%2BcLdKysZjGqvUEEOGXXLdt93sNXeb2M/Lk%3D' (2025-12-30) → 'github:nix-community/home-manager/b4d88c9ac42ae1a745283f6547701da43b6e9f9b?narHash=sha256-cJbFn17oyg6qAraLr%2BNVeNJrXsrzJdrudkzI4H2iTcg%3D' (2026-01-14) • Updated input 'zen-browser/nixpkgs': 'github:nixos/nixpkgs/c0b0e0fddf73fd517c3471e546c0df87a42d53f4?narHash=sha256-coBu0ONtFzlwwVBzmjacUQwj3G%2BlybcZ1oeNSQkgC0M%3D' (2025-12-28) → 'github:nixos/nixpkgs/ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38?narHash=sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs%3D' (2026-01-11) --- flake.lock | 150 ++++++++++++++++++++++++++--------------------------- 1 file changed, 75 insertions(+), 75 deletions(-) diff --git a/flake.lock b/flake.lock index 081c9fd..b5b63cf 100644 --- a/flake.lock +++ b/flake.lock @@ -160,11 +160,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1766150702, - "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", + "lastModified": 1768923567, + "narHash": "sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q=", "owner": "nix-community", "repo": "disko", - "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", + "rev": "00395d188e3594a1507f214a2f15d4ce5c07cb28", "type": "github" }, "original": { @@ -242,11 +242,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1767609335, - "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "250481aafeb741edfe23d29195671c19b36b6dca", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", "type": "github" }, "original": { @@ -378,11 +378,11 @@ ] }, "locked": { - "lastModified": 1767890644, - "narHash": "sha256-clGZcCXX4VLLdzFDu2YRflI+oKWbv41x0w0G06h88L0=", + "lastModified": 1768927746, + "narHash": "sha256-zyMpWHqcpKVmRc1W2NEK7DAuyVJZV62Jdjqudg70b1k=", "owner": "nix-community", "repo": "home-manager", - "rev": "92394f9deafa80b9de95d7e0f10de78d39ff0564", + "rev": "63a87808f5f9b6e4195a1d33f6ea25d23f4aa0df", "type": "github" }, "original": { @@ -400,11 +400,11 @@ ] }, "locked": { - "lastModified": 1747978958, - "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", + "lastModified": 1768598210, + "narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=", "owner": "nix-community", "repo": "home-manager", - "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", + "rev": "c47b2cc64a629f8e075de52e4742de688f930dc6", "type": "github" }, "original": { @@ -421,11 +421,11 @@ ] }, "locked": { - "lastModified": 1767104570, - "narHash": "sha256-GKgwu5//R+cLdKysZjGqvUEEOGXXLdt93sNXeb2M/Lk=", + "lastModified": 1768434960, + "narHash": "sha256-cJbFn17oyg6qAraLr+NVeNJrXsrzJdrudkzI4H2iTcg=", "owner": "nix-community", "repo": "home-manager", - "rev": "e4e78a2cbeaddd07ab7238971b16468cc1d14daf", + "rev": "b4d88c9ac42ae1a745283f6547701da43b6e9f9b", "type": "github" }, "original": { @@ -440,11 +440,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1767822991, - "narHash": "sha256-iyrn9AcPZCoyxX4OT8eMkBsjG7SRUQXXS/V1JzxS7rA=", + "lastModified": 1768835187, + "narHash": "sha256-6nY0ixjGjPQCL+/sUC1B1MRiO1LOI3AkRSIywm3i3bE=", "owner": "nix-community", "repo": "impermanence", - "rev": "82e5bc4508cab9e8d5a136626276eb5bbce5e9c5", + "rev": "0d633a69480bb3a3e2f18c080d34a8fa81da6395", "type": "github" }, "original": { @@ -483,11 +483,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1767833217, - "narHash": "sha256-HLr9k8g1Geq40PLsNw7I5N8TZkBYtQVjkgDPV/Kehxk=", + "lastModified": 1768877436, + "narHash": "sha256-ct4qxmFJeJbaJKiOnXOZmRmVmk7TpT+lohuTgTr+kYQ=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "a789aa1512a9157d5d3392b27e60621fd0d83438", + "rev": "6581f5458309233622c1b73c8902dcaea7be16eb", "type": "github" }, "original": { @@ -516,11 +516,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1767792726, - "narHash": "sha256-qS4tdG2iUQwSld9dTH1gk8GcIOrRi9umMgPv8MGDIA0=", + "lastModified": 1768678265, + "narHash": "sha256-Ub8eed4DsfIDWyg30xEe+8bSxL/z5Af/gCjmvJ0V/Hs=", "owner": "YaLTeR", "repo": "niri", - "rev": "10df9f4717cbd4efd20ae796eb6b0aa400127bdc", + "rev": "d7184a04b904e07113f4623610775ae78d32394c", "type": "github" }, "original": { @@ -536,11 +536,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1767882842, - "narHash": "sha256-Wo1jRV29yb3NwWf1hG80rmhrTC5x3F+bvj5u/fvxMW4=", + "lastModified": 1768922080, + "narHash": "sha256-gFoGvnW2YDWsxKD56kdiXbhh9vBPAU3yusssbXF0UMo=", "owner": "numtide", "repo": "llm-agents.nix", - "rev": "1e0eaa265ba27a04f89b3265583bdf7da54a3972", + "rev": "78f3fdc13ef903475aa5bfc0f85eeefaa36af837", "type": "github" }, "original": { @@ -551,11 +551,11 @@ }, "nix-flatpak": { "locked": { - "lastModified": 1754777568, - "narHash": "sha256-0bBqT+3XncgF8F03RFAamw9vdf0VmaDoIJLTGkjfQZs=", + "lastModified": 1768656715, + "narHash": "sha256-Sbh037scxKFm7xL0ahgSCw+X2/5ZKeOwI2clqrYr9j4=", "owner": "gmodena", "repo": "nix-flatpak", - "rev": "62f636b87ef6050760a8cb325cadb90674d1e23e", + "rev": "123fe29340a5b8671367055b75a6e7c320d6f89a", "type": "github" }, "original": { @@ -593,11 +593,11 @@ "optnix": "optnix" }, "locked": { - "lastModified": 1767322536, - "narHash": "sha256-V/4vkr/tTJ50dh57GEKZbEikex+GqOVVF2SVYwLcSmQ=", + "lastModified": 1768778579, + "narHash": "sha256-6w1Mhg6+46LlaheCa1O/jIk02ukerZ7DdUf9GlQVGxc=", "owner": "nix-community", "repo": "nixos-cli", - "rev": "b68f36728504f1017591a9e296237a867e52156d", + "rev": "5e79001c7a8b556c3c61d4ef38f0f0fa1187ee90", "type": "github" }, "original": { @@ -654,11 +654,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1767799921, - "narHash": "sha256-r4GVX+FToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE=", + "lastModified": 1768773494, + "narHash": "sha256-XsM7GP3jHlephymxhDE+/TKKO1Q16phz/vQiLBGhpF4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d351d0653aeb7877273920cd3e823994e7579b0b", + "rev": "77ef7a29d276c6d8303aece3444d61118ef71ac2", "type": "github" }, "original": { @@ -670,11 +670,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1767799921, - "narHash": "sha256-r4GVX+FToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE=", + "lastModified": 1768773494, + "narHash": "sha256-XsM7GP3jHlephymxhDE+/TKKO1Q16phz/vQiLBGhpF4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d351d0653aeb7877273920cd3e823994e7579b0b", + "rev": "77ef7a29d276c6d8303aece3444d61118ef71ac2", "type": "github" }, "original": { @@ -718,11 +718,11 @@ }, "nixpkgs_12": { "locked": { - "lastModified": 1766902085, - "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=", + "lastModified": 1768127708, + "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c0b0e0fddf73fd517c3471e546c0df87a42d53f4", + "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38", "type": "github" }, "original": { @@ -734,11 +734,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1763618868, - "narHash": "sha256-v5afmLjn/uyD9EQuPBn7nZuaZVV9r+JerayK/4wvdWA=", + "lastModified": 1768661221, + "narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a8d610af3f1a5fb71e23e08434d8d61a466fc942", + "rev": "3327b113f2ef698d380df83fbccefad7e83d7769", "type": "github" }, "original": { @@ -750,11 +750,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1748026106, - "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", + "lastModified": 1768564909, + "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", + "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", "type": "github" }, "original": { @@ -782,11 +782,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1767767207, - "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", + "lastModified": 1768564909, + "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", + "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", "type": "github" }, "original": { @@ -798,11 +798,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1767364772, - "narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=", + "lastModified": 1768783163, + "narHash": "sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo+w8KsY4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "16c7794d0a28b5a37904d55bcca36003b9109aaa", + "rev": "bde09022887110deb780067364a0818e89258968", "type": "github" }, "original": { @@ -846,11 +846,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1767767207, - "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", + "lastModified": 1768564909, + "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", + "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", "type": "github" }, "original": { @@ -867,11 +867,11 @@ ] }, "locked": { - "lastModified": 1767890738, - "narHash": "sha256-/fDWzjo+ukaTCBzxycwyR5xB10/4N+i9wBfTOFNfYHQ=", + "lastModified": 1768924718, + "narHash": "sha256-T4H/VMjGwBuHEIrPYWfXQ73XV0foCuFGgH7k3SNSJDo=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "6a61bf185c1b9a508377bde924db58ff53ef2d93", + "rev": "1ef5c0eb307e8a4f30dfa6bcc75cf90ae8c6af46", "type": "github" }, "original": { @@ -987,11 +987,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1767886384, - "narHash": "sha256-5/hrrHMZuwwJXqLb86MBElPKS61Efe+hgGkVvpbzJM4=", + "lastModified": 1768744881, + "narHash": "sha256-3+h7OxqfrPIB/tRsiZXWE9sCbTm7NQN5Ie428p+S6BA=", "owner": "danth", "repo": "stylix", - "rev": "a525e4774f2576e0f10b8b183c2dfaf7d165c052", + "rev": "06684f00cfbee14da96fd4307b966884de272d3a", "type": "github" }, "original": { @@ -1201,11 +1201,11 @@ ] }, "locked": { - "lastModified": 1767801790, - "narHash": "sha256-QfX6g3Wj2vQe7oBJEbTf0npvC6sJoDbF9hb2+gM5tf8=", + "lastModified": 1768158989, + "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "778a1d691f1ef45dd68c661715c5bf8cbf131c80", + "rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca", "type": "github" }, "original": { @@ -1238,11 +1238,11 @@ "systems": "systems_6" }, "locked": { - "lastModified": 1767815010, - "narHash": "sha256-OPBgcM2ZzbVEUS6lwRpJo2JBfiRK8TmYVSmZImEW2gA=", + "lastModified": 1768856963, + "narHash": "sha256-u5bWDuwk6oieTnvm1YjNotcYK8iJSddH5+S68+X4TSc=", "owner": "vicinaehq", "repo": "vicinae", - "rev": "aab965dcf29529c5fab67b9c2fb5f8168f76fa1b", + "rev": "934bc0ad47be6dbd6498a0dac655c4613fd0ab27", "type": "github" }, "original": { @@ -1271,11 +1271,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1767830382, - "narHash": "sha256-0PgS7M1SV6JCN3MugFZPaP8J+Mr2o7lSDFTPVYZSIAY=", + "lastModified": 1768765571, + "narHash": "sha256-C1JbyJ3ftogmN3vmLNfyPtnJw2wY64TiUTIhFtk1Leg=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "74cf1a95a35fd7aec76432bc2cd9b310e0d908c5", + "rev": "ed1cef792b4def3321ff9ab5479df09609f17a69", "type": "github" }, "original": { @@ -1290,11 +1290,11 @@ "nixpkgs": "nixpkgs_12" }, "locked": { - "lastModified": 1767763594, - "narHash": "sha256-5ysv8EuVAgDoYmNuXEUNf7vBzdeRaFxeIlIndv5HMvs=", + "lastModified": 1768919538, + "narHash": "sha256-w10iy/aqd5LtD78NDWWG+eKGzkb+cGhAAo7PVciLbWE=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "8b2302d8c10369c9135552cc892da75cff5ddb03", + "rev": "37149a5b77e8fd2b5332e8cec9edf39ca5b8e8bc", "type": "github" }, "original": { From 815524d513a3d807bd9e0d2e9414e27c05cb2bf2 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 26 Jan 2026 17:40:31 -0300 Subject: [PATCH 130/206] add hytale --- hosts/modules/gaming.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/hosts/modules/gaming.nix b/hosts/modules/gaming.nix index 5aef14e..00a4ffa 100644 --- a/hosts/modules/gaming.nix +++ b/hosts/modules/gaming.nix @@ -31,5 +31,13 @@ "io.mrarm.mcpelauncher" "net.retrodeck.retrodeck" "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08" + rec { + appId = "com.hypixel.HytaleLauncher"; + sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv"; + bundle = "${pkgs.fetchurl { + url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak"; + inherit sha256; + }}"; + } ]; } From c6c444ae8f1d82a0a2a0c78ed72c24b9e8bb2e90 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 28 Jan 2026 18:41:52 -0300 Subject: [PATCH 131/206] updaet some apckage names --- hosts/modules/desktop/desktop.nix | 9 +-------- hosts/modules/gaming.nix | 2 +- users/modules/desktop/desktop.nix | 6 ++++-- users/modules/gaming.nix | 32 +++++++++++++++++++++++++++++-- 4 files changed, 36 insertions(+), 13 deletions(-) diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index cbb4fa0..7510c02 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -86,14 +86,7 @@ enable = true; packages = [ ### Office & Productivity ### - rec { - appId = "com.collabora.Office"; - sha256 = "1im6s8p6wvj2hblr4mhn1g2rry77giccsi6mk76nk8d6bjp1fwa4"; - bundle = "${pkgs.fetchurl { - url = "https://cdn.collaboraoffice.com/collaboraoffice-v25.04.7.2_final.flatpak"; - inherit sha256; - }}"; - } + "com.collabora.Office" ### Graphics & Design ### "com.boxy_svg.BoxySVG" rec { diff --git a/hosts/modules/gaming.nix b/hosts/modules/gaming.nix index 00a4ffa..0f00fe3 100644 --- a/hosts/modules/gaming.nix +++ b/hosts/modules/gaming.nix @@ -30,7 +30,7 @@ "io.itch.itch" "io.mrarm.mcpelauncher" "net.retrodeck.retrodeck" - "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08" + "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08" rec { appId = "com.hypixel.HytaleLauncher"; sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv"; diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index 0d95c56..fd3d306 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -13,11 +13,13 @@ services.vicinae = { enable = true; - autoStart = true; + systemd = { + enable = true; + autoStart = true; + }; }; programs = { - ghostty = { enable = true; settings = { diff --git a/users/modules/gaming.nix b/users/modules/gaming.nix index df33b11..48825ab 100644 --- a/users/modules/gaming.nix +++ b/users/modules/gaming.nix @@ -1,5 +1,33 @@ -{ ... }: +{ config, ... }: { - programs.mangohud.enable = true; + programs.mangohud = { + enable = true; + enableSessionWide = true; + settings = { + position = "top-left"; + fps = true; + frametime = false; + frame_timing = false; + gpu_stats = true; + gpu_temp = true; + gpu_power = true; + cpu_stats = true; + cpu_temp = true; + cpu_power = true; + ram = true; + vram = true; + gamemode = false; + vkbasalt = false; + version = false; + engine_version = false; + vulkan_driver = false; + wine = false; + time = false; + fps_sampling_period = 500; + toggle_hud = "Shift_L+F12"; + toggle_logging = "Ctrl_L+F2"; + output_folder = "${config.home.homeDirectory}/.local/share/mangohud"; + }; + }; } From a4698d2a6287d9207e4ef16fbf13ebf2274fad46 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 1 Feb 2026 19:44:19 -0300 Subject: [PATCH 132/206] libvirt for io --- nixosConfigurations.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index 43a0bba..8367438 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -30,6 +30,7 @@ in "bluetooth" "dev" "ephemeral" + "libvirtd" "networkmanager" "podman" ]; From dd3f08827a18a8386899ad76433448232285b368 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 14:34:11 -0300 Subject: [PATCH 133/206] niri overview wallpaper --- users/modules/desktop/niri.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 0cb5db8..58a7aaf 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -106,11 +106,7 @@ in spawn-at-startup "noctalia-shell" "-d" layer-rule { - match namespace="^wallpaper$" - place-within-backdrop true - } - layer-rule { - match namespace="^quickshell-overview$" + match namespace="^noctalia-overview*" place-within-backdrop true } From 2c2eba13997184aaea74ba58b25175940fe2de83 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 14:34:47 -0300 Subject: [PATCH 134/206] stylix: everything should be opaque --- users/modules/stylix.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix index f1c7e44..6b34e43 100644 --- a/users/modules/stylix.nix +++ b/users/modules/stylix.nix @@ -28,7 +28,7 @@ }; opacity = { applications = 1.0; - desktop = 0.8; + desktop = 1.0; popups = config.stylix.opacity.desktop; terminal = 1.0; }; From b94d17d05d18aa9ddc00759f79cf344077d4d04f Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:05 -0300 Subject: [PATCH 135/206] add aspects/constants.nix Defines flake options for hosts, services, and lib utilities. Services are automatically enriched with host IP information. Co-Authored-By: Claude Opus 4.5 --- aspects/constants.nix | 166 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 166 insertions(+) create mode 100644 aspects/constants.nix diff --git a/aspects/constants.nix b/aspects/constants.nix new file mode 100644 index 0000000..633cff6 --- /dev/null +++ b/aspects/constants.nix @@ -0,0 +1,166 @@ +{ lib, config, ... }: + +let + # Host submodule type + hostType = lib.types.submodule { + options = { + lanIP = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "LAN IP address for the host"; + }; + tailscaleIP = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Tailscale IP address for the host"; + }; + }; + }; + + # Service submodule type + serviceType = lib.types.submodule { + options = { + name = lib.mkOption { + type = lib.types.str; + description = "Service name"; + }; + domain = lib.mkOption { + type = lib.types.str; + description = "Domain name for the service"; + }; + host = lib.mkOption { + type = lib.types.str; + description = "Host where the service runs"; + }; + public = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether the service is publicly accessible"; + }; + lanIP = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "LAN IP address (inherited from host)"; + }; + tailscaleIP = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Tailscale IP address (inherited from host)"; + }; + }; + }; + + # Raw services list before enrichment + rawServices = [ + { + name = "kanidm"; + domain = "auth.baduhai.dev"; + host = "alexandria"; + } + { + name = "vaultwarden"; + domain = "pass.baduhai.dev"; + host = "alexandria"; + } + { + name = "forgejo"; + domain = "git.baduhai.dev"; + host = "trantor"; + public = true; + } + { + name = "nextcloud"; + domain = "cloud.baduhai.dev"; + host = "alexandria"; + } + { + name = "jellyfin"; + domain = "jellyfin.baduhai.dev"; + host = "alexandria"; + } + ]; + + # Enrich services with host IP information + enrichServices = hosts: services: + map (svc: + let + hostInfo = hosts.${svc.host} or {}; + in + svc // { + lanIP = hostInfo.lanIP or null; + tailscaleIP = hostInfo.tailscaleIP or null; + } + ) services; + +in +{ + options.flake = { + hosts = lib.mkOption { + type = lib.types.attrsOf hostType; + default = {}; + description = "Host definitions with IP addresses"; + }; + + services = lib.mkOption { + type = lib.types.listOf serviceType; + default = []; + description = "Service definitions with enriched host information"; + }; + + lib = lib.mkOption { + type = lib.types.attrsOf lib.types.raw; + default = {}; + description = "Utility functions for flake configuration"; + }; + }; + + config.flake = { + hosts = { + alexandria = { + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + }; + trantor = { + tailscaleIP = "100.108.5.90"; + }; + }; + + services = enrichServices config.flake.hosts rawServices; + + lib = { + # Nginx virtual host utilities + mkNginxVHosts = { domains }: + let + mkVHostConfig = domain: vhostConfig: + lib.recursiveUpdate { + useACMEHost = domain; + forceSSL = true; + kTLS = true; + } vhostConfig; + in + lib.mapAttrs mkVHostConfig domains; + + # Split DNS utilities for unbound + # Generates unbound view config from a list of DNS entries + mkSplitDNS = entries: + let + tailscaleData = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') entries; + lanData = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') entries; + in + [ + { + name = "tailscale"; + view-first = true; + local-zone = ''"baduhai.dev." transparent''; + local-data = tailscaleData; + } + { + name = "lan"; + view-first = true; + local-zone = ''"baduhai.dev." transparent''; + local-data = lanData; + } + ]; + }; + }; +} From 0f193778c2f38ee554a8847aafa854ec4e586ee3 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:22 -0300 Subject: [PATCH 136/206] add aspects/common/ NixOS modules Migrates common NixOS configuration to dendritic aspect pattern: boot, console, firewall, locale, nix, openssh, programs, security, services, tailscale, users Co-Authored-By: Claude Opus 4.5 --- aspects/common/boot.nix | 21 ++++++++++++++++++ aspects/common/console.nix | 9 ++++++++ aspects/common/firewall.nix | 9 ++++++++ aspects/common/locale.nix | 22 +++++++++++++++++++ aspects/common/nix.nix | 39 ++++++++++++++++++++++++++++++++++ aspects/common/openssh.nix | 12 +++++++++++ aspects/common/programs.nix | 41 ++++++++++++++++++++++++++++++++++++ aspects/common/security.nix | 14 ++++++++++++ aspects/common/services.nix | 10 +++++++++ aspects/common/tailscale.nix | 9 ++++++++ aspects/common/users.nix | 25 ++++++++++++++++++++++ 11 files changed, 211 insertions(+) create mode 100644 aspects/common/boot.nix create mode 100644 aspects/common/console.nix create mode 100644 aspects/common/firewall.nix create mode 100644 aspects/common/locale.nix create mode 100644 aspects/common/nix.nix create mode 100644 aspects/common/openssh.nix create mode 100644 aspects/common/programs.nix create mode 100644 aspects/common/security.nix create mode 100644 aspects/common/services.nix create mode 100644 aspects/common/tailscale.nix create mode 100644 aspects/common/users.nix diff --git a/aspects/common/boot.nix b/aspects/common/boot.nix new file mode 100644 index 0000000..109d6f2 --- /dev/null +++ b/aspects/common/boot.nix @@ -0,0 +1,21 @@ +{ ... }: +{ + flake.modules.nixos.common-boot = { pkgs, ... }: { + boot = { + loader = { + timeout = 1; + efi.canTouchEfiVariables = true; + systemd-boot = { + enable = true; + editor = false; + consoleMode = "max"; + sortKey = "aa"; + netbootxyz = { + enable = true; + sortKey = "zz"; + }; + }; + }; + }; + }; +} diff --git a/aspects/common/console.nix b/aspects/common/console.nix new file mode 100644 index 0000000..6f6be9f --- /dev/null +++ b/aspects/common/console.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + flake.modules.nixos.common-console = { ... }: { + console = { + useXkbConfig = true; + earlySetup = true; + }; + }; +} diff --git a/aspects/common/firewall.nix b/aspects/common/firewall.nix new file mode 100644 index 0000000..af1a8f7 --- /dev/null +++ b/aspects/common/firewall.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + flake.modules.nixos.common-firewall = { ... }: { + networking = { + firewall.enable = true; + nftables.enable = true; + }; + }; +} diff --git a/aspects/common/locale.nix b/aspects/common/locale.nix new file mode 100644 index 0000000..2b91759 --- /dev/null +++ b/aspects/common/locale.nix @@ -0,0 +1,22 @@ +{ ... }: +{ + flake.modules.nixos.common-locale = { ... }: { + time.timeZone = "America/Bahia"; + + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocaleSettings = { + LC_ADDRESS = "pt_BR.utf8"; + LC_COLLATE = "pt_BR.utf8"; + LC_IDENTIFICATION = "pt_BR.utf8"; + LC_MEASUREMENT = "pt_BR.utf8"; + LC_MONETARY = "pt_BR.utf8"; + LC_NAME = "pt_BR.utf8"; + LC_NUMERIC = "pt_BR.utf8"; + LC_PAPER = "pt_BR.utf8"; + LC_TELEPHONE = "pt_BR.utf8"; + LC_TIME = "en_IE.utf8"; + }; + }; + }; +} diff --git a/aspects/common/nix.nix b/aspects/common/nix.nix new file mode 100644 index 0000000..414c315 --- /dev/null +++ b/aspects/common/nix.nix @@ -0,0 +1,39 @@ +{ ... }: +{ + flake.modules.nixos.common-nix = { inputs, ... }: { + imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; + + nix = { + settings = { + auto-optimise-store = true; + connect-timeout = 10; + log-lines = 25; + min-free = 128000000; + max-free = 1000000000; + trusted-users = [ "@wheel" ]; + }; + extraOptions = "experimental-features = nix-command flakes"; + gc = { + automatic = true; + options = "--delete-older-than 8d"; + }; + }; + + nixpkgs.config = { + allowUnfree = true; + enableParallelBuilding = true; + buildManPages = false; + buildDocs = false; + }; + + services.nixos-cli = { + enable = true; + config = { + use_nvd = true; + ignore_dirty_tree = true; + }; + }; + + system.stateVersion = "22.11"; + }; +} diff --git a/aspects/common/openssh.nix b/aspects/common/openssh.nix new file mode 100644 index 0000000..c515d81 --- /dev/null +++ b/aspects/common/openssh.nix @@ -0,0 +1,12 @@ +{ ... }: +{ + flake.modules.nixos.common-openssh = { ... }: { + services.openssh = { + enable = true; + settings.PermitRootLogin = "no"; + extraConfig = '' + PrintLastLog no + ''; + }; + }; +} diff --git a/aspects/common/programs.nix b/aspects/common/programs.nix new file mode 100644 index 0000000..a3233e9 --- /dev/null +++ b/aspects/common/programs.nix @@ -0,0 +1,41 @@ +{ ... }: +{ + flake.modules.nixos.common-programs = { lib, pkgs, ... }: { + environment = { + systemPackages = with pkgs; [ + ### Dev Tools ### + git + ### System Utilities ### + btop + fastfetch + helix + nixos-firewall-tool + nvd + sysz + tmux + wget + yazi + ]; + shellAliases = { + cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; + ls = "${lib.getExe pkgs.eza} --icons --group-directories-first"; + tree = "ls --tree"; + }; + }; + + programs = { + command-not-found.enable = false; + fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + if set -q SSH_CONNECTION + export TERM=xterm-256color + clear + fastfetch + end + ''; + }; + }; + }; +} diff --git a/aspects/common/security.nix b/aspects/common/security.nix new file mode 100644 index 0000000..b63074b --- /dev/null +++ b/aspects/common/security.nix @@ -0,0 +1,14 @@ +{ ... }: +{ + flake.modules.nixos.common-security = { ... }: { + security = { + unprivilegedUsernsClone = true; # Needed for rootless podman + sudo = { + wheelNeedsPassword = false; + extraConfig = '' + Defaults lecture = never + ''; + }; + }; + }; +} diff --git a/aspects/common/services.nix b/aspects/common/services.nix new file mode 100644 index 0000000..befdbb9 --- /dev/null +++ b/aspects/common/services.nix @@ -0,0 +1,10 @@ +{ ... }: +{ + flake.modules.nixos.common-services = { ... }: { + services = { + dbus.implementation = "broker"; + irqbalance.enable = true; + fstrim.enable = true; + }; + }; +} diff --git a/aspects/common/tailscale.nix b/aspects/common/tailscale.nix new file mode 100644 index 0000000..13eb82a --- /dev/null +++ b/aspects/common/tailscale.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + flake.modules.nixos.common-tailscale = { ... }: { + services.tailscale = { + enable = true; + extraUpFlags = [ "--operator=user" ]; + }; + }; +} diff --git a/aspects/common/users.nix b/aspects/common/users.nix new file mode 100644 index 0000000..e911663 --- /dev/null +++ b/aspects/common/users.nix @@ -0,0 +1,25 @@ +{ ... }: +{ + flake.modules.nixos.common-users = { pkgs, ... }: { + users.users = { + user = { + isNormalUser = true; + shell = pkgs.fish; + extraGroups = [ + "networkmanager" + "wheel" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + ]; + hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; + }; + root = { + shell = pkgs.fish; + hashedPassword = "!"; + }; + }; + }; +} From 37f2d5f64a7b4c4ccb342b35c2d3761537cc3aad Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:22 -0300 Subject: [PATCH 137/206] add aspects/desktop/ modules Desktop-specific NixOS and home-manager configuration: boot, desktop, niri, nix, services Co-Authored-By: Claude Opus 4.5 --- aspects/desktop/boot.nix | 30 ++++ aspects/desktop/desktop.nix | 292 +++++++++++++++++++++++++++++++++++ aspects/desktop/niri.nix | 220 ++++++++++++++++++++++++++ aspects/desktop/nix.nix | 17 ++ aspects/desktop/services.nix | 19 +++ 5 files changed, 578 insertions(+) create mode 100644 aspects/desktop/boot.nix create mode 100644 aspects/desktop/desktop.nix create mode 100644 aspects/desktop/niri.nix create mode 100644 aspects/desktop/nix.nix create mode 100644 aspects/desktop/services.nix diff --git a/aspects/desktop/boot.nix b/aspects/desktop/boot.nix new file mode 100644 index 0000000..bd98184 --- /dev/null +++ b/aspects/desktop/boot.nix @@ -0,0 +1,30 @@ +{ inputs, ... }: +{ + flake.modules.nixos.desktop-boot = { config, lib, pkgs, ... }: { + # Import parent aspect for inheritance + imports = [ inputs.self.modules.nixos.common-boot ]; + + boot = { + plymouth.enable = true; + initrd.systemd.enable = true; + loader.efi.efiSysMountPoint = "/boot/efi"; + kernelPackages = pkgs.linuxPackages_xanmod_latest; + extraModprobeConfig = '' + options bluetooth disable_ertm=1 + ''; + kernel.sysctl = { + "net.ipv4.tcp_mtu_probing" = 1; + }; + kernelParams = [ + "quiet" + "splash" + "i2c-dev" + "i2c-piix4" + "loglevel=3" + "udev.log_priority=3" + "rd.udev.log_level=3" + "rd.systemd.show_status=false" + ]; + }; + }; +} diff --git a/aspects/desktop/desktop.nix b/aspects/desktop/desktop.nix new file mode 100644 index 0000000..f2298e7 --- /dev/null +++ b/aspects/desktop/desktop.nix @@ -0,0 +1,292 @@ +{ + inputs, + ... +}: +{ + flake.modules = { + nixos.desktop-desktop = { config, lib, pkgs, ... }: { + imports = [ + inputs.niri-flake.nixosModules.niri + inputs.nix-flatpak.nixosModules.nix-flatpak + ]; + + environment = { + sessionVariables = { + KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir + NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland + }; + systemPackages = with pkgs; [ + ### Web ### + bitwarden-desktop + fragments + nextcloud-client + tor-browser + vesktop + inputs.zen-browser.packages."${system}".default + ### Office & Productivity ### + aspell + aspellDicts.de + aspellDicts.en + aspellDicts.en-computers + aspellDicts.pt_BR + papers + presenterm + rnote + ### Graphics & Design ### + gimp + inkscape + plasticity + ### System Utilities ### + adwaita-icon-theme + ghostty + gnome-disk-utility + junction + libfido2 + mission-center + nautilus + p7zip + rclone + toggleaudiosink + unrar + ### Media ### + decibels + loupe + obs-studio + showtime + ]; + }; + + services = { + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + wireplumber.enable = true; + }; + greetd = { + enable = true; + settings = { + default_session = { + command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; + user = "greeter"; + }; + } + // lib.optionalAttrs (config.networking.hostName == "io") { + initial_session = { + command = "${config.programs.niri.package}/bin/niri-session"; + user = "user"; + }; + }; + }; + flatpak = { + enable = true; + packages = [ + ### Office & Productivity ### + "com.collabora.Office" + ### Graphics & Design ### + "com.boxy_svg.BoxySVG" + rec { + appId = "io.github.softfever.OrcaSlicer"; + sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; + bundle = "${pkgs.fetchurl { + url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; + inherit sha256; + }}"; + } + ### System Utilities ### + "com.github.tchx84.Flatseal" + "com.rustdesk.RustDesk" + ]; + uninstallUnmanaged = true; + update.auto.enable = true; + }; + gvfs.enable = true; + }; + + security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority + + users = { + users.greeter = { + isSystemUser = true; + group = "greeter"; + }; + groups.greeter = { }; + }; + + programs = { + niri = { + enable = true; + package = inputs.niri.packages.${pkgs.system}.niri; + }; + kdeconnect = { + enable = true; + package = pkgs.valent; + }; + dconf.enable = true; + appimage = { + enable = true; + binfmt = true; + }; + }; + + niri-flake.cache.enable = false; + + fonts = { + fontDir.enable = true; + packages = with pkgs; [ + corefonts + inter + nerd-fonts.fira-code + noto-fonts-cjk-sans + noto-fonts-color-emoji + roboto + ]; + }; + + xdg.portal = { + extraPortals = with pkgs; [ + xdg-desktop-portal-gnome + xdg-desktop-portal-gtk + ]; + config = { + common.default = "*"; + niri.default = [ + "gtk" + "gnome" + ]; + }; + }; + }; + + homeManager.desktop-desktop = { config, lib, pkgs, inputs, ... }: { + imports = [ inputs.vicinae.homeManagerModules.default ]; + + fonts.fontconfig.enable = true; + + home.packages = with pkgs; [ xwayland-satellite ]; + + services.vicinae = { + enable = true; + systemd = { + enable = true; + autoStart = true; + }; + }; + + programs = { + ghostty = { + enable = true; + settings = { + cursor-style = "block"; + shell-integration-features = "no-cursor"; + cursor-style-blink = false; + custom-shader = "${builtins.fetchurl { + url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; + sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; + }}"; + bell-features = ""; + gtk-titlebar-style = "tabs"; + keybind = [ "shift+enter=text:\\x1b\\r" ]; + }; + }; + + password-store = { + enable = true; + package = pkgs.pass-wayland; + }; + }; + + xdg = { + enable = true; + userDirs.enable = true; + mimeApps = { + enable = true; + defaultApplications = { + "text/html" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/http" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/https" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/about" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/unknown" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "image/jpeg" = "org.gnome.Loupe.desktop"; + "image/png" = "org.gnome.Loupe.desktop"; + "image/gif" = "org.gnome.Loupe.desktop"; + "image/webp" = "org.gnome.Loupe.desktop"; + "image/bmp" = "org.gnome.Loupe.desktop"; + "image/svg+xml" = "org.gnome.Loupe.desktop"; + "image/tiff" = "org.gnome.Loupe.desktop"; + "video/mp4" = "io.bassi.Showtime.desktop"; + "video/x-matroska" = "io.bassi.Showtime.desktop"; + "video/webm" = "io.bassi.Showtime.desktop"; + "video/mpeg" = "io.bassi.Showtime.desktop"; + "video/x-msvideo" = "io.bassi.Showtime.desktop"; + "video/quicktime" = "io.bassi.Showtime.desktop"; + "video/x-flv" = "io.bassi.Showtime.desktop"; + "audio/mpeg" = "io.bassi.Showtime.desktop"; + "audio/flac" = "io.bassi.Showtime.desktop"; + "audio/ogg" = "io.bassi.Showtime.desktop"; + "audio/wav" = "io.bassi.Showtime.desktop"; + "audio/mp4" = "io.bassi.Showtime.desktop"; + "audio/x-opus+ogg" = "io.bassi.Showtime.desktop"; + "application/pdf" = [ + "org.gnome.Papers.desktop" + "zen-browser.desktop" + ]; + "text/plain" = "Helix.desktop"; + "text/markdown" = "Helix.desktop"; + "text/x-log" = "Helix.desktop"; + "application/x-shellscript" = "Helix.desktop"; + "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = + "com.collabora.Office.desktop"; # DOCX + "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = + "com.collabora.Office.desktop"; # XLSX + "application/vnd.openxmlformats-officedocument.presentationml.presentation" = + "com.collabora.Office.desktop"; # PPTX + "application/vnd.oasis.opendocument.text" = "com.collabora.Office.desktop"; # ODT + "application/vnd.oasis.opendocument.spreadsheet" = "com.collabora.Office.desktop"; # ODS + "application/vnd.oasis.opendocument.presentation" = "com.collabora.Office.desktop"; # ODP + "application/msword" = "com.collabora.Office.desktop"; # DOC + "application/vnd.ms-excel" = "com.collabora.Office.desktop"; # XLS + "application/vnd.ms-powerpoint" = "com.collabora.Office.desktop"; # PPT + "application/zip" = "org.gnome.FileRoller.desktop"; + "application/x-tar" = "org.gnome.FileRoller.desktop"; + "application/x-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-bzip-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-xz-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-7z-compressed" = "org.gnome.FileRoller.desktop"; + "application/x-rar" = "org.gnome.FileRoller.desktop"; + "application/gzip" = "org.gnome.FileRoller.desktop"; + "application/x-bzip" = "org.gnome.FileRoller.desktop"; + "inode/directory" = "org.gnome.Nautilus.desktop"; + }; + }; + }; + + # Set Ghostty as default terminal + home.sessionVariables = { + TERMINAL = "ghostty"; + }; + }; + }; +} diff --git a/aspects/desktop/niri.nix b/aspects/desktop/niri.nix new file mode 100644 index 0000000..6458ab0 --- /dev/null +++ b/aspects/desktop/niri.nix @@ -0,0 +1,220 @@ +{ ... }: +{ + flake.modules.homeManager.desktop-niri = { config, lib, pkgs, inputs, hostname ? null, ... }: + let + isRotterdam = hostname == "rotterdam"; + in + { + imports = [ inputs.noctalia.homeModules.default ]; + + services.kanshi = { + enable = true; + settings = [ + { + profile.name = "default"; + profile.outputs = [ + { + criteria = "*"; + scale = 1.0; + } + ]; + } + ]; + }; + + home = { + packages = with pkgs; [ + xwayland-satellite + inputs.noctalia.packages.${pkgs.system}.default + ]; + sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; + }; + + xdg.configFile."niri/config.kdl".text = '' + input { + keyboard { + xkb { + layout "us" + variant "altgr-intl" + } + } + touchpad { + tap + dwt + drag true + drag-lock + natural-scroll + accel-speed 0.2 + accel-profile "flat" + scroll-method "two-finger" + middle-emulation + } + mouse { + natural-scroll + accel-speed 0.2 + accel-profile "flat" + } + warp-mouse-to-focus mode="center-xy" + focus-follows-mouse + } + + layout { + gaps 8 + center-focused-column "never" + auto-center-when-space-available + preset-column-widths { + ${ + if isRotterdam then + '' + proportion 0.33333 + proportion 0.5 + proportion 0.66667 + '' + else + '' + proportion 0.5 + proportion 1.0 + '' + } + } + default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } + focus-ring { + off + } + border { + width 4 + active-color "#ffc87f" + inactive-color "#505050" + urgent-color "#9b0000" + } + tab-indicator { + width 4 + gap 4 + place-within-column + } + } + + overview { + zoom 0.65 + } + + spawn-at-startup "noctalia-shell" "-d" + layer-rule { + match namespace="^noctalia-overview*" + place-within-backdrop true + } + + hotkey-overlay { + skip-at-startup + } + + prefer-no-csd + screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" + + animations { + slowdown 0.3 + } + + window-rule { + match app-id="zen" + default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; } + } + + window-rule { + geometry-corner-radius 12 + clip-to-geometry true + } + + config-notification { + disable-failed + } + + binds { + Alt+Space repeat=false { spawn "vicinae" "toggle"; } + XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; } + XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; } + XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; } + XF86MonBrightnessUp allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "increase"; } + XF86MonBrightnessDown allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "decrease"; } + XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; } + XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } + XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } + XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } + Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; } + Mod+Shift+L repeat=false { spawn "noctalia-shell" "ipc" "call" "lockScreen" "lock"; } + Mod+Return { spawn "ghostty"; } + Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } + Mod+W repeat=false { toggle-overview; } + Mod+Q { close-window; } + Alt+Shift+Q { close-window;} + Mod+Shift+Q { close-window; } + Alt+F4 { close-window; } + Mod+Left { focus-column-left; } + Mod+Down { focus-window-or-workspace-down; } + Mod+Up { focus-window-or-workspace-up; } + Mod+Right { focus-column-right; } + Mod+H { focus-column-left; } + Mod+L { focus-column-right; } + Mod+J { focus-window-or-workspace-down; } + Mod+K { focus-window-or-workspace-up; } + Mod+Ctrl+Left { move-column-left; } + Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } + Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } + Mod+Ctrl+Right { move-column-right; } + Mod+Ctrl+H { move-column-left; } + Mod+Ctrl+J { move-window-down-or-to-workspace-down; } + Mod+Ctrl+K { move-window-up-or-to-workspace-up; } + Mod+Ctrl+L { move-column-right; } + Mod+Home { focus-column-first; } + Mod+End { focus-column-last; } + Mod+Ctrl+Home { move-column-to-first; } + Mod+Ctrl+End { move-column-to-last; } + Mod+Alt+Left { focus-monitor-left; } + Mod+Alt+Down { focus-monitor-down; } + Mod+Alt+Up { focus-monitor-up; } + Mod+Alt+Right { focus-monitor-right; } + Mod+Alt+H { focus-monitor-left; } + Mod+Alt+J { focus-monitor-down; } + Mod+Alt+K { focus-monitor-up; } + Mod+Alt+L { focus-monitor-right; } + Mod+Alt+Ctrl+Left { move-column-to-monitor-left; } + Mod+Alt+Ctrl+Down { move-column-to-monitor-down; } + Mod+Alt+Ctrl+Up { move-column-to-monitor-up; } + Mod+Alt+Ctrl+Right { move-column-to-monitor-right; } + Mod+Alt+Ctrl+H { move-column-to-monitor-left; } + Mod+Alt+Ctrl+J { move-column-to-monitor-down; } + Mod+Alt+Ctrl+K { move-column-to-monitor-up; } + Mod+Alt+Ctrl+L { move-column-to-monitor-right; } + Mod+Ctrl+U { move-workspace-down; } + Mod+Ctrl+I { move-workspace-up; } + Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; } + Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; } + Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; } + Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; } + Mod+Shift+WheelScrollDown { focus-column-right; } + Mod+Shift+WheelScrollUp { focus-column-left; } + Mod+Ctrl+Shift+WheelScrollDown { move-column-right; } + Mod+Ctrl+Shift+WheelScrollUp { move-column-left; } + Mod+BracketLeft { consume-or-expel-window-left; } + Mod+BracketRight { consume-or-expel-window-right; } + Mod+Comma { consume-window-into-column; } + Mod+Period { expel-window-from-column; } + Mod+R { switch-preset-column-width; } + Mod+F { maximize-column; } + Mod+Ctrl+F { fullscreen-window; } + Mod+C { center-visible-columns; } + Mod+Ctrl+C { center-column; } + Mod+Space { toggle-window-floating; } + Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; } + Mod+T { toggle-column-tabbed-display; } + Print { screenshot-screen; } + Mod+Print { screenshot; } + Ctrl+Print { screenshot-window; } + Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } + Mod+Alt+E { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } + Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } + Mod+Ctrl+P { power-off-monitors; } + } + ''; + }; +} diff --git a/aspects/desktop/nix.nix b/aspects/desktop/nix.nix new file mode 100644 index 0000000..67cfa11 --- /dev/null +++ b/aspects/desktop/nix.nix @@ -0,0 +1,17 @@ +{ inputs, ... }: +{ + flake.modules.nixos.desktop-nix = { config, lib, pkgs, ... }: { + # Import parent aspect for inheritance + imports = [ inputs.self.modules.nixos.common-nix ]; + + environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; + + nix = { + registry.nixpkgs.flake = inputs.nixpkgs; + nixPath = [ + "nixpkgs=${inputs.nixpkgs}" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; + }; +} diff --git a/aspects/desktop/services.nix b/aspects/desktop/services.nix new file mode 100644 index 0000000..59f0a56 --- /dev/null +++ b/aspects/desktop/services.nix @@ -0,0 +1,19 @@ +{ inputs, ... }: +{ + flake.modules.nixos.desktop-services = { config, lib, pkgs, ... }: { + # Import parent aspect for inheritance + imports = [ inputs.self.modules.nixos.common-services ]; + + services = { + printing.enable = true; + udev.packages = with pkgs; [ yubikey-personalization ]; + keyd = { + enable = true; + keyboards.all = { + ids = [ "*" ]; + settings.main.capslock = "overload(meta, esc)"; + }; + }; + }; + }; +} From f5c44965a887e7e951041727ba86805a8638e735 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:22 -0300 Subject: [PATCH 138/206] add aspects/server/ NixOS modules Server-specific NixOS configuration: boot, nix, tailscale Co-Authored-By: Claude Opus 4.5 --- aspects/server/boot.nix | 10 ++++++++++ aspects/server/nix.nix | 18 ++++++++++++++++++ aspects/server/tailscale.nix | 18 ++++++++++++++++++ 3 files changed, 46 insertions(+) create mode 100644 aspects/server/boot.nix create mode 100644 aspects/server/nix.nix create mode 100644 aspects/server/tailscale.nix diff --git a/aspects/server/boot.nix b/aspects/server/boot.nix new file mode 100644 index 0000000..68397f2 --- /dev/null +++ b/aspects/server/boot.nix @@ -0,0 +1,10 @@ +# aspects/server/boot.nix +{ inputs, ... }: +{ + flake.modules.nixos.server-boot = { config, lib, pkgs, ... }: { + # Import parent aspect for inheritance + imports = [ inputs.self.modules.nixos.common-boot ]; + + boot.kernelPackages = pkgs.linuxPackages_hardened; + }; +} diff --git a/aspects/server/nix.nix b/aspects/server/nix.nix new file mode 100644 index 0000000..b22565c --- /dev/null +++ b/aspects/server/nix.nix @@ -0,0 +1,18 @@ +# aspects/server/nix.nix +{ inputs, ... }: +{ + flake.modules.nixos.server-nix = { config, lib, pkgs, ... }: { + # Import parent aspect for inheritance + imports = [ inputs.self.modules.nixos.common-nix ]; + + environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; + + nix = { + registry.nixpkgs.flake = inputs.nixpkgs-stable; + nixPath = [ + "nixpkgs=/etc/channels/nixpkgs" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; + }; +} diff --git a/aspects/server/tailscale.nix b/aspects/server/tailscale.nix new file mode 100644 index 0000000..433494c --- /dev/null +++ b/aspects/server/tailscale.nix @@ -0,0 +1,18 @@ +# aspects/server/tailscale.nix +{ inputs, ... }: +{ + flake.modules.nixos.server-tailscale = { config, lib, pkgs, ... }: { + # Import parent aspect for inheritance + imports = [ inputs.self.modules.nixos.common-tailscale ]; + + services.tailscale = { + extraSetFlags = [ "--advertise-exit-node" ]; + useRoutingFeatures = "server"; + }; + + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + }; + }; +} From a2f013c5297607c15db65e0d15db6fbb7d0ceddb Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:30 -0300 Subject: [PATCH 139/206] add aspects/cli/ home-manager modules CLI tool configurations: btop, comma, direnv, helix, hm-cli, starship, tmux Co-Authored-By: Claude Opus 4.5 --- aspects/cli/btop.nix | 13 +++++++++++ aspects/cli/comma.nix | 8 +++++++ aspects/cli/direnv.nix | 9 ++++++++ aspects/cli/helix.nix | 50 ++++++++++++++++++++++++++++++++++++++++ aspects/cli/hm-cli.nix | 11 +++++++++ aspects/cli/starship.nix | 41 ++++++++++++++++++++++++++++++++ aspects/cli/tmux.nix | 12 ++++++++++ 7 files changed, 144 insertions(+) create mode 100644 aspects/cli/btop.nix create mode 100644 aspects/cli/comma.nix create mode 100644 aspects/cli/direnv.nix create mode 100644 aspects/cli/helix.nix create mode 100644 aspects/cli/hm-cli.nix create mode 100644 aspects/cli/starship.nix create mode 100644 aspects/cli/tmux.nix diff --git a/aspects/cli/btop.nix b/aspects/cli/btop.nix new file mode 100644 index 0000000..09a815e --- /dev/null +++ b/aspects/cli/btop.nix @@ -0,0 +1,13 @@ +{ ... }: +{ + flake.modules.homeManager.cli-btop = { config, lib, pkgs, ... }: { + programs.btop = { + enable = true; + settings = { + theme_background = false; + proc_sorting = "cpu direct"; + update_ms = 500; + }; + }; + }; +} diff --git a/aspects/cli/comma.nix b/aspects/cli/comma.nix new file mode 100644 index 0000000..b8e6c2a --- /dev/null +++ b/aspects/cli/comma.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + flake.modules.homeManager.cli-comma = { config, lib, pkgs, inputs, ... }: { + imports = [ inputs.nix-index-database.homeModules.nix-index ]; + + programs.nix-index-database.comma.enable = true; + }; +} diff --git a/aspects/cli/direnv.nix b/aspects/cli/direnv.nix new file mode 100644 index 0000000..4399283 --- /dev/null +++ b/aspects/cli/direnv.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + flake.modules.homeManager.cli-direnv = { config, lib, pkgs, ... }: { + programs.direnv = { + enable = true; + nix-direnv.enable = true; + }; + }; +} diff --git a/aspects/cli/helix.nix b/aspects/cli/helix.nix new file mode 100644 index 0000000..1fa2baf --- /dev/null +++ b/aspects/cli/helix.nix @@ -0,0 +1,50 @@ +{ ... }: +{ + flake.modules.homeManager.cli-helix = { config, lib, pkgs, ... }: { + home.sessionVariables = { + EDITOR = "hx"; + }; + + programs.helix = { + enable = true; + settings = { + editor = { + file-picker.hidden = false; + idle-timeout = 0; + line-number = "relative"; + cursor-shape = { + normal = "underline"; + insert = "bar"; + select = "underline"; + }; + soft-wrap.enable = true; + auto-format = true; + indent-guides.render = true; + }; + keys.normal = { + space = { + o = "file_picker_in_current_buffer_directory"; + esc = [ + "collapse_selection" + "keep_primary_selection" + ]; + }; + }; + }; + languages = { + language = [ + { + name = "nix"; + auto-format = true; + formatter.command = "nixfmt"; + } + { + name = "typst"; + auto-format = true; + formatter.command = "typstyle -c 1000 -i"; + } + ]; + }; + }; + }; +} diff --git a/aspects/cli/hm-cli.nix b/aspects/cli/hm-cli.nix new file mode 100644 index 0000000..acee59d --- /dev/null +++ b/aspects/cli/hm-cli.nix @@ -0,0 +1,11 @@ +{ ... }: +{ + flake.modules.homeManager.cli-base = { config, lib, pkgs, ... }: { + home = { + packages = with pkgs; [ hm-cli ]; + sessionVariables = { + HM_PATH = "/etc/nixos"; + }; + }; + }; +} diff --git a/aspects/cli/starship.nix b/aspects/cli/starship.nix new file mode 100644 index 0000000..e9884a7 --- /dev/null +++ b/aspects/cli/starship.nix @@ -0,0 +1,41 @@ +{ ... }: +{ + flake.modules.homeManager.cli-starship = { config, lib, pkgs, ... }: { + programs.starship = { + enable = true; + enableBashIntegration = true; + enableFishIntegration = true; + settings = { + add_newline = false; + format = '' + $hostname$directory$git_branch$git_status$nix_shell + [ ❯ ](bold green) + ''; + right_format = "$cmd_duration$character"; + hostname = { + ssh_symbol = "󰖟 "; + }; + character = { + error_symbol = "[](red)"; + success_symbol = "[󱐋](green)"; + }; + cmd_duration = { + format = "[󰄉 $duration ]($style)"; + style = "yellow"; + min_time = 500; + }; + git_branch = { + symbol = " "; + style = "purple"; + }; + git_status.style = "red"; + nix_shell = { + format = "via [$symbol$state]($style)"; + heuristic = true; + style = "blue"; + symbol = "󱄅 "; + }; + }; + }; + }; +} diff --git a/aspects/cli/tmux.nix b/aspects/cli/tmux.nix new file mode 100644 index 0000000..078a6aa --- /dev/null +++ b/aspects/cli/tmux.nix @@ -0,0 +1,12 @@ +{ ... }: +{ + flake.modules.homeManager.cli-tmux = { config, lib, pkgs, ... }: { + programs.tmux = { + enable = true; + clock24 = true; + terminal = "xterm-256color"; + mouse = true; + keyMode = "vi"; + }; + }; +} From e6aed18d8f88374dea23468754fc98c1ec85c280 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:30 -0300 Subject: [PATCH 140/206] add aspects/shell/ home-manager modules Shell configurations: bash, fish Co-Authored-By: Claude Opus 4.5 --- aspects/shell/bash.nix | 9 +++++++++ aspects/shell/fish.nix | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 aspects/shell/bash.nix create mode 100644 aspects/shell/fish.nix diff --git a/aspects/shell/bash.nix b/aspects/shell/bash.nix new file mode 100644 index 0000000..3ec7237 --- /dev/null +++ b/aspects/shell/bash.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + flake.modules.homeManager.shell-bash = { config, lib, pkgs, ... }: { + programs.bash = { + enable = true; + historyFile = "~/.cache/bash_history"; + }; + }; +} diff --git a/aspects/shell/fish.nix b/aspects/shell/fish.nix new file mode 100644 index 0000000..e2ae9cf --- /dev/null +++ b/aspects/shell/fish.nix @@ -0,0 +1,33 @@ +{ ... }: +{ + flake.modules.homeManager.shell-fish = { config, lib, pkgs, ... }: { + programs.fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + ${lib.getExe pkgs.nix-your-shell} fish | source + ''; + loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; + plugins = [ + { + name = "bang-bang"; + src = pkgs.fetchFromGitHub { + owner = "oh-my-fish"; + repo = "plugin-bang-bang"; + rev = "f969c618301163273d0a03d002614d9a81952c1e"; + sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; + }; + } + { + name = "z"; + src = pkgs.fetchFromGitHub { + owner = "jethrokuan"; + repo = "z"; + rev = "067e867debee59aee231e789fc4631f80fa5788e"; + sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU="; + }; + } + ]; + }; + }; +} From e8e62c81e3680e0137aa640f4c0e348bec2cd3d2 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:30 -0300 Subject: [PATCH 141/206] add aspects/gaming/ modules Gaming-related NixOS and home-manager configuration: flatpak, hardware, launchers, mangohud, steam Co-Authored-By: Claude Opus 4.5 --- aspects/gaming/flatpak.nix | 23 +++++++++++++++++++ aspects/gaming/hardware.nix | 11 +++++++++ aspects/gaming/launchers.nix | 11 +++++++++ aspects/gaming/mangohud.nix | 43 ++++++++++++++++++++++++++++++++++++ aspects/gaming/steam.nix | 17 ++++++++++++++ 5 files changed, 105 insertions(+) create mode 100644 aspects/gaming/flatpak.nix create mode 100644 aspects/gaming/hardware.nix create mode 100644 aspects/gaming/launchers.nix create mode 100644 aspects/gaming/mangohud.nix create mode 100644 aspects/gaming/steam.nix diff --git a/aspects/gaming/flatpak.nix b/aspects/gaming/flatpak.nix new file mode 100644 index 0000000..ad50c7c --- /dev/null +++ b/aspects/gaming/flatpak.nix @@ -0,0 +1,23 @@ +{ ... }: + +{ + flake.modules.nixos.gaming-flatpak = { pkgs, ... }: { + services.flatpak.packages = [ + "com.github.k4zmu2a.spacecadetpinball" + "com.steamgriddb.SGDBoop" + "io.github.Foldex.AdwSteamGtk" + "io.itch.itch" + "io.mrarm.mcpelauncher" + "net.retrodeck.retrodeck" + "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08" + rec { + appId = "com.hypixel.HytaleLauncher"; + sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv"; + bundle = "${pkgs.fetchurl { + url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak"; + inherit sha256; + }}"; + } + ]; + }; +} diff --git a/aspects/gaming/hardware.nix b/aspects/gaming/hardware.nix new file mode 100644 index 0000000..f1bd75b --- /dev/null +++ b/aspects/gaming/hardware.nix @@ -0,0 +1,11 @@ +{ ... }: + +{ + flake.modules.nixos.gaming-hardware = { ... }: { + hardware = { + xpadneo.enable = true; + steam-hardware.enable = true; # Allow steam client to manage controllers + graphics.enable32Bit = true; # For OpenGL games + }; + }; +} diff --git a/aspects/gaming/launchers.nix b/aspects/gaming/launchers.nix new file mode 100644 index 0000000..5684f9f --- /dev/null +++ b/aspects/gaming/launchers.nix @@ -0,0 +1,11 @@ +{ ... }: + +{ + flake.modules.nixos.gaming-launchers = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + clonehero + heroic + prismlauncher + ]; + }; +} diff --git a/aspects/gaming/mangohud.nix b/aspects/gaming/mangohud.nix new file mode 100644 index 0000000..7f83644 --- /dev/null +++ b/aspects/gaming/mangohud.nix @@ -0,0 +1,43 @@ +{ ... }: + +{ + flake.modules = { + nixos.gaming-mangohud = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + mangohud + ]; + }; + + homeManager.gaming-mangohud = { config, ... }: { + programs.mangohud = { + enable = true; + enableSessionWide = true; + settings = { + position = "top-left"; + fps = true; + frametime = false; + frame_timing = false; + gpu_stats = true; + gpu_temp = true; + gpu_power = true; + cpu_stats = true; + cpu_temp = true; + cpu_power = true; + ram = true; + vram = true; + gamemode = false; + vkbasalt = false; + version = false; + engine_version = false; + vulkan_driver = false; + wine = false; + time = false; + fps_sampling_period = 500; + toggle_hud = "Shift_L+F12"; + toggle_logging = "Ctrl_L+F2"; + output_folder = "${config.home.homeDirectory}/.local/share/mangohud"; + }; + }; + }; + }; +} diff --git a/aspects/gaming/steam.nix b/aspects/gaming/steam.nix new file mode 100644 index 0000000..e0ab9a8 --- /dev/null +++ b/aspects/gaming/steam.nix @@ -0,0 +1,17 @@ +{ ... }: + +{ + flake.modules.nixos.gaming-steam = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + steam-run + ]; + + programs = { + steam = { + enable = true; + extraCompatPackages = [ pkgs.proton-ge-bin ]; + }; + gamemode.enable = true; + }; + }; +} From 92e16d0032308324b768803b09f696e7b4320a59 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:30 -0300 Subject: [PATCH 142/206] add aspects/programs/ home-manager modules Program categories: graphics, media, office, utilities, web Co-Authored-By: Claude Opus 4.5 --- aspects/programs/graphics.nix | 27 ++++++++++++++ aspects/programs/media.nix | 29 +++++++++++++++ aspects/programs/office.nix | 25 +++++++++++++ aspects/programs/utilities.nix | 65 ++++++++++++++++++++++++++++++++++ aspects/programs/web.nix | 18 ++++++++++ 5 files changed, 164 insertions(+) create mode 100644 aspects/programs/graphics.nix create mode 100644 aspects/programs/media.nix create mode 100644 aspects/programs/office.nix create mode 100644 aspects/programs/utilities.nix create mode 100644 aspects/programs/web.nix diff --git a/aspects/programs/graphics.nix b/aspects/programs/graphics.nix new file mode 100644 index 0000000..1488125 --- /dev/null +++ b/aspects/programs/graphics.nix @@ -0,0 +1,27 @@ +{ ... }: + +{ + flake.modules.nixos.programs-graphics = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + # Image Editing + gimp + inkscape + # CAD & 3D Modeling + plasticity + ]; + + services.flatpak.packages = [ + # Vector Graphics + "com.boxy_svg.BoxySVG" + # 3D Printing / Slicing + rec { + appId = "io.github.softfever.OrcaSlicer"; + sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; + bundle = "${pkgs.fetchurl { + url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; + inherit sha256; + }}"; + } + ]; + }; +} diff --git a/aspects/programs/media.nix b/aspects/programs/media.nix new file mode 100644 index 0000000..8b50b2e --- /dev/null +++ b/aspects/programs/media.nix @@ -0,0 +1,29 @@ +{ ... }: + +{ + flake.modules = { + nixos.programs-media = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + # Audio + decibels + # Video + showtime + # Image Viewer + loupe + # Recording & Streaming + obs-studio + ]; + }; + + homeManager.programs-media = { pkgs, ... }: { + programs.obs-studio = { + enable = true; + plugins = with pkgs.obs-studio-plugins; [ + obs-vkcapture + obs-backgroundremoval + obs-pipewire-audio-capture + ]; + }; + }; + }; +} diff --git a/aspects/programs/office.nix b/aspects/programs/office.nix new file mode 100644 index 0000000..1fc6817 --- /dev/null +++ b/aspects/programs/office.nix @@ -0,0 +1,25 @@ +{ ... }: + +{ + flake.modules.nixos.programs-office = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + # Spelling + aspell + aspellDicts.de + aspellDicts.en + aspellDicts.en-computers + aspellDicts.pt_BR + # Document Viewing + papers + # Presentations + presenterm + # Note Taking & Drawing + rnote + ]; + + services.flatpak.packages = [ + # Office Suite + "com.collabora.Office" + ]; + }; +} diff --git a/aspects/programs/utilities.nix b/aspects/programs/utilities.nix new file mode 100644 index 0000000..15b267f --- /dev/null +++ b/aspects/programs/utilities.nix @@ -0,0 +1,65 @@ +{ ... }: + +{ + flake.modules = { + nixos.programs-utilities = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + # Terminal + ghostty + # File Management + nautilus + gnome-disk-utility + # Archive Tools + p7zip + unrar + # Cloud & Remote + rclone + # System Monitoring + mission-center + # Desktop Integration + adwaita-icon-theme + junction + libfido2 + toggleaudiosink + # Xwayland Support + xwayland-satellite + ]; + + services.flatpak.packages = [ + # Flatpak Management + "com.github.tchx84.Flatseal" + # Remote Desktop + "com.rustdesk.RustDesk" + ]; + }; + + homeManager.programs-utilities = { pkgs, ... }: { + programs = { + ghostty = { + enable = true; + settings = { + cursor-style = "block"; + shell-integration-features = "no-cursor"; + cursor-style-blink = false; + custom-shader = "${builtins.fetchurl { + url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; + sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; + }}"; + bell-features = ""; + gtk-titlebar-style = "tabs"; + keybind = [ "shift+enter=text:\\x1b\\r" ]; + }; + }; + + password-store = { + enable = true; + package = pkgs.pass-wayland; + }; + }; + + home.sessionVariables = { + TERMINAL = "ghostty"; + }; + }; + }; +} diff --git a/aspects/programs/web.nix b/aspects/programs/web.nix new file mode 100644 index 0000000..cc3753b --- /dev/null +++ b/aspects/programs/web.nix @@ -0,0 +1,18 @@ +{ ... }: + +{ + flake.modules.nixos.programs-web = { inputs, pkgs, system, ... }: { + environment.systemPackages = with pkgs; [ + # Browsers + inputs.zen-browser.packages."${system}".default + tor-browser + # Communication + vesktop + # Cloud & Sync + bitwarden-desktop + nextcloud-client + # Downloads + fragments + ]; + }; +} From 5247bbda031902455fd6b7fdf7ca66ab4ab8b708 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:37 -0300 Subject: [PATCH 143/206] add single-file NixOS aspects Standalone NixOS modules: ai, bluetooth, dev, fwupd, libvirtd, networkmanager, podman Co-Authored-By: Claude Opus 4.5 --- aspects/ai.nix | 12 ++++++++++++ aspects/bluetooth.nix | 6 ++++++ aspects/dev.nix | 19 +++++++++++++++++++ aspects/fwupd.nix | 6 ++++++ aspects/libvirtd.nix | 18 ++++++++++++++++++ aspects/networkmanager.nix | 11 +++++++++++ aspects/podman.nix | 15 +++++++++++++++ 7 files changed, 87 insertions(+) create mode 100644 aspects/ai.nix create mode 100644 aspects/bluetooth.nix create mode 100644 aspects/dev.nix create mode 100644 aspects/fwupd.nix create mode 100644 aspects/libvirtd.nix create mode 100644 aspects/networkmanager.nix create mode 100644 aspects/podman.nix diff --git a/aspects/ai.nix b/aspects/ai.nix new file mode 100644 index 0000000..6befeae --- /dev/null +++ b/aspects/ai.nix @@ -0,0 +1,12 @@ +{ ... }: +{ + flake.modules.nixos.ai = { inputs, pkgs, ... }: { + environment.systemPackages = + (with pkgs; [claude-desktop]) ++ + (with inputs.nix-ai-tools.packages.${pkgs.system}; [ + claude-code + claudebox + opencode + ]); + }; +} diff --git a/aspects/bluetooth.nix b/aspects/bluetooth.nix new file mode 100644 index 0000000..222bdf2 --- /dev/null +++ b/aspects/bluetooth.nix @@ -0,0 +1,6 @@ +{ ... }: +{ + flake.modules.nixos.bluetooth = { config, lib, pkgs, ... }: { + hardware.bluetooth.enable = true; + }; +} diff --git a/aspects/dev.nix b/aspects/dev.nix new file mode 100644 index 0000000..cc84646 --- /dev/null +++ b/aspects/dev.nix @@ -0,0 +1,19 @@ +{ ... }: +{ + flake.modules.nixos.dev = { config, lib, pkgs, ... }: { + environment.systemPackages = with pkgs; [ + android-tools + bat + lazygit + fd + fzf + glow + nixfmt + nix-init + nix-output-monitor + ripgrep + ]; + + users.users.user.extraGroups = [ "adbusers" ]; + }; +} diff --git a/aspects/fwupd.nix b/aspects/fwupd.nix new file mode 100644 index 0000000..746f1d0 --- /dev/null +++ b/aspects/fwupd.nix @@ -0,0 +1,6 @@ +{ ... }: +{ + flake.modules.nixos.fwupd = { config, lib, pkgs, ... }: { + services.fwupd.enable = true; + }; +} diff --git a/aspects/libvirtd.nix b/aspects/libvirtd.nix new file mode 100644 index 0000000..6487999 --- /dev/null +++ b/aspects/libvirtd.nix @@ -0,0 +1,18 @@ +{ ... }: +{ + flake.modules.nixos.libvirtd = { config, lib, pkgs, ... }: { + virtualisation = { + libvirtd.enable = true; + spiceUSBRedirection.enable = true; + }; + + programs.virt-manager.enable = true; + + networking.firewall.trustedInterfaces = [ "virbr0" ]; + + users.users.user.extraGroups = [ + "libvirt" + "libvirtd" + ]; + }; +} diff --git a/aspects/networkmanager.nix b/aspects/networkmanager.nix new file mode 100644 index 0000000..74c9260 --- /dev/null +++ b/aspects/networkmanager.nix @@ -0,0 +1,11 @@ +{ ... }: +{ + flake.modules.nixos.networkmanager = { config, lib, pkgs, ... }: { + networking.networkmanager = { + enable = true; + wifi.backend = "iwd"; + }; + + users.users.user.extraGroups = [ "networkmanager" ]; + }; +} diff --git a/aspects/podman.nix b/aspects/podman.nix new file mode 100644 index 0000000..04e7e04 --- /dev/null +++ b/aspects/podman.nix @@ -0,0 +1,15 @@ +{ ... }: +{ + flake.modules.nixos.podman = { config, lib, pkgs, ... }: { + virtualisation.podman = { + enable = true; + autoPrune.enable = true; + extraPackages = [ pkgs.podman-compose ]; + }; + + systemd = { + services.podman-auto-update.enable = true; + timers.podman-auto-update.enable = true; + }; + }; +} From c2302ac9fafef794e5491d78abd93f4732e5d2e6 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:37 -0300 Subject: [PATCH 144/206] add aspects/ephemeral.nix with factory pattern Ephemeral root configuration with impermanence support. Exports both a base module with options and a factory function for generating configured modules. Co-Authored-By: Claude Opus 4.5 --- aspects/ephemeral.nix | 136 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 136 insertions(+) create mode 100644 aspects/ephemeral.nix diff --git a/aspects/ephemeral.nix b/aspects/ephemeral.nix new file mode 100644 index 0000000..724f931 --- /dev/null +++ b/aspects/ephemeral.nix @@ -0,0 +1,136 @@ +# Ephemeral root aspect - provides automatic btrfs root subvolume rollover +# Exports both a base module with options and a factory function for easy configuration +{ inputs, ... }: +{ + # Base module with options (for external flakes or direct use) + flake.modules.nixos.ephemeral = { lib, config, ... }: + let + cfg = config.ephemeral; + in + { + options.ephemeral = { + enable = lib.mkEnableOption "ephemeral root with automatic rollback"; + + rootDevice = lib.mkOption { + type = lib.types.str; + example = "/dev/mapper/cryptroot"; + description = "Device path for the root btrfs filesystem"; + }; + + rootSubvolume = lib.mkOption { + type = lib.types.str; + default = "@root"; + description = "Name of the root btrfs subvolume"; + }; + + oldRootRetentionDays = lib.mkOption { + type = lib.types.int; + default = 30; + description = "Number of days to keep old root snapshots before deletion"; + }; + }; + + config = lib.mkIf cfg.enable { + boot.initrd.systemd.services.recreate-root = { + description = "Rolling over and creating new filesystem root"; + requires = [ "initrd-root-device.target" ]; + after = [ + "local-fs-pre.target" + "initrd-root-device.target" + ]; + requiredBy = [ "initrd-root-fs.target" ]; + before = [ "sysroot.mount" ]; + unitConfig = { + AssertPathExists = "/etc/initrd-release"; + DefaultDependencies = false; + }; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + set -euo pipefail + + mkdir /btrfs_tmp + if ! mount ${cfg.rootDevice} /btrfs_tmp; then + echo "ERROR: Failed to mount ${cfg.rootDevice}" + exit 1 + fi + + if [[ -e /btrfs_tmp/${cfg.rootSubvolume} ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/${cfg.rootSubvolume})" "+%Y-%m-%-d_%H:%M:%S") + mv /btrfs_tmp/${cfg.rootSubvolume} "/btrfs_tmp/old_roots/$timestamp" + fi + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +${toString cfg.oldRootRetentionDays}); do + delete_subvolume_recursively "$i" + done + + if ! btrfs subvolume create /btrfs_tmp/${cfg.rootSubvolume}; then + echo "ERROR: Failed to create subvolume ${cfg.rootSubvolume}" + umount /btrfs_tmp + exit 1 + fi + + umount /btrfs_tmp + ''; + }; + }; + }; + + # Factory function that generates configured modules + flake.factory.ephemeral = + { rootDevice + , rootSubvolume ? "@root" + , retentionDays ? 30 + , persistentStoragePath ? "/persistent" + , persistentFiles ? [ + "/etc/machine-id" + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + ] + , persistentDirectories ? [ + "/etc/NetworkManager/system-connections" + "/etc/nixos" + "/var/lib/bluetooth" + "/var/lib/flatpak" + "/var/lib/lxd" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + "/var/lib/systemd/timers" + "/var/lib/tailscale" + "/var/log" + ] + }: + { ... }: { + imports = [ + inputs.impermanence.nixosModules.impermanence + inputs.self.modules.nixos.ephemeral + ]; + + ephemeral = { + enable = true; + inherit rootDevice rootSubvolume; + oldRootRetentionDays = retentionDays; + }; + + fileSystems."/persistent".neededForBoot = true; + + environment.persistence.main = { + inherit persistentStoragePath; + files = persistentFiles; + directories = persistentDirectories; + }; + }; +} From ad0aa14d143a26d99b1306543c409ab2f582d81c Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:37 -0300 Subject: [PATCH 145/206] add aspects/stylix.nix Stylix theming configuration for NixOS and home-manager Co-Authored-By: Claude Opus 4.5 --- aspects/stylix.nix | 71 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 aspects/stylix.nix diff --git a/aspects/stylix.nix b/aspects/stylix.nix new file mode 100644 index 0000000..e64386f --- /dev/null +++ b/aspects/stylix.nix @@ -0,0 +1,71 @@ +{ ... }: +{ + flake.modules = { + nixos.stylix = { inputs, ... }: { + imports = [ inputs.stylix.nixosModules.stylix ]; + }; + + homeManager.stylix = { config, inputs, pkgs, ... }: { + imports = [ + inputs.stylix.homeManagerModules.stylix + inputs.zen-browser.homeModules.beta + ]; + + stylix = { + enable = true; + polarity = "dark"; + base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyodark.yaml"; + cursor = { + package = pkgs.kdePackages.breeze; + name = "breeze_cursors"; + size = 24; + }; + icons = { + enable = true; + package = pkgs.morewaita-icon-theme; + light = "MoreWaita"; + dark = "MoreWaita"; + }; + opacity = { + applications = 1.0; + desktop = 1.0; + popups = config.stylix.opacity.desktop; + terminal = 1.0; + }; + fonts = { + serif = { + package = pkgs.source-serif; + name = "Source Serif 4 Display"; + }; + sansSerif = { + package = pkgs.inter; + name = "Inter"; + }; + monospace = { + package = pkgs.nerd-fonts.fira-code; + name = "FiraCode Nerd Font"; + }; + emoji = { + package = pkgs.noto-fonts-color-emoji; + name = "Noto Color Emoji"; + }; + sizes = { + applications = 10; + desktop = config.stylix.fonts.sizes.applications; + popups = config.stylix.fonts.sizes.applications; + terminal = 12; + }; + }; + targets.zen-browser = { + enable = true; + profileNames = [ "william" ]; + }; + }; + + programs.zen-browser = { + enable = true; + profiles.william = { }; + }; + }; + }; +} From 25c69e3c18150efc5ef045a18a11d1878c68a1f5 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:50 -0300 Subject: [PATCH 146/206] add aspects/hosts/ configurations Host-specific NixOS configurations for: - alexandria (server) - io (desktop) - rotterdam (desktop) - trantor (server, aarch64) Each host has a main config file and _hostname/ directory with hardware-configuration and other host-specific modules. Co-Authored-By: Claude Opus 4.5 --- .../_alexandria/hardware-configuration.nix | 49 ++++++++++ aspects/hosts/_alexandria/jellyfin.nix | 15 +++ aspects/hosts/_alexandria/kanidm.nix | 83 ++++++++++++++++ aspects/hosts/_alexandria/nextcloud.nix | 97 +++++++++++++++++++ aspects/hosts/_alexandria/nginx.nix | 59 +++++++++++ aspects/hosts/_alexandria/unbound.nix | 58 +++++++++++ aspects/hosts/_alexandria/vaultwarden.nix | 26 +++++ aspects/hosts/_io/boot.nix | 14 +++ aspects/hosts/_io/disko.nix | 79 +++++++++++++++ aspects/hosts/_io/hardware-configuration.nix | 37 +++++++ aspects/hosts/_io/programs.nix | 27 ++++++ aspects/hosts/_io/services.nix | 61 ++++++++++++ aspects/hosts/_rotterdam/boot.nix | 31 ++++++ .../_rotterdam/hardware-configuration.nix | 82 ++++++++++++++++ aspects/hosts/_rotterdam/hardware.nix | 8 ++ aspects/hosts/_rotterdam/programs.nix | 31 ++++++ aspects/hosts/_rotterdam/services.nix | 11 +++ aspects/hosts/_trantor/boot.nix | 6 ++ aspects/hosts/_trantor/disko.nix | 64 ++++++++++++ aspects/hosts/_trantor/fail2ban.nix | 23 +++++ aspects/hosts/_trantor/forgejo.nix | 72 ++++++++++++++ .../hosts/_trantor/hardware-configuration.nix | 20 ++++ aspects/hosts/_trantor/networking.nix | 8 ++ aspects/hosts/_trantor/nginx.nix | 61 ++++++++++++ aspects/hosts/_trantor/openssh.nix | 23 +++++ aspects/hosts/_trantor/unbound.nix | 58 +++++++++++ aspects/hosts/alexandria.nix | 42 ++++++++ aspects/hosts/io.nix | 51 ++++++++++ aspects/hosts/rotterdam.nix | 56 +++++++++++ aspects/hosts/trantor.nix | 46 +++++++++ 30 files changed, 1298 insertions(+) create mode 100644 aspects/hosts/_alexandria/hardware-configuration.nix create mode 100644 aspects/hosts/_alexandria/jellyfin.nix create mode 100644 aspects/hosts/_alexandria/kanidm.nix create mode 100644 aspects/hosts/_alexandria/nextcloud.nix create mode 100644 aspects/hosts/_alexandria/nginx.nix create mode 100644 aspects/hosts/_alexandria/unbound.nix create mode 100644 aspects/hosts/_alexandria/vaultwarden.nix create mode 100644 aspects/hosts/_io/boot.nix create mode 100644 aspects/hosts/_io/disko.nix create mode 100644 aspects/hosts/_io/hardware-configuration.nix create mode 100644 aspects/hosts/_io/programs.nix create mode 100644 aspects/hosts/_io/services.nix create mode 100644 aspects/hosts/_rotterdam/boot.nix create mode 100644 aspects/hosts/_rotterdam/hardware-configuration.nix create mode 100644 aspects/hosts/_rotterdam/hardware.nix create mode 100644 aspects/hosts/_rotterdam/programs.nix create mode 100644 aspects/hosts/_rotterdam/services.nix create mode 100644 aspects/hosts/_trantor/boot.nix create mode 100644 aspects/hosts/_trantor/disko.nix create mode 100644 aspects/hosts/_trantor/fail2ban.nix create mode 100644 aspects/hosts/_trantor/forgejo.nix create mode 100644 aspects/hosts/_trantor/hardware-configuration.nix create mode 100644 aspects/hosts/_trantor/networking.nix create mode 100644 aspects/hosts/_trantor/nginx.nix create mode 100644 aspects/hosts/_trantor/openssh.nix create mode 100644 aspects/hosts/_trantor/unbound.nix create mode 100644 aspects/hosts/alexandria.nix create mode 100644 aspects/hosts/io.nix create mode 100644 aspects/hosts/rotterdam.nix create mode 100644 aspects/hosts/trantor.nix diff --git a/aspects/hosts/_alexandria/hardware-configuration.nix b/aspects/hosts/_alexandria/hardware-configuration.nix new file mode 100644 index 0000000..63ecba5 --- /dev/null +++ b/aspects/hosts/_alexandria/hardware-configuration.nix @@ -0,0 +1,49 @@ +{ + config, + lib, + modulesPath, + ... +}: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot = { + initrd = { + availableKernelModules = [ + "xhci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/31289617-1d84-4432-a833-680b52e88525"; + fsType = "ext4"; + }; + "/boot" = { + device = "/dev/disk/by-uuid/4130-BE54"; + fsType = "vfat"; + }; + }; + + swapDevices = [ + { + device = "/swapfile"; + size = 8192; + } + ]; + + networking.useDHCP = lib.mkDefault true; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/aspects/hosts/_alexandria/jellyfin.nix b/aspects/hosts/_alexandria/jellyfin.nix new file mode 100644 index 0000000..591403d --- /dev/null +++ b/aspects/hosts/_alexandria/jellyfin.nix @@ -0,0 +1,15 @@ +{ lib, inputs, ... }: +let + utils = import ../../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in +{ + services.jellyfin = { + enable = true; + openFirewall = true; + }; + + services.nginx.virtualHosts = mkNginxVHosts { + domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; + }; +} diff --git a/aspects/hosts/_alexandria/kanidm.nix b/aspects/hosts/_alexandria/kanidm.nix new file mode 100644 index 0000000..d51eb14 --- /dev/null +++ b/aspects/hosts/_alexandria/kanidm.nix @@ -0,0 +1,83 @@ +{ + config, + lib, + inputs, + pkgs, + ... +}: + +let + utils = import ../../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; + kanidmCertDir = "/var/lib/kanidm/certs"; +in + +{ + services.kanidm = { + enableServer = true; + enableClient = true; + package = pkgs.kanidm; + + serverSettings = { + domain = "auth.baduhai.dev"; + origin = "https://auth.baduhai.dev"; + bindaddress = "127.0.0.1:8443"; + ldapbindaddress = "127.0.0.1:636"; + trust_x_forward_for = true; + # Use self-signed certificates for internal TLS + tls_chain = "${kanidmCertDir}/cert.pem"; + tls_key = "${kanidmCertDir}/key.pem"; + }; + + clientSettings = { + uri = "https://auth.baduhai.dev"; + }; + }; + + services.nginx.virtualHosts = mkNginxVHosts { + domains."auth.baduhai.dev" = { + locations."/" = { + proxyPass = "https://127.0.0.1:8443"; + extraConfig = '' + proxy_ssl_verify off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + ''; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 636 ]; + + # Generate self-signed certificates for kanidm's internal TLS + systemd.services.kanidm-generate-certs = { + description = "Generate self-signed TLS certificates for Kanidm"; + wantedBy = [ "multi-user.target" ]; + before = [ "kanidm.service" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + mkdir -p ${kanidmCertDir} + if [ ! -f ${kanidmCertDir}/key.pem ]; then + ${pkgs.openssl}/bin/openssl req -x509 -newkey rsa:4096 \ + -keyout ${kanidmCertDir}/key.pem \ + -out ${kanidmCertDir}/cert.pem \ + -days 3650 -nodes \ + -subj "/CN=localhost" \ + -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" + chown -R kanidm:kanidm ${kanidmCertDir} + chmod 600 ${kanidmCertDir}/key.pem + chmod 644 ${kanidmCertDir}/cert.pem + fi + ''; + }; + + # Ensure certificate generation runs before kanidm starts + systemd.services.kanidm = { + after = [ "kanidm-generate-certs.service" ]; + wants = [ "kanidm-generate-certs.service" ]; + }; +} diff --git a/aspects/hosts/_alexandria/nextcloud.nix b/aspects/hosts/_alexandria/nextcloud.nix new file mode 100644 index 0000000..9d69199 --- /dev/null +++ b/aspects/hosts/_alexandria/nextcloud.nix @@ -0,0 +1,97 @@ +{ + lib, + config, + pkgs, + inputs, + ... +}: + +let + utils = import ../../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in + +{ + services = { + nextcloud = { + enable = true; + package = pkgs.nextcloud32; + datadir = "/data/nextcloud"; + hostName = "cloud.baduhai.dev"; + configureRedis = true; + https = true; + secretFile = config.age.secrets."nextcloud-secrets.json".path; + database.createLocally = true; + maxUploadSize = "16G"; + extraApps = { + inherit (config.services.nextcloud.package.packages.apps) + calendar + contacts + notes + tasks + user_oidc + ; + }; + extraAppsEnable = true; + caching = { + apcu = true; + redis = true; + }; + settings = { + trusted_proxies = [ "127.0.0.1" ]; + default_phone_region = "BR"; + maintenance_window_start = "4"; + allow_local_remote_servers = true; + enabledPreviewProviders = [ + "OC\\Preview\\BMP" + "OC\\Preview\\EMF" + "OC\\Preview\\Font" + "OC\\Preview\\GIF" + "OC\\Preview\\HEIC" + "OC\\Preview\\Illustrator" + "OC\\Preview\\JPEG" + "OC\\Preview\\Krita" + "OC\\Preview\\MarkDown" + "OC\\Preview\\Movie" + "OC\\Preview\\MP3" + "OC\\Preview\\MSOffice2003" + "OC\\Preview\\MSOffice2007" + "OC\\Preview\\MSOfficeDoc" + "OC\\Preview\\OpenDocument" + "OC\\Preview\\PDF" + "OC\\Preview\\Photoshop" + "OC\\Preview\\PNG" + "OC\\Preview\\Postscript" + "OC\\Preview\\SVG" + "OC\\Preview\\TIFF" + "OC\\Preview\\TXT" + "OC\\Preview\\XBitmap" + ]; + }; + config = { + dbtype = "pgsql"; + adminpassFile = config.age.secrets.nextcloud-adminpass.path; + }; + phpOptions = { + "opcache.interned_strings_buffer" = "16"; + }; + }; + + nginx.virtualHosts = mkNginxVHosts { + domains."cloud.baduhai.dev" = { }; + }; + }; + + age.secrets = { + "nextcloud-secrets.json" = { + file = ../../../secrets/nextcloud-secrets.json.age; + owner = "nextcloud"; + group = "nextcloud"; + }; + nextcloud-adminpass = { + file = ../../../secrets/nextcloud-adminpass.age; + owner = "nextcloud"; + group = "nextcloud"; + }; + }; +} diff --git a/aspects/hosts/_alexandria/nginx.nix b/aspects/hosts/_alexandria/nginx.nix new file mode 100644 index 0000000..19258dd --- /dev/null +++ b/aspects/hosts/_alexandria/nginx.nix @@ -0,0 +1,59 @@ +{ + config, + lib, + inputs, + ... +}: + +let + utils = import ../../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts services; + + # Get all unique domains from shared services that have LAN IPs (served by this host) + localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "alexandria") services)); + + # Generate ACME cert configs for all local domains + acmeCerts = lib.genAttrs localDomains (domain: { + group = "nginx"; + }); +in + +{ + security.acme = { + acceptTerms = true; + defaults = { + email = "baduhai@proton.me"; + dnsResolver = "1.1.1.1:53"; + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.cloudflare.path; + }; + certs = acmeCerts; + }; + + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = { + "_" = { + default = true; + locations."/".return = "444"; + }; + }; + }; + + users.users.nginx.extraGroups = [ "acme" ]; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + + age.secrets.cloudflare = { + file = ../../../secrets/cloudflare.age; + owner = "nginx"; + group = "nginx"; + }; +} diff --git a/aspects/hosts/_alexandria/unbound.nix b/aspects/hosts/_alexandria/unbound.nix new file mode 100644 index 0000000..6e46cdd --- /dev/null +++ b/aspects/hosts/_alexandria/unbound.nix @@ -0,0 +1,58 @@ +{ inputs, lib, ... }: + +let + utils = import ../../../utils.nix { inherit inputs lib; }; +in + +{ + services.unbound = { + enable = true; + enableRootTrustAnchor = true; + settings = { + server = { + interface = [ + "0.0.0.0" + "::" + ]; + access-control = [ + "127.0.0.0/8 allow" + "192.168.0.0/16 allow" + "::1/128 allow" + ]; + + num-threads = 2; + msg-cache-size = "50m"; + rrset-cache-size = "100m"; + cache-min-ttl = 300; + cache-max-ttl = 86400; + prefetch = true; + prefetch-key = true; + hide-identity = true; + hide-version = true; + so-rcvbuf = "1m"; + so-sndbuf = "1m"; + + # LAN-only DNS records + local-zone = ''"baduhai.dev." transparent''; + local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') + (lib.filter (e: e ? lanIP) utils.services); + }; + + forward-zone = [ + { + name = "."; + forward-addr = [ + "1.1.1.1@853#cloudflare-dns.com" + "1.0.0.1@853#cloudflare-dns.com" + ]; + forward-tls-upstream = true; + } + ]; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; +} diff --git a/aspects/hosts/_alexandria/vaultwarden.nix b/aspects/hosts/_alexandria/vaultwarden.nix new file mode 100644 index 0000000..81e65b1 --- /dev/null +++ b/aspects/hosts/_alexandria/vaultwarden.nix @@ -0,0 +1,26 @@ +{ + config, + lib, + inputs, + ... +}: +let + utils = import ../../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in +{ + services.vaultwarden = { + enable = true; + config = { + DOMAIN = "https://pass.baduhai.dev"; + SIGNUPS_ALLOWED = false; + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 58222; + }; + }; + + services.nginx.virtualHosts = mkNginxVHosts { + domains."pass.baduhai.dev".locations."/".proxyPass = + "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; + }; +} diff --git a/aspects/hosts/_io/boot.nix b/aspects/hosts/_io/boot.nix new file mode 100644 index 0000000..326f7dc --- /dev/null +++ b/aspects/hosts/_io/boot.nix @@ -0,0 +1,14 @@ +{ + boot = { + # TODO check if future kernel versions fix boot issue with systemd initrd with tpm + initrd.systemd.tpm2.enable = false; + kernelParams = [ + "nosgx" + "i915.fastboot=1" + "mem_sleep_default=deep" + ]; + extraModprobeConfig = '' + options snd-intel-dspcfg dsp_driver=3 + ''; + }; +} diff --git a/aspects/hosts/_io/disko.nix b/aspects/hosts/_io/disko.nix new file mode 100644 index 0000000..4e6c9d5 --- /dev/null +++ b/aspects/hosts/_io/disko.nix @@ -0,0 +1,79 @@ +{ inputs, ... }: + +{ + imports = [ inputs.disko.nixosModules.default ]; + + disko.devices.disk.main = { + type = "disk"; + device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689"; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1MiB"; + end = "1GiB"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot/efi"; + mountOptions = [ + "noatime" + "fmask=0077" + "dmask=0077" + ]; + }; + }; + cryptroot = { + priority = 2; + name = "root"; + size = "100%"; + content = { + type = "luks"; + name = "cryptroot"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "@root" = { + mountpoint = "/"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@root" + ]; + }; + "@home" = { + mountpoint = "/home"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@home" + ]; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@nix" + ]; + }; + "@persistent" = { + mountpoint = "/persistent"; + mountOptions = [ + "noatime" + "compress=zstd" + "subvol=@persistent" + ]; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/aspects/hosts/_io/hardware-configuration.nix b/aspects/hosts/_io/hardware-configuration.nix new file mode 100644 index 0000000..8e4dae4 --- /dev/null +++ b/aspects/hosts/_io/hardware-configuration.nix @@ -0,0 +1,37 @@ +{ + config, + lib, + modulesPath, + inputs, + ... +}: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot = { + initrd = { + availableKernelModules = [ + "xhci_pci" + "ahci" + "usb_storage" + "sd_mod" + "sdhci_pci" + ]; + }; + kernelModules = [ "kvm-intel" ]; + }; + + zramSwap = { + enable = true; + memoryPercent = 100; + }; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/aspects/hosts/_io/programs.nix b/aspects/hosts/_io/programs.nix new file mode 100644 index 0000000..e272d22 --- /dev/null +++ b/aspects/hosts/_io/programs.nix @@ -0,0 +1,27 @@ +{ pkgs, ... }: + +let + cml-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs { + wttsrc = pkgs.fetchFromGitHub { + owner = "WeirdTreeThing"; + repo = "chromebook-ucm-conf"; + rev = "b6ce2a7"; + hash = "sha256-QRUKHd3RQmg1tnZU8KCW0AmDtfw/daOJ/H3XU5qWTCc="; + }; + postInstall = '' + echo "v0.4.1" > $out/chromebook.patched + cp -R $wttsrc/{common,codecs,platforms} $out/share/alsa/ucm2 + cp -R $wttsrc/{cml,sof-rt5682} $out/share/alsa/ucm2/conf.d + ''; + }; +in + +{ + environment = { + systemPackages = with pkgs; [ + maliit-keyboard + sof-firmware + ]; + sessionVariables.ALSA_CONFIG_UCM2 = "${cml-ucm-conf}/share/alsa/ucm2"; + }; +} diff --git a/aspects/hosts/_io/services.nix b/aspects/hosts/_io/services.nix new file mode 100644 index 0000000..df41a6f --- /dev/null +++ b/aspects/hosts/_io/services.nix @@ -0,0 +1,61 @@ +{ pkgs, ... }: + +{ + services = { + keyd = { + enable = true; + keyboards.main = { + ids = [ "0001:0001" ]; + settings = { + main = { + meta = "overload(meta, esc)"; + f1 = "back"; + f2 = "forward"; + f3 = "refresh"; + f4 = "M-f11"; + f5 = "M-w"; + f6 = "brightnessdown"; + f7 = "brightnessup"; + f8 = "timeout(mute, 200, micmute)"; + f9 = "play"; + f10 = "timeout(nextsong, 200, previoussong)"; + f13 = "delete"; + "102nd" = "layer(function)"; + }; + shift = { + leftshift = "capslock"; + rightshift = "capslock"; + }; + function = { + escape = "f1"; + f1 = "f2"; + f2 = "f3"; + f3 = "f4"; + f4 = "f5"; + f5 = "f6"; + f6 = "f7"; + f7 = "f8"; + f8 = "f9"; + f9 = "f10"; + f10 = "f11"; + f13 = "f12"; + y = "sysrq"; + k = "home"; + l = "pageup"; + "," = "end"; + "." = "pagedown"; + }; + }; + }; + }; + upower.enable = true; + power-profiles-daemon.enable = true; + }; + + # TODO: remove once gmodena/nix-flatpak/issues/45 fixed + systemd.services."flatpak-managed-install" = { + serviceConfig = { + ExecStartPre = "${pkgs.coreutils}/bin/sleep 5"; + }; + }; +} diff --git a/aspects/hosts/_rotterdam/boot.nix b/aspects/hosts/_rotterdam/boot.nix new file mode 100644 index 0000000..d038ede --- /dev/null +++ b/aspects/hosts/_rotterdam/boot.nix @@ -0,0 +1,31 @@ +{ pkgs, ... }: + +let + qubesnsh = pkgs.writeTextFile { + name = "qubes.nsh"; + text = "HD1f65535a1:EFI\\qubes\\grubx64.efi"; + }; +in + +{ + boot = { + kernelParams = [ + "processor.max_cstate=1" # Fixes bug where ryzen cpus freeze when in highest C state + "clearcpuid=514" + "amdgpu.ppfeaturemask=0xfffd3fff" # Fixes amdgpu freezing + ]; + # QubesOS boot entry + loader.systemd-boot = { + extraFiles = { + "efi/edk2-shell/shell.efi" = "${pkgs.edk2-uefi-shell}/shell.efi"; + "qubes.nsh" = qubesnsh; + }; + extraEntries."qubes.conf" = '' + title Qubes OS + efi /efi/edk2-shell/shell.efi + options -nointerrupt qubes.nsh + sort-key ab + ''; + }; + }; +} diff --git a/aspects/hosts/_rotterdam/hardware-configuration.nix b/aspects/hosts/_rotterdam/hardware-configuration.nix new file mode 100644 index 0000000..169c53f --- /dev/null +++ b/aspects/hosts/_rotterdam/hardware-configuration.nix @@ -0,0 +1,82 @@ +{ + config, + lib, + modulesPath, + ... +}: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot = { + initrd = { + availableKernelModules = [ + "amdgpu" + "nvme" + "xhci_pci" + "ahci" + "usbhid" + "sd_mod" + ]; + luks.devices."cryptroot" = { + device = "/dev/disk/by-uuid/f7dd4142-7109-4493-834d-4a831777f08d"; + keyFile = "/dev/disk/by-partuuid/add5fc14-e20f-48be-8b2a-0799ef04d3cb"; + }; + }; + kernelModules = [ "kvm-amd" ]; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; + fsType = "btrfs"; + options = [ + "subvol=@root" + "noatime" + "compress=zstd" + ]; + }; + "/home" = { + device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; + fsType = "btrfs"; + options = [ + "subvol=@home" + "noatime" + "compress=zstd" + ]; + }; + "/boot/efi" = { + device = "/dev/disk/by-uuid/F2A2-CF5A"; + fsType = "vfat"; + options = [ + "noatime" + "fmask=0077" + "dmask=0077" + ]; + }; + "/nix" = { + device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; + fsType = "btrfs"; + options = [ + "subvol=@nix" + "noatime" + "compress=zstd" + ]; + }; + "/persistent" = { + device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; + fsType = "btrfs"; + options = [ + "subvol=@persistent" + "noatime" + "compress=zstd" + ]; + }; + }; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/aspects/hosts/_rotterdam/hardware.nix b/aspects/hosts/_rotterdam/hardware.nix new file mode 100644 index 0000000..6f76e99 --- /dev/null +++ b/aspects/hosts/_rotterdam/hardware.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: + +{ + hardware = { + amdgpu.opencl.enable = true; + graphics.extraPackages = with pkgs; [ rocmPackages.clr.icd ]; + }; +} diff --git a/aspects/hosts/_rotterdam/programs.nix b/aspects/hosts/_rotterdam/programs.nix new file mode 100644 index 0000000..b4dcfd9 --- /dev/null +++ b/aspects/hosts/_rotterdam/programs.nix @@ -0,0 +1,31 @@ +{ pkgs, ... }: + +let + reboot-into-qubes = pkgs.makeDesktopItem { + name = "reboot-into-qubes"; + icon = pkgs.fetchurl { + url = "https://raw.githubusercontent.com/vinceliuice/Qogir-icon-theme/31f267e1f5fd4e9596bfd78dfb41a03d3a9f33ee/src/scalable/apps/distributor-logo-qubes.svg"; + sha256 = "sha256-QbHr7s5Wcs7uFtfqZctMyS0iDbMfiiZOKy2nHhDOfn0="; + }; + desktopName = "Qubes OS"; + genericName = "Reboot into Qubes OS"; + categories = [ "System" ]; + startupNotify = true; + exec = pkgs.writeShellScript "reboot-into-qubes" '' + ${pkgs.yad}/bin/yad --form \ + --title="Qubes OS" \ + --image distributor-logo-qubes \ + --text "Are you sure you want to reboot into Qubes OS?" \ + --button="Yes:0" --button="Cancel:1" + if [ $? -eq 0 ]; then + systemctl reboot --boot-loader-entry=qubes.conf + fi + ''; + }; +in + +{ + environment.systemPackages = [ reboot-into-qubes ]; + + programs.steam.dedicatedServer.openFirewall = true; +} diff --git a/aspects/hosts/_rotterdam/services.nix b/aspects/hosts/_rotterdam/services.nix new file mode 100644 index 0000000..0bf276f --- /dev/null +++ b/aspects/hosts/_rotterdam/services.nix @@ -0,0 +1,11 @@ +{ + services.keyd = { + enable = true; + keyboards.main = { + ids = [ "5653:0001" ]; + settings.main = { + esc = "overload(meta, esc)"; + }; + }; + }; +} diff --git a/aspects/hosts/_trantor/boot.nix b/aspects/hosts/_trantor/boot.nix new file mode 100644 index 0000000..0498818 --- /dev/null +++ b/aspects/hosts/_trantor/boot.nix @@ -0,0 +1,6 @@ +{ + boot = { + initrd.systemd.enable = true; + loader.efi.efiSysMountPoint = "/boot/efi"; + }; +} diff --git a/aspects/hosts/_trantor/disko.nix b/aspects/hosts/_trantor/disko.nix new file mode 100644 index 0000000..0e47058 --- /dev/null +++ b/aspects/hosts/_trantor/disko.nix @@ -0,0 +1,64 @@ +{ inputs, ... }: + +{ + imports = [ inputs.disko.nixosModules.default ]; + + disko.devices.disk.main = { + type = "disk"; + device = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20"; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1MiB"; + end = "512MiB"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot/efi"; + mountOptions = [ + "noatime" + "fmask=0077" + "dmask=0077" + ]; + }; + }; + root = { + priority = 2; + name = "root"; + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "@root" = { + mountpoint = "/"; + mountOptions = [ + "noatime" + "compress=zstd" + ]; + }; + "@nix" = { + mountpoint = "/nix"; + mountOptions = [ + "noatime" + "compress=zstd" + ]; + }; + "@persistent" = { + mountpoint = "/persistent"; + mountOptions = [ + "noatime" + "compress=zstd" + ]; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/aspects/hosts/_trantor/fail2ban.nix b/aspects/hosts/_trantor/fail2ban.nix new file mode 100644 index 0000000..bc05139 --- /dev/null +++ b/aspects/hosts/_trantor/fail2ban.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: + +{ + services.fail2ban = { + enable = true; + maxretry = 5; + ignoreIP = [ + "127.0.0.0/8" + "::1" + "10.0.0.0/8" + "172.16.0.0/12" + "192.168.0.0/16" + "100.64.0.0/10" + ]; + bantime = "1h"; + bantime-increment = { + enable = true; + multipliers = "1 2 4 8 16 32 64"; + maxtime = "10000h"; + overalljails = true; + }; + }; +} diff --git a/aspects/hosts/_trantor/forgejo.nix b/aspects/hosts/_trantor/forgejo.nix new file mode 100644 index 0000000..e6b2159 --- /dev/null +++ b/aspects/hosts/_trantor/forgejo.nix @@ -0,0 +1,72 @@ +{ + config, + lib, + inputs, + ... +}: + +let + utils = import ../../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in + +{ + services = { + forgejo = { + enable = true; + settings = { + session.COOKIE_SECURE = true; + server = { + PROTOCOL = "http+unix"; + DOMAIN = "git.baduhai.dev"; + ROOT_URL = "https://git.baduhai.dev"; + OFFLINE_MODE = true; # disable use of CDNs + SSH_DOMAIN = "git.baduhai.dev"; + }; + log.LEVEL = "Warn"; + mailer.ENABLED = false; + actions.ENABLED = false; + service.DISABLE_REGISTRATION = true; + oauth2_client = { + ENABLE_AUTO_REGISTRATION = true; + UPDATE_AVATAR = true; + ACCOUNT_LINKING = "login"; + USERNAME = "preferred_username"; + }; + }; + }; + nginx.virtualHosts = mkNginxVHosts { + domains."git.baduhai.dev".locations."/".proxyPass = + "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; + }; + fail2ban.jails.forgejo = { + settings = { + enabled = true; + filter = "forgejo"; + maxretry = 3; + findtime = "10m"; + bantime = "1h"; + }; + }; + }; + + environment = { + etc."fail2ban/filter.d/forgejo.conf".text = '' + [Definition] + failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from + ignoreregex = + journalmatch = _SYSTEMD_UNIT=forgejo.service + ''; + + persistence.main.directories = [ + { + directory = config.services.forgejo.stateDir; + inherit (config.services.forgejo) user group; + mode = "0700"; + } + ]; + }; + + # Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories + systemd.services.forgejo.serviceConfig.PrivateMounts = lib.mkForce false; +} diff --git a/aspects/hosts/_trantor/hardware-configuration.nix b/aspects/hosts/_trantor/hardware-configuration.nix new file mode 100644 index 0000000..039129e --- /dev/null +++ b/aspects/hosts/_trantor/hardware-configuration.nix @@ -0,0 +1,20 @@ +{ + lib, + modulesPath, + ... +}: + +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "virtio_pci" + "virtio_scsi" + "usbhid" + ]; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} diff --git a/aspects/hosts/_trantor/networking.nix b/aspects/hosts/_trantor/networking.nix new file mode 100644 index 0000000..4dcbe1e --- /dev/null +++ b/aspects/hosts/_trantor/networking.nix @@ -0,0 +1,8 @@ +{ + networking = { + firewall = { + allowedTCPPorts = [ 25566 ]; + allowedUDPPorts = [ 25566 ]; + }; + }; +} diff --git a/aspects/hosts/_trantor/nginx.nix b/aspects/hosts/_trantor/nginx.nix new file mode 100644 index 0000000..1fd6b5c --- /dev/null +++ b/aspects/hosts/_trantor/nginx.nix @@ -0,0 +1,61 @@ +{ + config, + lib, + inputs, + ... +}: + +let + utils = import ../../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts services; + + # Get all unique domains from shared services on trantor (host = "trantor") + localDomains = lib.unique ( + map (s: s.domain) (lib.filter (s: s.host == "trantor") services) + ); + + # Generate ACME cert configs for all local domains + acmeCerts = lib.genAttrs localDomains (domain: { + group = "nginx"; + }); +in + +{ + security.acme = { + acceptTerms = true; + defaults = { + email = "baduhai@proton.me"; + dnsResolver = "1.1.1.1:53"; + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.cloudflare.path; + }; + certs = acmeCerts; + }; + + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = { + "_" = { + default = true; + locations."/".return = "444"; + }; + }; + }; + + users.users.nginx.extraGroups = [ "acme" ]; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + + age.secrets.cloudflare = { + file = ../../../secrets/cloudflare.age; + owner = "nginx"; + group = "nginx"; + }; +} diff --git a/aspects/hosts/_trantor/openssh.nix b/aspects/hosts/_trantor/openssh.nix new file mode 100644 index 0000000..704b3df --- /dev/null +++ b/aspects/hosts/_trantor/openssh.nix @@ -0,0 +1,23 @@ +{ ... }: + +{ + services = { + openssh = { + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; + fail2ban.jails.sshd = { + settings = { + enabled = true; + port = "ssh"; + filter = "sshd"; + logpath = "/var/log/auth.log"; + maxretry = 3; + findtime = "10m"; + bantime = "1h"; + }; + }; + }; +} diff --git a/aspects/hosts/_trantor/unbound.nix b/aspects/hosts/_trantor/unbound.nix new file mode 100644 index 0000000..367c2c8 --- /dev/null +++ b/aspects/hosts/_trantor/unbound.nix @@ -0,0 +1,58 @@ +{ inputs, lib, ... }: + +let + utils = import ../../../utils.nix { inherit inputs lib; }; +in + +{ + services.unbound = { + enable = true; + enableRootTrustAnchor = true; + settings = { + server = { + interface = [ + "0.0.0.0" + "::" + ]; + access-control = [ + "127.0.0.0/8 allow" + "100.64.0.0/10 allow" # Tailscale CGNAT range + "::1/128 allow" + "fd7a:115c:a1e0::/48 allow" # Tailscale IPv6 + ]; + + num-threads = 2; + msg-cache-size = "50m"; + rrset-cache-size = "100m"; + cache-min-ttl = 300; + cache-max-ttl = 86400; + prefetch = true; + prefetch-key = true; + hide-identity = true; + hide-version = true; + so-rcvbuf = "1m"; + so-sndbuf = "1m"; + + # Tailnet DNS records from shared services + local-zone = ''"baduhai.dev." transparent''; + local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') utils.services; + }; + + forward-zone = [ + { + name = "."; + forward-addr = [ + "1.1.1.1@853#cloudflare-dns.com" + "1.0.0.1@853#cloudflare-dns.com" + ]; + forward-tls-upstream = true; + } + ]; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; +} diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix new file mode 100644 index 0000000..28a367d --- /dev/null +++ b/aspects/hosts/alexandria.nix @@ -0,0 +1,42 @@ +{ inputs, ... }: +{ + flake.nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "alexandria"; } + { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale + inputs.self.modules.nixos.common-users + + # Server aspects + inputs.self.modules.nixos.server-boot + inputs.self.modules.nixos.server-nix + inputs.self.modules.nixos.server-tailscale + + # Other aspects based on tags + inputs.self.modules.nixos.fwupd + + # Host-specific files (from _alexandria/) + ./_alexandria/hardware-configuration.nix + ./_alexandria/jellyfin.nix + ./_alexandria/kanidm.nix + ./_alexandria/nextcloud.nix + ./_alexandria/nginx.nix + ./_alexandria/unbound.nix + ./_alexandria/vaultwarden.nix + ]; + }; +} diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix new file mode 100644 index 0000000..1d7f15a --- /dev/null +++ b/aspects/hosts/io.nix @@ -0,0 +1,51 @@ +{ inputs, ... }: +{ + flake.nixosConfigurations.io = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "io"; } + { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale + inputs.self.modules.nixos.common-users + + # Desktop aspects + inputs.self.modules.nixos.desktop-boot + inputs.self.modules.nixos.desktop-desktop + inputs.self.modules.nixos.desktop-nix + inputs.self.modules.nixos.desktop-services + + # Other aspects based on tags + inputs.self.modules.nixos.ai + inputs.self.modules.nixos.bluetooth + inputs.self.modules.nixos.dev + inputs.self.modules.nixos.libvirtd + inputs.self.modules.nixos.networkmanager + inputs.self.modules.nixos.podman + + # Factory-generated ephemeral module + (inputs.self.factory.ephemeral { + rootDevice = "/dev/mapper/cryptroot"; + }) + + # Host-specific files (from _io/) + ./_io/hardware-configuration.nix + ./_io/disko.nix + ./_io/boot.nix + ./_io/programs.nix + ./_io/services.nix + ]; + }; +} diff --git a/aspects/hosts/rotterdam.nix b/aspects/hosts/rotterdam.nix new file mode 100644 index 0000000..e9d3f18 --- /dev/null +++ b/aspects/hosts/rotterdam.nix @@ -0,0 +1,56 @@ +{ inputs, ... }: +{ + flake.nixosConfigurations.rotterdam = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "rotterdam"; } + { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale + inputs.self.modules.nixos.common-users + + # Desktop aspects + inputs.self.modules.nixos.desktop-boot + inputs.self.modules.nixos.desktop-desktop + inputs.self.modules.nixos.desktop-nix + inputs.self.modules.nixos.desktop-services + + # Other aspects based on tags + inputs.self.modules.nixos.ai + inputs.self.modules.nixos.bluetooth + inputs.self.modules.nixos.dev + inputs.self.modules.nixos.fwupd + inputs.self.modules.nixos.gaming-steam + inputs.self.modules.nixos.gaming-hardware + inputs.self.modules.nixos.gaming-flatpak + inputs.self.modules.nixos.gaming-launchers + inputs.self.modules.nixos.libvirtd + inputs.self.modules.nixos.networkmanager + inputs.self.modules.nixos.podman + + # Factory-generated ephemeral module + (inputs.self.factory.ephemeral { + rootDevice = "/dev/mapper/cryptroot"; + }) + + # Host-specific files (from _rotterdam/) + ./_rotterdam/hardware-configuration.nix + ./_rotterdam/boot.nix + ./_rotterdam/hardware.nix + ./_rotterdam/programs.nix + ./_rotterdam/services.nix + ]; + }; +} diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix new file mode 100644 index 0000000..646cc73 --- /dev/null +++ b/aspects/hosts/trantor.nix @@ -0,0 +1,46 @@ +{ inputs, ... }: +{ + flake.nixosConfigurations.trantor = inputs.nixpkgs-stable.lib.nixosSystem { + system = "aarch64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "trantor"; } + { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale + inputs.self.modules.nixos.common-users + + # Server aspects + inputs.self.modules.nixos.server-boot + inputs.self.modules.nixos.server-nix + inputs.self.modules.nixos.server-tailscale + + # Factory-generated ephemeral module + (inputs.self.factory.ephemeral { + rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; + }) + + # Host-specific files (from _trantor/) + ./_trantor/hardware-configuration.nix + ./_trantor/disko.nix + ./_trantor/boot.nix + ./_trantor/fail2ban.nix + ./_trantor/forgejo.nix + ./_trantor/networking.nix + ./_trantor/nginx.nix + ./_trantor/openssh.nix + ./_trantor/unbound.nix + ]; + }; +} From a9f84629e3359a3ab902e62e187bba2d285db037 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:50 -0300 Subject: [PATCH 147/206] add aspects/users/ configurations User-specific home-manager configurations for: - user@rotterdam - user@io Includes user-specific modules in _user/ directory. Co-Authored-By: Claude Opus 4.5 --- aspects/users/_user/git.nix | 17 +++++++ aspects/users/user.nix | 91 +++++++++++++++++++++++++++++++++++++ 2 files changed, 108 insertions(+) create mode 100644 aspects/users/_user/git.nix create mode 100644 aspects/users/user.nix diff --git a/aspects/users/_user/git.nix b/aspects/users/_user/git.nix new file mode 100644 index 0000000..9c1fb20 --- /dev/null +++ b/aspects/users/_user/git.nix @@ -0,0 +1,17 @@ +{ pkgs, ... }: + +{ + programs = { + git = { + enable = true; + settings.user = { + name = "William"; + email = "baduhai@proton.me"; + }; + }; + diff-so-fancy = { + enable = true; + enableGitIntegration = true; + }; + }; +} diff --git a/aspects/users/user.nix b/aspects/users/user.nix new file mode 100644 index 0000000..5130abf --- /dev/null +++ b/aspects/users/user.nix @@ -0,0 +1,91 @@ +# aspects/users/user.nix +{ inputs, ... }: +{ + flake.homeConfigurations = { + "user@rotterdam" = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { inherit inputs; hostname = "rotterdam"; }; + modules = [ + { nixpkgs.overlays = [ inputs.self.overlays.default ]; } + + # CLI aspects (common module included) + inputs.self.modules.homeManager.cli-base + inputs.self.modules.homeManager.cli-btop + inputs.self.modules.homeManager.cli-comma + inputs.self.modules.homeManager.cli-direnv + inputs.self.modules.homeManager.cli-helix + inputs.self.modules.homeManager.cli-starship + inputs.self.modules.homeManager.cli-tmux + + # Shell + inputs.self.modules.homeManager.shell-fish + inputs.self.modules.homeManager.shell-bash + + # Desktop + inputs.self.modules.homeManager.desktop-desktop + inputs.self.modules.homeManager.desktop-niri + + # Gaming + inputs.self.modules.homeManager.gaming-mangohud + + # Programs + inputs.self.modules.homeManager.programs-media # for obs-studio + + # Stylix + inputs.self.modules.homeManager.stylix + + # User-specific (from _user/) + ./_user/git.nix + + # Home configuration + { + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + }; + } + ]; + }; + + "user@io" = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { inherit inputs; hostname = "io"; }; + modules = [ + { nixpkgs.overlays = [ inputs.self.overlays.default ]; } + + # CLI aspects (common module included) + inputs.self.modules.homeManager.cli-base + inputs.self.modules.homeManager.cli-btop + inputs.self.modules.homeManager.cli-comma + inputs.self.modules.homeManager.cli-direnv + inputs.self.modules.homeManager.cli-helix + inputs.self.modules.homeManager.cli-starship + inputs.self.modules.homeManager.cli-tmux + + # Shell + inputs.self.modules.homeManager.shell-fish + inputs.self.modules.homeManager.shell-bash + + # Desktop + inputs.self.modules.homeManager.desktop-desktop + inputs.self.modules.homeManager.desktop-niri + + # Stylix + inputs.self.modules.homeManager.stylix + + # User-specific (from _user/) + ./_user/git.nix + + # Home configuration + { + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + }; + } + ]; + }; + }; +} From 3200927cb5b3df90298f8f28bb3dec1037a61133 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:36:50 -0300 Subject: [PATCH 148/206] update flake.nix to use import-tree Use import-tree to automatically discover and import all aspects. Removes homeConfigurations.nix, nixosConfigurations.nix, and nixosModules.nix from imports as they're now in aspects/. Co-Authored-By: Claude Opus 4.5 --- flake.nix | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/flake.nix b/flake.nix index 20210f2..701406d 100644 --- a/flake.nix +++ b/flake.nix @@ -3,6 +3,7 @@ inputs = { flake-parts.url = "github:hercules-ci/flake-parts"; + import-tree.url = "github:vic/import-tree"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11"; @@ -56,22 +57,22 @@ }; outputs = - inputs@{ flake-parts, ... }: - flake-parts.lib.mkFlake { inherit inputs; } { - systems = [ - "x86_64-linux" - "aarch64-linux" - ]; + inputs@{ flake-parts, import-tree, ... }: + flake-parts.lib.mkFlake { inherit inputs; } ( + import-tree ./aspects + // { + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; - imports = [ - ./deploy.nix - ./devShells.nix - ./homeConfigurations.nix - ./nixosConfigurations.nix - ./nixosModules.nix - ./overlays.nix - ./packages.nix - ./terranixConfigurations.nix - ]; - }; + imports = [ + ./deploy.nix + ./devShells.nix + ./overlays.nix + ./packages.nix + ./terranixConfigurations.nix + ]; + } + ); } From 848f79f8bb8644c62a826c83c5561fcad8428e0d Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:37:27 -0300 Subject: [PATCH 149/206] remove old configuration structure Remove directories and files replaced by aspects/: - hosts/ - users/ - modules/ - shared/ - nixosConfigurations.nix - homeConfigurations.nix - nixosModules.nix - utils.nix Co-Authored-By: Claude Opus 4.5 --- homeConfigurations.nix | 43 ---- hosts/alexandria/hardware-configuration.nix | 49 ---- hosts/alexandria/jellyfin.nix | 15 -- hosts/alexandria/kanidm.nix | 83 ------- hosts/alexandria/nextcloud.nix | 97 -------- hosts/alexandria/nginx.nix | 59 ----- hosts/alexandria/unbound.nix | 58 ----- hosts/alexandria/vaultwarden.nix | 26 --- hosts/io/boot.nix | 14 -- hosts/io/disko.nix | 79 ------- hosts/io/hardware-configuration.nix | 37 ---- hosts/io/programs.nix | 27 --- hosts/io/services.nix | 61 ----- hosts/modules/ai.nix | 11 - hosts/modules/bluetooth.nix | 5 - hosts/modules/common/boot.nix | 20 -- hosts/modules/common/console.nix | 8 - hosts/modules/common/firewall.nix | 8 - hosts/modules/common/locale.nix | 21 -- hosts/modules/common/nix.nix | 38 ---- hosts/modules/common/openssh.nix | 11 - hosts/modules/common/programs.nix | 40 ---- hosts/modules/common/security.nix | 13 -- hosts/modules/common/services.nix | 9 - hosts/modules/common/tailscale.nix | 8 - hosts/modules/common/users.nix | 24 -- hosts/modules/desktop/boot.nix | 26 --- hosts/modules/desktop/desktop.nix | 163 -------------- hosts/modules/desktop/nix.nix | 13 -- hosts/modules/desktop/services.nix | 15 -- hosts/modules/dev.nix | 18 -- hosts/modules/ephemeral.nix | 43 ---- hosts/modules/fwupd.nix | 5 - hosts/modules/gaming.nix | 43 ---- hosts/modules/libvirtd.nix | 17 -- hosts/modules/networkmanager.nix | 10 - hosts/modules/podman.nix | 14 -- hosts/modules/server/boot.nix | 5 - hosts/modules/server/nix.nix | 13 -- hosts/modules/server/tailscale.nix | 13 -- hosts/rotterdam/boot.nix | 31 --- hosts/rotterdam/hardware-configuration.nix | 82 ------- hosts/rotterdam/hardware.nix | 8 - hosts/rotterdam/programs.nix | 31 --- hosts/rotterdam/services.nix | 11 - hosts/trantor/boot.nix | 6 - hosts/trantor/disko.nix | 64 ------ hosts/trantor/fail2ban.nix | 23 -- hosts/trantor/forgejo.nix | 72 ------ hosts/trantor/hardware-configuration.nix | 20 -- hosts/trantor/networking.nix | 8 - hosts/trantor/nginx.nix | 61 ----- hosts/trantor/openssh.nix | 23 -- hosts/trantor/unbound.nix | 58 ----- modules/ephemeral.nix | 84 ------- nixosConfigurations.nix | 56 ----- nixosModules.nix | 7 - shared/services.nix | 43 ---- users/modules/btop.nix | 12 - users/modules/comma.nix | 7 - users/modules/common/bash.nix | 8 - users/modules/common/fish.nix | 32 --- users/modules/common/hm-cli.nix | 10 - users/modules/desktop/desktop.nix | 134 ----------- users/modules/desktop/niri.nix | 225 ------------------- users/modules/direnv.nix | 8 - users/modules/gaming.nix | 33 --- users/modules/helix.nix | 49 ---- users/modules/obs-studio.nix | 13 -- users/modules/starship.nix | 40 ---- users/modules/stylix.nix | 69 ------ users/modules/tmux.nix | 11 - users/user/git.nix | 17 -- utils.nix | 233 -------------------- 74 files changed, 2851 deletions(-) delete mode 100644 homeConfigurations.nix delete mode 100644 hosts/alexandria/hardware-configuration.nix delete mode 100644 hosts/alexandria/jellyfin.nix delete mode 100644 hosts/alexandria/kanidm.nix delete mode 100644 hosts/alexandria/nextcloud.nix delete mode 100644 hosts/alexandria/nginx.nix delete mode 100644 hosts/alexandria/unbound.nix delete mode 100644 hosts/alexandria/vaultwarden.nix delete mode 100644 hosts/io/boot.nix delete mode 100644 hosts/io/disko.nix delete mode 100644 hosts/io/hardware-configuration.nix delete mode 100644 hosts/io/programs.nix delete mode 100644 hosts/io/services.nix delete mode 100644 hosts/modules/ai.nix delete mode 100644 hosts/modules/bluetooth.nix delete mode 100644 hosts/modules/common/boot.nix delete mode 100644 hosts/modules/common/console.nix delete mode 100644 hosts/modules/common/firewall.nix delete mode 100644 hosts/modules/common/locale.nix delete mode 100644 hosts/modules/common/nix.nix delete mode 100644 hosts/modules/common/openssh.nix delete mode 100644 hosts/modules/common/programs.nix delete mode 100644 hosts/modules/common/security.nix delete mode 100644 hosts/modules/common/services.nix delete mode 100644 hosts/modules/common/tailscale.nix delete mode 100644 hosts/modules/common/users.nix delete mode 100644 hosts/modules/desktop/boot.nix delete mode 100644 hosts/modules/desktop/desktop.nix delete mode 100644 hosts/modules/desktop/nix.nix delete mode 100644 hosts/modules/desktop/services.nix delete mode 100644 hosts/modules/dev.nix delete mode 100644 hosts/modules/ephemeral.nix delete mode 100644 hosts/modules/fwupd.nix delete mode 100644 hosts/modules/gaming.nix delete mode 100644 hosts/modules/libvirtd.nix delete mode 100644 hosts/modules/networkmanager.nix delete mode 100644 hosts/modules/podman.nix delete mode 100644 hosts/modules/server/boot.nix delete mode 100644 hosts/modules/server/nix.nix delete mode 100644 hosts/modules/server/tailscale.nix delete mode 100644 hosts/rotterdam/boot.nix delete mode 100644 hosts/rotterdam/hardware-configuration.nix delete mode 100644 hosts/rotterdam/hardware.nix delete mode 100644 hosts/rotterdam/programs.nix delete mode 100644 hosts/rotterdam/services.nix delete mode 100644 hosts/trantor/boot.nix delete mode 100644 hosts/trantor/disko.nix delete mode 100644 hosts/trantor/fail2ban.nix delete mode 100644 hosts/trantor/forgejo.nix delete mode 100644 hosts/trantor/hardware-configuration.nix delete mode 100644 hosts/trantor/networking.nix delete mode 100644 hosts/trantor/nginx.nix delete mode 100644 hosts/trantor/openssh.nix delete mode 100644 hosts/trantor/unbound.nix delete mode 100644 modules/ephemeral.nix delete mode 100644 nixosConfigurations.nix delete mode 100644 nixosModules.nix delete mode 100644 shared/services.nix delete mode 100644 users/modules/btop.nix delete mode 100644 users/modules/comma.nix delete mode 100644 users/modules/common/bash.nix delete mode 100644 users/modules/common/fish.nix delete mode 100644 users/modules/common/hm-cli.nix delete mode 100644 users/modules/desktop/desktop.nix delete mode 100644 users/modules/desktop/niri.nix delete mode 100644 users/modules/direnv.nix delete mode 100644 users/modules/gaming.nix delete mode 100644 users/modules/helix.nix delete mode 100644 users/modules/obs-studio.nix delete mode 100644 users/modules/starship.nix delete mode 100644 users/modules/stylix.nix delete mode 100644 users/modules/tmux.nix delete mode 100644 users/user/git.nix delete mode 100644 utils.nix diff --git a/homeConfigurations.nix b/homeConfigurations.nix deleted file mode 100644 index 296abfa..0000000 --- a/homeConfigurations.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ inputs, ... }: - -let - lib = inputs.nixpkgs.lib; - utils = import ./utils.nix { inherit inputs lib; }; - inherit (utils) mkHome; -in - -{ - flake.homeConfigurations = { - "user@rotterdam" = mkHome { - username = "user"; - hostname = "rotterdam"; - tags = [ - "desktop" - "btop" - "comma" - "direnv" - "gaming" - "helix" - "obs-studio" - "starship" - "stylix" - "tmux" - ]; - }; - - "user@io" = mkHome { - username = "user"; - hostname = "io"; - tags = [ - "desktop" - "btop" - "comma" - "direnv" - "helix" - "starship" - "stylix" - "tmux" - ]; - }; - }; -} diff --git a/hosts/alexandria/hardware-configuration.nix b/hosts/alexandria/hardware-configuration.nix deleted file mode 100644 index 63ecba5..0000000 --- a/hosts/alexandria/hardware-configuration.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ - config, - lib, - modulesPath, - ... -}: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - initrd = { - availableKernelModules = [ - "xhci_pci" - "ahci" - "usbhid" - "usb_storage" - "sd_mod" - ]; - kernelModules = [ ]; - }; - kernelModules = [ "kvm-intel" ]; - extraModulePackages = [ ]; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/31289617-1d84-4432-a833-680b52e88525"; - fsType = "ext4"; - }; - "/boot" = { - device = "/dev/disk/by-uuid/4130-BE54"; - fsType = "vfat"; - }; - }; - - swapDevices = [ - { - device = "/swapfile"; - size = 8192; - } - ]; - - networking.useDHCP = lib.mkDefault true; - - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/alexandria/jellyfin.nix b/hosts/alexandria/jellyfin.nix deleted file mode 100644 index 6ceac09..0000000 --- a/hosts/alexandria/jellyfin.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ lib, inputs, ... }: -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in -{ - services.jellyfin = { - enable = true; - openFirewall = true; - }; - - services.nginx.virtualHosts = mkNginxVHosts { - domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; - }; -} diff --git a/hosts/alexandria/kanidm.nix b/hosts/alexandria/kanidm.nix deleted file mode 100644 index eaaa9b9..0000000 --- a/hosts/alexandria/kanidm.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ - config, - lib, - inputs, - pkgs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; - kanidmCertDir = "/var/lib/kanidm/certs"; -in - -{ - services.kanidm = { - enableServer = true; - enableClient = true; - package = pkgs.kanidm; - - serverSettings = { - domain = "auth.baduhai.dev"; - origin = "https://auth.baduhai.dev"; - bindaddress = "127.0.0.1:8443"; - ldapbindaddress = "127.0.0.1:636"; - trust_x_forward_for = true; - # Use self-signed certificates for internal TLS - tls_chain = "${kanidmCertDir}/cert.pem"; - tls_key = "${kanidmCertDir}/key.pem"; - }; - - clientSettings = { - uri = "https://auth.baduhai.dev"; - }; - }; - - services.nginx.virtualHosts = mkNginxVHosts { - domains."auth.baduhai.dev" = { - locations."/" = { - proxyPass = "https://127.0.0.1:8443"; - extraConfig = '' - proxy_ssl_verify off; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $host; - ''; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ 636 ]; - - # Generate self-signed certificates for kanidm's internal TLS - systemd.services.kanidm-generate-certs = { - description = "Generate self-signed TLS certificates for Kanidm"; - wantedBy = [ "multi-user.target" ]; - before = [ "kanidm.service" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - mkdir -p ${kanidmCertDir} - if [ ! -f ${kanidmCertDir}/key.pem ]; then - ${pkgs.openssl}/bin/openssl req -x509 -newkey rsa:4096 \ - -keyout ${kanidmCertDir}/key.pem \ - -out ${kanidmCertDir}/cert.pem \ - -days 3650 -nodes \ - -subj "/CN=localhost" \ - -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" - chown -R kanidm:kanidm ${kanidmCertDir} - chmod 600 ${kanidmCertDir}/key.pem - chmod 644 ${kanidmCertDir}/cert.pem - fi - ''; - }; - - # Ensure certificate generation runs before kanidm starts - systemd.services.kanidm = { - after = [ "kanidm-generate-certs.service" ]; - wants = [ "kanidm-generate-certs.service" ]; - }; -} diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix deleted file mode 100644 index c449cce..0000000 --- a/hosts/alexandria/nextcloud.nix +++ /dev/null @@ -1,97 +0,0 @@ -{ - lib, - config, - pkgs, - inputs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in - -{ - services = { - nextcloud = { - enable = true; - package = pkgs.nextcloud32; - datadir = "/data/nextcloud"; - hostName = "cloud.baduhai.dev"; - configureRedis = true; - https = true; - secretFile = config.age.secrets."nextcloud-secrets.json".path; - database.createLocally = true; - maxUploadSize = "16G"; - extraApps = { - inherit (config.services.nextcloud.package.packages.apps) - calendar - contacts - notes - tasks - user_oidc - ; - }; - extraAppsEnable = true; - caching = { - apcu = true; - redis = true; - }; - settings = { - trusted_proxies = [ "127.0.0.1" ]; - default_phone_region = "BR"; - maintenance_window_start = "4"; - allow_local_remote_servers = true; - enabledPreviewProviders = [ - "OC\\Preview\\BMP" - "OC\\Preview\\EMF" - "OC\\Preview\\Font" - "OC\\Preview\\GIF" - "OC\\Preview\\HEIC" - "OC\\Preview\\Illustrator" - "OC\\Preview\\JPEG" - "OC\\Preview\\Krita" - "OC\\Preview\\MarkDown" - "OC\\Preview\\Movie" - "OC\\Preview\\MP3" - "OC\\Preview\\MSOffice2003" - "OC\\Preview\\MSOffice2007" - "OC\\Preview\\MSOfficeDoc" - "OC\\Preview\\OpenDocument" - "OC\\Preview\\PDF" - "OC\\Preview\\Photoshop" - "OC\\Preview\\PNG" - "OC\\Preview\\Postscript" - "OC\\Preview\\SVG" - "OC\\Preview\\TIFF" - "OC\\Preview\\TXT" - "OC\\Preview\\XBitmap" - ]; - }; - config = { - dbtype = "pgsql"; - adminpassFile = config.age.secrets.nextcloud-adminpass.path; - }; - phpOptions = { - "opcache.interned_strings_buffer" = "16"; - }; - }; - - nginx.virtualHosts = mkNginxVHosts { - domains."cloud.baduhai.dev" = { }; - }; - }; - - age.secrets = { - "nextcloud-secrets.json" = { - file = ../../secrets/nextcloud-secrets.json.age; - owner = "nextcloud"; - group = "nextcloud"; - }; - nextcloud-adminpass = { - file = ../../secrets/nextcloud-adminpass.age; - owner = "nextcloud"; - group = "nextcloud"; - }; - }; -} diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix deleted file mode 100644 index 274f645..0000000 --- a/hosts/alexandria/nginx.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts services; - - # Get all unique domains from shared services that have LAN IPs (served by this host) - localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "alexandria") services)); - - # Generate ACME cert configs for all local domains - acmeCerts = lib.genAttrs localDomains (domain: { - group = "nginx"; - }); -in - -{ - security.acme = { - acceptTerms = true; - defaults = { - email = "baduhai@proton.me"; - dnsResolver = "1.1.1.1:53"; - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets.cloudflare.path; - }; - certs = acmeCerts; - }; - - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts = { - "_" = { - default = true; - locations."/".return = "444"; - }; - }; - }; - - users.users.nginx.extraGroups = [ "acme" ]; - - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; - - age.secrets.cloudflare = { - file = ../../secrets/cloudflare.age; - owner = "nginx"; - group = "nginx"; - }; -} diff --git a/hosts/alexandria/unbound.nix b/hosts/alexandria/unbound.nix deleted file mode 100644 index 31363aa..0000000 --- a/hosts/alexandria/unbound.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ inputs, lib, ... }: - -let - utils = import ../../utils.nix { inherit inputs lib; }; -in - -{ - services.unbound = { - enable = true; - enableRootTrustAnchor = true; - settings = { - server = { - interface = [ - "0.0.0.0" - "::" - ]; - access-control = [ - "127.0.0.0/8 allow" - "192.168.0.0/16 allow" - "::1/128 allow" - ]; - - num-threads = 2; - msg-cache-size = "50m"; - rrset-cache-size = "100m"; - cache-min-ttl = 300; - cache-max-ttl = 86400; - prefetch = true; - prefetch-key = true; - hide-identity = true; - hide-version = true; - so-rcvbuf = "1m"; - so-sndbuf = "1m"; - - # LAN-only DNS records - local-zone = ''"baduhai.dev." transparent''; - local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') - (lib.filter (e: e ? lanIP) utils.services); - }; - - forward-zone = [ - { - name = "."; - forward-addr = [ - "1.1.1.1@853#cloudflare-dns.com" - "1.0.0.1@853#cloudflare-dns.com" - ]; - forward-tls-upstream = true; - } - ]; - }; - }; - - networking.firewall = { - allowedTCPPorts = [ 53 ]; - allowedUDPPorts = [ 53 ]; - }; -} diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix deleted file mode 100644 index 2335ee0..0000000 --- a/hosts/alexandria/vaultwarden.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in -{ - services.vaultwarden = { - enable = true; - config = { - DOMAIN = "https://pass.baduhai.dev"; - SIGNUPS_ALLOWED = false; - ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = 58222; - }; - }; - - services.nginx.virtualHosts = mkNginxVHosts { - domains."pass.baduhai.dev".locations."/".proxyPass = - "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; - }; -} diff --git a/hosts/io/boot.nix b/hosts/io/boot.nix deleted file mode 100644 index 326f7dc..0000000 --- a/hosts/io/boot.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - boot = { - # TODO check if future kernel versions fix boot issue with systemd initrd with tpm - initrd.systemd.tpm2.enable = false; - kernelParams = [ - "nosgx" - "i915.fastboot=1" - "mem_sleep_default=deep" - ]; - extraModprobeConfig = '' - options snd-intel-dspcfg dsp_driver=3 - ''; - }; -} diff --git a/hosts/io/disko.nix b/hosts/io/disko.nix deleted file mode 100644 index 4e6c9d5..0000000 --- a/hosts/io/disko.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.disko.nixosModules.default ]; - - disko.devices.disk.main = { - type = "disk"; - device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689"; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - start = "1MiB"; - end = "1GiB"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot/efi"; - mountOptions = [ - "noatime" - "fmask=0077" - "dmask=0077" - ]; - }; - }; - cryptroot = { - priority = 2; - name = "root"; - size = "100%"; - content = { - type = "luks"; - name = "cryptroot"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "@root" = { - mountpoint = "/"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@root" - ]; - }; - "@home" = { - mountpoint = "/home"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@home" - ]; - }; - "@nix" = { - mountpoint = "/nix"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@nix" - ]; - }; - "@persistent" = { - mountpoint = "/persistent"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@persistent" - ]; - }; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/io/hardware-configuration.nix b/hosts/io/hardware-configuration.nix deleted file mode 100644 index 8e4dae4..0000000 --- a/hosts/io/hardware-configuration.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - config, - lib, - modulesPath, - inputs, - ... -}: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - initrd = { - availableKernelModules = [ - "xhci_pci" - "ahci" - "usb_storage" - "sd_mod" - "sdhci_pci" - ]; - }; - kernelModules = [ "kvm-intel" ]; - }; - - zramSwap = { - enable = true; - memoryPercent = 100; - }; - - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - - networking.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/io/programs.nix b/hosts/io/programs.nix deleted file mode 100644 index e272d22..0000000 --- a/hosts/io/programs.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ pkgs, ... }: - -let - cml-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs { - wttsrc = pkgs.fetchFromGitHub { - owner = "WeirdTreeThing"; - repo = "chromebook-ucm-conf"; - rev = "b6ce2a7"; - hash = "sha256-QRUKHd3RQmg1tnZU8KCW0AmDtfw/daOJ/H3XU5qWTCc="; - }; - postInstall = '' - echo "v0.4.1" > $out/chromebook.patched - cp -R $wttsrc/{common,codecs,platforms} $out/share/alsa/ucm2 - cp -R $wttsrc/{cml,sof-rt5682} $out/share/alsa/ucm2/conf.d - ''; - }; -in - -{ - environment = { - systemPackages = with pkgs; [ - maliit-keyboard - sof-firmware - ]; - sessionVariables.ALSA_CONFIG_UCM2 = "${cml-ucm-conf}/share/alsa/ucm2"; - }; -} diff --git a/hosts/io/services.nix b/hosts/io/services.nix deleted file mode 100644 index df41a6f..0000000 --- a/hosts/io/services.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ pkgs, ... }: - -{ - services = { - keyd = { - enable = true; - keyboards.main = { - ids = [ "0001:0001" ]; - settings = { - main = { - meta = "overload(meta, esc)"; - f1 = "back"; - f2 = "forward"; - f3 = "refresh"; - f4 = "M-f11"; - f5 = "M-w"; - f6 = "brightnessdown"; - f7 = "brightnessup"; - f8 = "timeout(mute, 200, micmute)"; - f9 = "play"; - f10 = "timeout(nextsong, 200, previoussong)"; - f13 = "delete"; - "102nd" = "layer(function)"; - }; - shift = { - leftshift = "capslock"; - rightshift = "capslock"; - }; - function = { - escape = "f1"; - f1 = "f2"; - f2 = "f3"; - f3 = "f4"; - f4 = "f5"; - f5 = "f6"; - f6 = "f7"; - f7 = "f8"; - f8 = "f9"; - f9 = "f10"; - f10 = "f11"; - f13 = "f12"; - y = "sysrq"; - k = "home"; - l = "pageup"; - "," = "end"; - "." = "pagedown"; - }; - }; - }; - }; - upower.enable = true; - power-profiles-daemon.enable = true; - }; - - # TODO: remove once gmodena/nix-flatpak/issues/45 fixed - systemd.services."flatpak-managed-install" = { - serviceConfig = { - ExecStartPre = "${pkgs.coreutils}/bin/sleep 5"; - }; - }; -} diff --git a/hosts/modules/ai.nix b/hosts/modules/ai.nix deleted file mode 100644 index b80ac38..0000000 --- a/hosts/modules/ai.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ inputs, pkgs, ... }: - -{ - environment.systemPackages = - (with pkgs; [claude-desktop]) ++ - (with inputs.nix-ai-tools.packages.${pkgs.system}; [ - claude-code - claudebox - opencode - ]); -} diff --git a/hosts/modules/bluetooth.nix b/hosts/modules/bluetooth.nix deleted file mode 100644 index fb6a06a..0000000 --- a/hosts/modules/bluetooth.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: - -{ - hardware.bluetooth.enable = true; -} diff --git a/hosts/modules/common/boot.nix b/hosts/modules/common/boot.nix deleted file mode 100644 index fbba278..0000000 --- a/hosts/modules/common/boot.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, ... }: - -{ - boot = { - loader = { - timeout = 1; - efi.canTouchEfiVariables = true; - systemd-boot = { - enable = true; - editor = false; - consoleMode = "max"; - sortKey = "aa"; - netbootxyz = { - enable = true; - sortKey = "zz"; - }; - }; - }; - }; -} diff --git a/hosts/modules/common/console.nix b/hosts/modules/common/console.nix deleted file mode 100644 index 9cb99d4..0000000 --- a/hosts/modules/common/console.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - console = { - useXkbConfig = true; - earlySetup = true; - }; -} diff --git a/hosts/modules/common/firewall.nix b/hosts/modules/common/firewall.nix deleted file mode 100644 index 910e803..0000000 --- a/hosts/modules/common/firewall.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - networking = { - firewall.enable = true; - nftables.enable = true; - }; -} diff --git a/hosts/modules/common/locale.nix b/hosts/modules/common/locale.nix deleted file mode 100644 index 1171a32..0000000 --- a/hosts/modules/common/locale.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ ... }: - -{ - time.timeZone = "America/Bahia"; - - i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocaleSettings = { - LC_ADDRESS = "pt_BR.utf8"; - LC_COLLATE = "pt_BR.utf8"; - LC_IDENTIFICATION = "pt_BR.utf8"; - LC_MEASUREMENT = "pt_BR.utf8"; - LC_MONETARY = "pt_BR.utf8"; - LC_NAME = "pt_BR.utf8"; - LC_NUMERIC = "pt_BR.utf8"; - LC_PAPER = "pt_BR.utf8"; - LC_TELEPHONE = "pt_BR.utf8"; - LC_TIME = "en_IE.utf8"; - }; - }; -} diff --git a/hosts/modules/common/nix.nix b/hosts/modules/common/nix.nix deleted file mode 100644 index 5ef9c4c..0000000 --- a/hosts/modules/common/nix.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; - - nix = { - settings = { - auto-optimise-store = true; - connect-timeout = 10; - log-lines = 25; - min-free = 128000000; - max-free = 1000000000; - trusted-users = [ "@wheel" ]; - }; - extraOptions = "experimental-features = nix-command flakes"; - gc = { - automatic = true; - options = "--delete-older-than 8d"; - }; - }; - - nixpkgs.config = { - allowUnfree = true; - enableParallelBuilding = true; - buildManPages = false; - buildDocs = false; - }; - - services.nixos-cli = { - enable = true; - config = { - use_nvd = true; - ignore_dirty_tree = true; - }; - }; - - system.stateVersion = "22.11"; -} diff --git a/hosts/modules/common/openssh.nix b/hosts/modules/common/openssh.nix deleted file mode 100644 index df70bdd..0000000 --- a/hosts/modules/common/openssh.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: - -{ - services.openssh = { - enable = true; - settings.PermitRootLogin = "no"; - extraConfig = '' - PrintLastLog no - ''; - }; -} diff --git a/hosts/modules/common/programs.nix b/hosts/modules/common/programs.nix deleted file mode 100644 index fd10953..0000000 --- a/hosts/modules/common/programs.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ lib, pkgs, ... }: - -{ - environment = { - systemPackages = with pkgs; [ - ### Dev Tools ### - git - ### System Utilities ### - btop - fastfetch - helix - nixos-firewall-tool - nvd - sysz - tmux - wget - yazi - ]; - shellAliases = { - cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; - ls = "${lib.getExe pkgs.eza} --icons --group-directories-first"; - tree = "ls --tree"; - }; - }; - - programs = { - command-not-found.enable = false; - fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - if set -q SSH_CONNECTION - export TERM=xterm-256color - clear - fastfetch - end - ''; - }; - }; -} diff --git a/hosts/modules/common/security.nix b/hosts/modules/common/security.nix deleted file mode 100644 index 33d4953..0000000 --- a/hosts/modules/common/security.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: - -{ - security = { - unprivilegedUsernsClone = true; # Needed for rootless podman - sudo = { - wheelNeedsPassword = false; - extraConfig = '' - Defaults lecture = never - ''; - }; - }; -} diff --git a/hosts/modules/common/services.nix b/hosts/modules/common/services.nix deleted file mode 100644 index 89ac527..0000000 --- a/hosts/modules/common/services.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: - -{ - services = { - dbus.implementation = "broker"; - irqbalance.enable = true; - fstrim.enable = true; - }; -} diff --git a/hosts/modules/common/tailscale.nix b/hosts/modules/common/tailscale.nix deleted file mode 100644 index 98bea97..0000000 --- a/hosts/modules/common/tailscale.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - services.tailscale = { - enable = true; - extraUpFlags = [ "--operator=user" ]; - }; -} diff --git a/hosts/modules/common/users.nix b/hosts/modules/common/users.nix deleted file mode 100644 index 7dd6490..0000000 --- a/hosts/modules/common/users.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ pkgs, ... }: - -{ - users.users = { - user = { - isNormalUser = true; - shell = pkgs.fish; - extraGroups = [ - "networkmanager" - "wheel" - ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" - ]; - hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; - }; - root = { - shell = pkgs.fish; - hashedPassword = "!"; - }; - }; -} diff --git a/hosts/modules/desktop/boot.nix b/hosts/modules/desktop/boot.nix deleted file mode 100644 index 0ac4847..0000000 --- a/hosts/modules/desktop/boot.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ pkgs, ... }: - -{ - boot = { - plymouth.enable = true; - initrd.systemd.enable = true; - loader.efi.efiSysMountPoint = "/boot/efi"; - kernelPackages = pkgs.linuxPackages_xanmod_latest; - extraModprobeConfig = '' - options bluetooth disable_ertm=1 - ''; - kernel.sysctl = { - "net.ipv4.tcp_mtu_probing" = 1; - }; - kernelParams = [ - "quiet" - "splash" - "i2c-dev" - "i2c-piix4" - "loglevel=3" - "udev.log_priority=3" - "rd.udev.log_level=3" - "rd.systemd.show_status=false" - ]; - }; -} diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix deleted file mode 100644 index 7510c02..0000000 --- a/hosts/modules/desktop/desktop.nix +++ /dev/null @@ -1,163 +0,0 @@ -{ - config, - inputs, - lib, - pkgs, - ... -}: - -{ - imports = [ - inputs.niri-flake.nixosModules.niri - inputs.nix-flatpak.nixosModules.nix-flatpak - ]; - - environment = { - sessionVariables = { - KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir - NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland - }; - systemPackages = with pkgs; [ - ### Web ### - bitwarden-desktop - fragments - nextcloud-client - tor-browser - vesktop - inputs.zen-browser.packages."${system}".default - ### Office & Productivity ### - aspell - aspellDicts.de - aspellDicts.en - aspellDicts.en-computers - aspellDicts.pt_BR - papers - presenterm - rnote - ### Graphics & Design ### - gimp - inkscape - plasticity - ### System Utilities ### - adwaita-icon-theme - ghostty - gnome-disk-utility - junction - libfido2 - mission-center - nautilus - p7zip - rclone - toggleaudiosink - unrar - ### Media ### - decibels - loupe - obs-studio - showtime - ]; - }; - - services = { - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - wireplumber.enable = true; - }; - greetd = { - enable = true; - settings = { - default_session = { - command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; - user = "greeter"; - }; - } - // lib.optionalAttrs (config.networking.hostName == "io") { - initial_session = { - command = "${config.programs.niri.package}/bin/niri-session"; - user = "user"; - }; - }; - }; - flatpak = { - enable = true; - packages = [ - ### Office & Productivity ### - "com.collabora.Office" - ### Graphics & Design ### - "com.boxy_svg.BoxySVG" - rec { - appId = "io.github.softfever.OrcaSlicer"; - sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; - bundle = "${pkgs.fetchurl { - url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; - inherit sha256; - }}"; - } - ### System Utilities ### - "com.github.tchx84.Flatseal" - "com.rustdesk.RustDesk" - ]; - uninstallUnmanaged = true; - update.auto.enable = true; - }; - gvfs.enable = true; - }; - - security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority - - users = { - users.greeter = { - isSystemUser = true; - group = "greeter"; - }; - groups.greeter = { }; - }; - - programs = { - niri = { - enable = true; - package = inputs.niri.packages.${pkgs.system}.niri; - }; - kdeconnect = { - enable = true; - package = pkgs.valent; - }; - dconf.enable = true; - appimage = { - enable = true; - binfmt = true; - }; - }; - - niri-flake.cache.enable = false; - - fonts = { - fontDir.enable = true; - packages = with pkgs; [ - corefonts - inter - nerd-fonts.fira-code - noto-fonts-cjk-sans - noto-fonts-color-emoji - roboto - ]; - }; - - xdg.portal = { - extraPortals = with pkgs; [ - xdg-desktop-portal-gnome - xdg-desktop-portal-gtk - ]; - config = { - common.default = "*"; - niri.default = [ - "gtk" - "gnome" - ]; - }; - }; -} diff --git a/hosts/modules/desktop/nix.nix b/hosts/modules/desktop/nix.nix deleted file mode 100644 index 54a3549..0000000 --- a/hosts/modules/desktop/nix.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ inputs, ... }: - -{ - environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; - - nix = { - registry.nixpkgs.flake = inputs.nixpkgs; - nixPath = [ - "nixpkgs=${inputs.nixpkgs}" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - }; -} diff --git a/hosts/modules/desktop/services.nix b/hosts/modules/desktop/services.nix deleted file mode 100644 index 66b78f1..0000000 --- a/hosts/modules/desktop/services.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ pkgs, ... }: - -{ - services = { - printing.enable = true; - udev.packages = with pkgs; [ yubikey-personalization ]; - keyd = { - enable = true; - keyboards.all = { - ids = [ "*" ]; - settings.main.capslock = "overload(meta, esc)"; - }; - }; - }; -} diff --git a/hosts/modules/dev.nix b/hosts/modules/dev.nix deleted file mode 100644 index d9c31f7..0000000 --- a/hosts/modules/dev.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ pkgs, ... }: - -{ - environment.systemPackages = with pkgs; [ - android-tools - bat - lazygit - fd - fzf - glow - nixfmt - nix-init - nix-output-monitor - ripgrep - ]; - - users.users.user.extraGroups = [ "adbusers" ]; -} diff --git a/hosts/modules/ephemeral.nix b/hosts/modules/ephemeral.nix deleted file mode 100644 index e962a89..0000000 --- a/hosts/modules/ephemeral.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ config, inputs, ... }: - -{ - imports = [ - inputs.impermanence.nixosModules.impermanence - inputs.self.nixosModules.ephemeral - ]; - - ephemeral = { - enable = true; - rootDevice = - if config.networking.hostName == "trantor" then - "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2" - else - "/dev/mapper/cryptroot"; - rootSubvolume = "@root"; - }; - - fileSystems."/persistent".neededForBoot = true; - - environment.persistence.main = { - persistentStoragePath = "/persistent"; - files = [ - "/etc/machine-id" - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_rsa_key.pub" - ]; - directories = [ - "/etc/NetworkManager/system-connections" - "/etc/nixos" - "/var/lib/bluetooth" - "/var/lib/flatpak" - "/var/lib/lxd" - "/var/lib/nixos" - "/var/lib/systemd/coredump" - "/var/lib/systemd/timers" - "/var/lib/tailscale" - "/var/log" - ]; - }; -} diff --git a/hosts/modules/fwupd.nix b/hosts/modules/fwupd.nix deleted file mode 100644 index 52dc13e..0000000 --- a/hosts/modules/fwupd.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: - -{ - services.fwupd.enable = true; -} diff --git a/hosts/modules/gaming.nix b/hosts/modules/gaming.nix deleted file mode 100644 index 0f00fe3..0000000 --- a/hosts/modules/gaming.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ pkgs, ... }: - -{ - environment.systemPackages = with pkgs; [ - clonehero - heroic - mangohud - prismlauncher - steam-run - ]; - - programs = { - steam = { - enable = true; - extraCompatPackages = [ pkgs.proton-ge-bin ]; - }; - gamemode.enable = true; - }; - - hardware = { - xpadneo.enable = true; - steam-hardware.enable = true; # Allow steam client to manage controllers - graphics.enable32Bit = true; # For OpenGL games - }; - - services.flatpak.packages = [ - "com.github.k4zmu2a.spacecadetpinball" - "com.steamgriddb.SGDBoop" - "io.github.Foldex.AdwSteamGtk" - "io.itch.itch" - "io.mrarm.mcpelauncher" - "net.retrodeck.retrodeck" - "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08" - rec { - appId = "com.hypixel.HytaleLauncher"; - sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv"; - bundle = "${pkgs.fetchurl { - url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak"; - inherit sha256; - }}"; - } - ]; -} diff --git a/hosts/modules/libvirtd.nix b/hosts/modules/libvirtd.nix deleted file mode 100644 index 6bd154f..0000000 --- a/hosts/modules/libvirtd.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ ... }: - -{ - virtualisation = { - libvirtd.enable = true; - spiceUSBRedirection.enable = true; - }; - - programs.virt-manager.enable = true; - - networking.firewall.trustedInterfaces = [ "virbr0" ]; - - users.users.user.extraGroups = [ - "libvirt" - "libvirtd" - ]; -} diff --git a/hosts/modules/networkmanager.nix b/hosts/modules/networkmanager.nix deleted file mode 100644 index 7634116..0000000 --- a/hosts/modules/networkmanager.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ ... }: - -{ - networking.networkmanager = { - enable = true; - wifi.backend = "iwd"; - }; - - users.users.user.extraGroups = [ "networkmanager" ]; -} diff --git a/hosts/modules/podman.nix b/hosts/modules/podman.nix deleted file mode 100644 index 99018cc..0000000 --- a/hosts/modules/podman.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ pkgs, ... }: - -{ - virtualisation.podman = { - enable = true; - autoPrune.enable = true; - extraPackages = [ pkgs.podman-compose ]; - }; - - systemd = { - services.podman-auto-update.enable = true; - timers.podman-auto-update.enable = true; - }; -} diff --git a/hosts/modules/server/boot.nix b/hosts/modules/server/boot.nix deleted file mode 100644 index 5d6e482..0000000 --- a/hosts/modules/server/boot.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ pkgs, ... }: - -{ - boot.kernelPackages = pkgs.linuxPackages_hardened; -} diff --git a/hosts/modules/server/nix.nix b/hosts/modules/server/nix.nix deleted file mode 100644 index af57cae..0000000 --- a/hosts/modules/server/nix.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ inputs, ... }: - -{ - environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; - - nix = { - registry.nixpkgs.flake = inputs.nixpkgs-stable; - nixPath = [ - "nixpkgs=/etc/channels/nixpkgs" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - }; -} diff --git a/hosts/modules/server/tailscale.nix b/hosts/modules/server/tailscale.nix deleted file mode 100644 index 1f105ba..0000000 --- a/hosts/modules/server/tailscale.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: - -{ - services.tailscale = { - extraSetFlags = [ "--advertise-exit-node" ]; - useRoutingFeatures = "server"; - }; - - boot.kernel.sysctl = { - "net.ipv4.ip_forward" = 1; - "net.ipv6.conf.all.forwarding" = 1; - }; -} diff --git a/hosts/rotterdam/boot.nix b/hosts/rotterdam/boot.nix deleted file mode 100644 index d038ede..0000000 --- a/hosts/rotterdam/boot.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ pkgs, ... }: - -let - qubesnsh = pkgs.writeTextFile { - name = "qubes.nsh"; - text = "HD1f65535a1:EFI\\qubes\\grubx64.efi"; - }; -in - -{ - boot = { - kernelParams = [ - "processor.max_cstate=1" # Fixes bug where ryzen cpus freeze when in highest C state - "clearcpuid=514" - "amdgpu.ppfeaturemask=0xfffd3fff" # Fixes amdgpu freezing - ]; - # QubesOS boot entry - loader.systemd-boot = { - extraFiles = { - "efi/edk2-shell/shell.efi" = "${pkgs.edk2-uefi-shell}/shell.efi"; - "qubes.nsh" = qubesnsh; - }; - extraEntries."qubes.conf" = '' - title Qubes OS - efi /efi/edk2-shell/shell.efi - options -nointerrupt qubes.nsh - sort-key ab - ''; - }; - }; -} diff --git a/hosts/rotterdam/hardware-configuration.nix b/hosts/rotterdam/hardware-configuration.nix deleted file mode 100644 index 169c53f..0000000 --- a/hosts/rotterdam/hardware-configuration.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ - config, - lib, - modulesPath, - ... -}: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - initrd = { - availableKernelModules = [ - "amdgpu" - "nvme" - "xhci_pci" - "ahci" - "usbhid" - "sd_mod" - ]; - luks.devices."cryptroot" = { - device = "/dev/disk/by-uuid/f7dd4142-7109-4493-834d-4a831777f08d"; - keyFile = "/dev/disk/by-partuuid/add5fc14-e20f-48be-8b2a-0799ef04d3cb"; - }; - }; - kernelModules = [ "kvm-amd" ]; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; - fsType = "btrfs"; - options = [ - "subvol=@root" - "noatime" - "compress=zstd" - ]; - }; - "/home" = { - device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; - fsType = "btrfs"; - options = [ - "subvol=@home" - "noatime" - "compress=zstd" - ]; - }; - "/boot/efi" = { - device = "/dev/disk/by-uuid/F2A2-CF5A"; - fsType = "vfat"; - options = [ - "noatime" - "fmask=0077" - "dmask=0077" - ]; - }; - "/nix" = { - device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; - fsType = "btrfs"; - options = [ - "subvol=@nix" - "noatime" - "compress=zstd" - ]; - }; - "/persistent" = { - device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; - fsType = "btrfs"; - options = [ - "subvol=@persistent" - "noatime" - "compress=zstd" - ]; - }; - }; - - networking.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/rotterdam/hardware.nix b/hosts/rotterdam/hardware.nix deleted file mode 100644 index 6f76e99..0000000 --- a/hosts/rotterdam/hardware.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: - -{ - hardware = { - amdgpu.opencl.enable = true; - graphics.extraPackages = with pkgs; [ rocmPackages.clr.icd ]; - }; -} diff --git a/hosts/rotterdam/programs.nix b/hosts/rotterdam/programs.nix deleted file mode 100644 index b4dcfd9..0000000 --- a/hosts/rotterdam/programs.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ pkgs, ... }: - -let - reboot-into-qubes = pkgs.makeDesktopItem { - name = "reboot-into-qubes"; - icon = pkgs.fetchurl { - url = "https://raw.githubusercontent.com/vinceliuice/Qogir-icon-theme/31f267e1f5fd4e9596bfd78dfb41a03d3a9f33ee/src/scalable/apps/distributor-logo-qubes.svg"; - sha256 = "sha256-QbHr7s5Wcs7uFtfqZctMyS0iDbMfiiZOKy2nHhDOfn0="; - }; - desktopName = "Qubes OS"; - genericName = "Reboot into Qubes OS"; - categories = [ "System" ]; - startupNotify = true; - exec = pkgs.writeShellScript "reboot-into-qubes" '' - ${pkgs.yad}/bin/yad --form \ - --title="Qubes OS" \ - --image distributor-logo-qubes \ - --text "Are you sure you want to reboot into Qubes OS?" \ - --button="Yes:0" --button="Cancel:1" - if [ $? -eq 0 ]; then - systemctl reboot --boot-loader-entry=qubes.conf - fi - ''; - }; -in - -{ - environment.systemPackages = [ reboot-into-qubes ]; - - programs.steam.dedicatedServer.openFirewall = true; -} diff --git a/hosts/rotterdam/services.nix b/hosts/rotterdam/services.nix deleted file mode 100644 index 0bf276f..0000000 --- a/hosts/rotterdam/services.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - services.keyd = { - enable = true; - keyboards.main = { - ids = [ "5653:0001" ]; - settings.main = { - esc = "overload(meta, esc)"; - }; - }; - }; -} diff --git a/hosts/trantor/boot.nix b/hosts/trantor/boot.nix deleted file mode 100644 index 0498818..0000000 --- a/hosts/trantor/boot.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - boot = { - initrd.systemd.enable = true; - loader.efi.efiSysMountPoint = "/boot/efi"; - }; -} diff --git a/hosts/trantor/disko.nix b/hosts/trantor/disko.nix deleted file mode 100644 index 0e47058..0000000 --- a/hosts/trantor/disko.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.disko.nixosModules.default ]; - - disko.devices.disk.main = { - type = "disk"; - device = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20"; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - start = "1MiB"; - end = "512MiB"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot/efi"; - mountOptions = [ - "noatime" - "fmask=0077" - "dmask=0077" - ]; - }; - }; - root = { - priority = 2; - name = "root"; - size = "100%"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "@root" = { - mountpoint = "/"; - mountOptions = [ - "noatime" - "compress=zstd" - ]; - }; - "@nix" = { - mountpoint = "/nix"; - mountOptions = [ - "noatime" - "compress=zstd" - ]; - }; - "@persistent" = { - mountpoint = "/persistent"; - mountOptions = [ - "noatime" - "compress=zstd" - ]; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/trantor/fail2ban.nix b/hosts/trantor/fail2ban.nix deleted file mode 100644 index bc05139..0000000 --- a/hosts/trantor/fail2ban.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, pkgs, ... }: - -{ - services.fail2ban = { - enable = true; - maxretry = 5; - ignoreIP = [ - "127.0.0.0/8" - "::1" - "10.0.0.0/8" - "172.16.0.0/12" - "192.168.0.0/16" - "100.64.0.0/10" - ]; - bantime = "1h"; - bantime-increment = { - enable = true; - multipliers = "1 2 4 8 16 32 64"; - maxtime = "10000h"; - overalljails = true; - }; - }; -} diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix deleted file mode 100644 index fdfa64a..0000000 --- a/hosts/trantor/forgejo.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in - -{ - services = { - forgejo = { - enable = true; - settings = { - session.COOKIE_SECURE = true; - server = { - PROTOCOL = "http+unix"; - DOMAIN = "git.baduhai.dev"; - ROOT_URL = "https://git.baduhai.dev"; - OFFLINE_MODE = true; # disable use of CDNs - SSH_DOMAIN = "git.baduhai.dev"; - }; - log.LEVEL = "Warn"; - mailer.ENABLED = false; - actions.ENABLED = false; - service.DISABLE_REGISTRATION = true; - oauth2_client = { - ENABLE_AUTO_REGISTRATION = true; - UPDATE_AVATAR = true; - ACCOUNT_LINKING = "login"; - USERNAME = "preferred_username"; - }; - }; - }; - nginx.virtualHosts = mkNginxVHosts { - domains."git.baduhai.dev".locations."/".proxyPass = - "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; - }; - fail2ban.jails.forgejo = { - settings = { - enabled = true; - filter = "forgejo"; - maxretry = 3; - findtime = "10m"; - bantime = "1h"; - }; - }; - }; - - environment = { - etc."fail2ban/filter.d/forgejo.conf".text = '' - [Definition] - failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from - ignoreregex = - journalmatch = _SYSTEMD_UNIT=forgejo.service - ''; - - persistence.main.directories = [ - { - directory = config.services.forgejo.stateDir; - inherit (config.services.forgejo) user group; - mode = "0700"; - } - ]; - }; - - # Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories - systemd.services.forgejo.serviceConfig.PrivateMounts = lib.mkForce false; -} diff --git a/hosts/trantor/hardware-configuration.nix b/hosts/trantor/hardware-configuration.nix deleted file mode 100644 index 039129e..0000000 --- a/hosts/trantor/hardware-configuration.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - lib, - modulesPath, - ... -}: - -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - boot.initrd.availableKernelModules = [ - "xhci_pci" - "virtio_pci" - "virtio_scsi" - "usbhid" - ]; - - networking.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; -} diff --git a/hosts/trantor/networking.nix b/hosts/trantor/networking.nix deleted file mode 100644 index 4dcbe1e..0000000 --- a/hosts/trantor/networking.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - networking = { - firewall = { - allowedTCPPorts = [ 25566 ]; - allowedUDPPorts = [ 25566 ]; - }; - }; -} diff --git a/hosts/trantor/nginx.nix b/hosts/trantor/nginx.nix deleted file mode 100644 index 56eed7c..0000000 --- a/hosts/trantor/nginx.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts services; - - # Get all unique domains from shared services on trantor (host = "trantor") - localDomains = lib.unique ( - map (s: s.domain) (lib.filter (s: s.host == "trantor") services) - ); - - # Generate ACME cert configs for all local domains - acmeCerts = lib.genAttrs localDomains (domain: { - group = "nginx"; - }); -in - -{ - security.acme = { - acceptTerms = true; - defaults = { - email = "baduhai@proton.me"; - dnsResolver = "1.1.1.1:53"; - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets.cloudflare.path; - }; - certs = acmeCerts; - }; - - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts = { - "_" = { - default = true; - locations."/".return = "444"; - }; - }; - }; - - users.users.nginx.extraGroups = [ "acme" ]; - - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; - - age.secrets.cloudflare = { - file = ../../secrets/cloudflare.age; - owner = "nginx"; - group = "nginx"; - }; -} diff --git a/hosts/trantor/openssh.nix b/hosts/trantor/openssh.nix deleted file mode 100644 index 704b3df..0000000 --- a/hosts/trantor/openssh.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ ... }: - -{ - services = { - openssh = { - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; - fail2ban.jails.sshd = { - settings = { - enabled = true; - port = "ssh"; - filter = "sshd"; - logpath = "/var/log/auth.log"; - maxretry = 3; - findtime = "10m"; - bantime = "1h"; - }; - }; - }; -} diff --git a/hosts/trantor/unbound.nix b/hosts/trantor/unbound.nix deleted file mode 100644 index 46808c6..0000000 --- a/hosts/trantor/unbound.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ inputs, lib, ... }: - -let - utils = import ../../utils.nix { inherit inputs lib; }; -in - -{ - services.unbound = { - enable = true; - enableRootTrustAnchor = true; - settings = { - server = { - interface = [ - "0.0.0.0" - "::" - ]; - access-control = [ - "127.0.0.0/8 allow" - "100.64.0.0/10 allow" # Tailscale CGNAT range - "::1/128 allow" - "fd7a:115c:a1e0::/48 allow" # Tailscale IPv6 - ]; - - num-threads = 2; - msg-cache-size = "50m"; - rrset-cache-size = "100m"; - cache-min-ttl = 300; - cache-max-ttl = 86400; - prefetch = true; - prefetch-key = true; - hide-identity = true; - hide-version = true; - so-rcvbuf = "1m"; - so-sndbuf = "1m"; - - # Tailnet DNS records from shared services - local-zone = ''"baduhai.dev." transparent''; - local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') utils.services; - }; - - forward-zone = [ - { - name = "."; - forward-addr = [ - "1.1.1.1@853#cloudflare-dns.com" - "1.0.0.1@853#cloudflare-dns.com" - ]; - forward-tls-upstream = true; - } - ]; - }; - }; - - networking.firewall = { - allowedTCPPorts = [ 53 ]; - allowedUDPPorts = [ 53 ]; - }; -} diff --git a/modules/ephemeral.nix b/modules/ephemeral.nix deleted file mode 100644 index 7403aac..0000000 --- a/modules/ephemeral.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ lib, config, ... }: - -let - cfg = config.ephemeral; -in -{ - options.ephemeral = { - enable = lib.mkEnableOption "ephemeral root with automatic rollback"; - - rootDevice = lib.mkOption { - type = lib.types.str; - example = "/dev/mapper/cryptroot"; - description = "Device path for the root btrfs filesystem"; - }; - - rootSubvolume = lib.mkOption { - type = lib.types.str; - example = "@root"; - description = "Name of the root btrfs subvolume"; - }; - - oldRootRetentionDays = lib.mkOption { - type = lib.types.int; - default = 30; - description = "Number of days to keep old root snapshots before deletion"; - }; - }; - - config = lib.mkIf cfg.enable { - boot.initrd.systemd.services.recreate-root = { - description = "Rolling over and creating new filesystem root"; - requires = [ "initrd-root-device.target" ]; - after = [ - "local-fs-pre.target" - "initrd-root-device.target" - ]; - requiredBy = [ "initrd-root-fs.target" ]; - before = [ "sysroot.mount" ]; - unitConfig = { - AssertPathExists = "/etc/initrd-release"; - DefaultDependencies = false; - }; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - set -euo pipefail - - mkdir /btrfs_tmp - if ! mount ${cfg.rootDevice} /btrfs_tmp; then - echo "ERROR: Failed to mount ${cfg.rootDevice}" - exit 1 - fi - - if [[ -e /btrfs_tmp/${cfg.rootSubvolume} ]]; then - mkdir -p /btrfs_tmp/old_roots - timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/${cfg.rootSubvolume})" "+%Y-%m-%-d_%H:%M:%S") - mv /btrfs_tmp/${cfg.rootSubvolume} "/btrfs_tmp/old_roots/$timestamp" - fi - - delete_subvolume_recursively() { - IFS=$'\n' - for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do - delete_subvolume_recursively "/btrfs_tmp/$i" - done - btrfs subvolume delete "$1" - } - - for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +${toString cfg.oldRootRetentionDays}); do - delete_subvolume_recursively "$i" - done - - if ! btrfs subvolume create /btrfs_tmp/${cfg.rootSubvolume}; then - echo "ERROR: Failed to create subvolume ${cfg.rootSubvolume}" - umount /btrfs_tmp - exit 1 - fi - - umount /btrfs_tmp - ''; - }; - }; -} diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix deleted file mode 100644 index 8367438..0000000 --- a/nixosConfigurations.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ inputs, ... }: -let - lib = inputs.nixpkgs.lib; - utils = import ./utils.nix { inherit inputs lib; }; - inherit (utils) mkHost; -in -{ - flake.nixosConfigurations = { - rotterdam = mkHost { - hostname = "rotterdam"; - tags = [ - "desktop" - "ai" - "bluetooth" - "dev" - "ephemeral" - "fwupd" - "gaming" - "libvirtd" - "networkmanager" - "podman" - ]; - }; - - io = mkHost { - hostname = "io"; - tags = [ - "desktop" - "ai" - "bluetooth" - "dev" - "ephemeral" - "libvirtd" - "networkmanager" - "podman" - ]; - }; - - alexandria = mkHost { - hostname = "alexandria"; - tags = [ - "server" - "fwupd" - ]; - }; - - trantor = mkHost { - hostname = "trantor"; - system = "aarch64-linux"; - tags = [ - "server" - "ephemeral" - ]; - }; - }; -} diff --git a/nixosModules.nix b/nixosModules.nix deleted file mode 100644 index 5fd416b..0000000 --- a/nixosModules.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: - -{ - flake.nixosModules = { - ephemeral = import ./modules/ephemeral.nix; - }; -} diff --git a/shared/services.nix b/shared/services.nix deleted file mode 100644 index 1173b3b..0000000 --- a/shared/services.nix +++ /dev/null @@ -1,43 +0,0 @@ -# Shared service definitions for cross-host configuration -{ - # Host IP definitions - hosts = { - alexandria = { - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - }; - trantor = { - tailscaleIP = "100.108.5.90"; - }; - }; - - # Service definitions - IPs are inherited from host - services = [ - { - name = "kanidm"; - domain = "auth.baduhai.dev"; - host = "alexandria"; - } - { - name = "vaultwarden"; - domain = "pass.baduhai.dev"; - host = "alexandria"; - } - { - name = "forgejo"; - domain = "git.baduhai.dev"; - host = "trantor"; - public = true; - } - { - name = "nextcloud"; - domain = "cloud.baduhai.dev"; - host = "alexandria"; - } - { - name = "jellyfin"; - domain = "jellyfin.baduhai.dev"; - host = "alexandria"; - } - ]; -} diff --git a/users/modules/btop.nix b/users/modules/btop.nix deleted file mode 100644 index c19c4bb..0000000 --- a/users/modules/btop.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ pkgs, ... }: - -{ - programs.btop = { - enable = true; - settings = { - theme_background = false; - proc_sorting = "cpu direct"; - update_ms = 500; - }; - }; -} \ No newline at end of file diff --git a/users/modules/comma.nix b/users/modules/comma.nix deleted file mode 100644 index 0aad530..0000000 --- a/users/modules/comma.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.nix-index-database.homeModules.nix-index ]; - - programs.nix-index-database.comma.enable = true; -} diff --git a/users/modules/common/bash.nix b/users/modules/common/bash.nix deleted file mode 100644 index a5a0823..0000000 --- a/users/modules/common/bash.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: - -{ - programs.bash = { - enable = true; - historyFile = "~/.cache/bash_history"; - }; -} \ No newline at end of file diff --git a/users/modules/common/fish.nix b/users/modules/common/fish.nix deleted file mode 100644 index c753297..0000000 --- a/users/modules/common/fish.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ pkgs, lib, ... }: - -{ - programs.fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - ${lib.getExe pkgs.nix-your-shell} fish | source - ''; - loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; - plugins = [ - { - name = "bang-bang"; - src = pkgs.fetchFromGitHub { - owner = "oh-my-fish"; - repo = "plugin-bang-bang"; - rev = "f969c618301163273d0a03d002614d9a81952c1e"; - sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; - }; - } - { - name = "z"; - src = pkgs.fetchFromGitHub { - owner = "jethrokuan"; - repo = "z"; - rev = "067e867debee59aee231e789fc4631f80fa5788e"; - sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU="; - }; - } - ]; - }; -} diff --git a/users/modules/common/hm-cli.nix b/users/modules/common/hm-cli.nix deleted file mode 100644 index d2ed715..0000000 --- a/users/modules/common/hm-cli.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, ... }: - -{ - home = { - packages = with pkgs; [ hm-cli ]; - sessionVariables = { - HM_PATH = "/etc/nixos"; - }; - }; -} diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix deleted file mode 100644 index fd3d306..0000000 --- a/users/modules/desktop/desktop.nix +++ /dev/null @@ -1,134 +0,0 @@ -{ - inputs, - pkgs, - ... -}: - -{ - imports = [ inputs.vicinae.homeManagerModules.default ]; - - fonts.fontconfig.enable = true; - - home.packages = with pkgs; [ xwayland-satellite ]; - - services.vicinae = { - enable = true; - systemd = { - enable = true; - autoStart = true; - }; - }; - - programs = { - ghostty = { - enable = true; - settings = { - cursor-style = "block"; - shell-integration-features = "no-cursor"; - cursor-style-blink = false; - custom-shader = "${builtins.fetchurl { - url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; - sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; - }}"; - bell-features = ""; - gtk-titlebar-style = "tabs"; - keybind = [ "shift+enter=text:\\x1b\\r" ]; - }; - }; - - password-store = { - enable = true; - package = pkgs.pass-wayland; - }; - }; - - xdg = { - enable = true; - userDirs.enable = true; - mimeApps = { - enable = true; - defaultApplications = { - "text/html" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/http" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/https" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/about" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/unknown" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "image/jpeg" = "org.gnome.Loupe.desktop"; - "image/png" = "org.gnome.Loupe.desktop"; - "image/gif" = "org.gnome.Loupe.desktop"; - "image/webp" = "org.gnome.Loupe.desktop"; - "image/bmp" = "org.gnome.Loupe.desktop"; - "image/svg+xml" = "org.gnome.Loupe.desktop"; - "image/tiff" = "org.gnome.Loupe.desktop"; - "video/mp4" = "io.bassi.Showtime.desktop"; - "video/x-matroska" = "io.bassi.Showtime.desktop"; - "video/webm" = "io.bassi.Showtime.desktop"; - "video/mpeg" = "io.bassi.Showtime.desktop"; - "video/x-msvideo" = "io.bassi.Showtime.desktop"; - "video/quicktime" = "io.bassi.Showtime.desktop"; - "video/x-flv" = "io.bassi.Showtime.desktop"; - "audio/mpeg" = "io.bassi.Showtime.desktop"; - "audio/flac" = "io.bassi.Showtime.desktop"; - "audio/ogg" = "io.bassi.Showtime.desktop"; - "audio/wav" = "io.bassi.Showtime.desktop"; - "audio/mp4" = "io.bassi.Showtime.desktop"; - "audio/x-opus+ogg" = "io.bassi.Showtime.desktop"; - "application/pdf" = [ - "org.gnome.Papers.desktop" - "zen-browser.desktop" - ]; - "text/plain" = "Helix.desktop"; - "text/markdown" = "Helix.desktop"; - "text/x-log" = "Helix.desktop"; - "application/x-shellscript" = "Helix.desktop"; - "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = - "com.collabora.Office.desktop"; # DOCX - "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = - "com.collabora.Office.desktop"; # XLSX - "application/vnd.openxmlformats-officedocument.presentationml.presentation" = - "com.collabora.Office.desktop"; # PPTX - "application/vnd.oasis.opendocument.text" = "com.collabora.Office.desktop"; # ODT - "application/vnd.oasis.opendocument.spreadsheet" = "com.collabora.Office.desktop"; # ODS - "application/vnd.oasis.opendocument.presentation" = "com.collabora.Office.desktop"; # ODP - "application/msword" = "com.collabora.Office.desktop"; # DOC - "application/vnd.ms-excel" = "com.collabora.Office.desktop"; # XLS - "application/vnd.ms-powerpoint" = "com.collabora.Office.desktop"; # PPT - "application/zip" = "org.gnome.FileRoller.desktop"; - "application/x-tar" = "org.gnome.FileRoller.desktop"; - "application/x-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-bzip-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-xz-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-7z-compressed" = "org.gnome.FileRoller.desktop"; - "application/x-rar" = "org.gnome.FileRoller.desktop"; - "application/gzip" = "org.gnome.FileRoller.desktop"; - "application/x-bzip" = "org.gnome.FileRoller.desktop"; - "inode/directory" = "org.gnome.Nautilus.desktop"; - }; - }; - }; - - # Set Ghostty as default terminal - home.sessionVariables = { - TERMINAL = "ghostty"; - }; -} diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix deleted file mode 100644 index 58a7aaf..0000000 --- a/users/modules/desktop/niri.nix +++ /dev/null @@ -1,225 +0,0 @@ -{ - inputs, - lib, - pkgs, - hostname ? null, - ... -}: - -let - isRotterdam = hostname == "rotterdam"; -in - -{ - imports = [ inputs.noctalia.homeModules.default ]; - - services.kanshi = { - enable = true; - settings = [ - { - profile.name = "default"; - profile.outputs = [ - { - criteria = "*"; - scale = 1.0; - } - ]; - } - ]; - }; - - home = { - packages = with pkgs; [ - xwayland-satellite - inputs.noctalia.packages.${pkgs.system}.default - ]; - sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; - }; - - xdg.configFile."niri/config.kdl".text = '' - input { - keyboard { - xkb { - layout "us" - variant "altgr-intl" - } - } - touchpad { - tap - dwt - drag true - drag-lock - natural-scroll - accel-speed 0.2 - accel-profile "flat" - scroll-method "two-finger" - middle-emulation - } - mouse { - natural-scroll - accel-speed 0.2 - accel-profile "flat" - } - warp-mouse-to-focus mode="center-xy" - focus-follows-mouse - } - - layout { - gaps 8 - center-focused-column "never" - auto-center-when-space-available - preset-column-widths { - ${ - if isRotterdam then - '' - proportion 0.33333 - proportion 0.5 - proportion 0.66667 - '' - else - '' - proportion 0.5 - proportion 1.0 - '' - } - } - default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } - focus-ring { - off - } - border { - width 4 - active-color "#ffc87f" - inactive-color "#505050" - urgent-color "#9b0000" - } - tab-indicator { - width 4 - gap 4 - place-within-column - } - } - - overview { - zoom 0.65 - } - - spawn-at-startup "noctalia-shell" "-d" - layer-rule { - match namespace="^noctalia-overview*" - place-within-backdrop true - } - - hotkey-overlay { - skip-at-startup - } - - prefer-no-csd - screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" - - animations { - slowdown 0.3 - } - - window-rule { - match app-id="zen" - default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; } - } - - window-rule { - geometry-corner-radius 12 - clip-to-geometry true - } - - config-notification { - disable-failed - } - - binds { - Alt+Space repeat=false { spawn "vicinae" "toggle"; } - XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; } - XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; } - XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; } - XF86MonBrightnessUp allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "increase"; } - XF86MonBrightnessDown allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "decrease"; } - XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; } - XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } - XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } - XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } - Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; } - Mod+Shift+L repeat=false { spawn "noctalia-shell" "ipc" "call" "lockScreen" "lock"; } - Mod+Return { spawn "ghostty"; } - Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } - Mod+W repeat=false { toggle-overview; } - Mod+Q { close-window; } - Alt+Shift+Q { close-window;} - Mod+Shift+Q { close-window; } - Alt+F4 { close-window; } - Mod+Left { focus-column-left; } - Mod+Down { focus-window-or-workspace-down; } - Mod+Up { focus-window-or-workspace-up; } - Mod+Right { focus-column-right; } - Mod+H { focus-column-left; } - Mod+L { focus-column-right; } - Mod+J { focus-window-or-workspace-down; } - Mod+K { focus-window-or-workspace-up; } - Mod+Ctrl+Left { move-column-left; } - Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } - Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } - Mod+Ctrl+Right { move-column-right; } - Mod+Ctrl+H { move-column-left; } - Mod+Ctrl+J { move-window-down-or-to-workspace-down; } - Mod+Ctrl+K { move-window-up-or-to-workspace-up; } - Mod+Ctrl+L { move-column-right; } - Mod+Home { focus-column-first; } - Mod+End { focus-column-last; } - Mod+Ctrl+Home { move-column-to-first; } - Mod+Ctrl+End { move-column-to-last; } - Mod+Alt+Left { focus-monitor-left; } - Mod+Alt+Down { focus-monitor-down; } - Mod+Alt+Up { focus-monitor-up; } - Mod+Alt+Right { focus-monitor-right; } - Mod+Alt+H { focus-monitor-left; } - Mod+Alt+J { focus-monitor-down; } - Mod+Alt+K { focus-monitor-up; } - Mod+Alt+L { focus-monitor-right; } - Mod+Alt+Ctrl+Left { move-column-to-monitor-left; } - Mod+Alt+Ctrl+Down { move-column-to-monitor-down; } - Mod+Alt+Ctrl+Up { move-column-to-monitor-up; } - Mod+Alt+Ctrl+Right { move-column-to-monitor-right; } - Mod+Alt+Ctrl+H { move-column-to-monitor-left; } - Mod+Alt+Ctrl+J { move-column-to-monitor-down; } - Mod+Alt+Ctrl+K { move-column-to-monitor-up; } - Mod+Alt+Ctrl+L { move-column-to-monitor-right; } - Mod+Ctrl+U { move-workspace-down; } - Mod+Ctrl+I { move-workspace-up; } - Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; } - Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; } - Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; } - Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; } - Mod+Shift+WheelScrollDown { focus-column-right; } - Mod+Shift+WheelScrollUp { focus-column-left; } - Mod+Ctrl+Shift+WheelScrollDown { move-column-right; } - Mod+Ctrl+Shift+WheelScrollUp { move-column-left; } - Mod+BracketLeft { consume-or-expel-window-left; } - Mod+BracketRight { consume-or-expel-window-right; } - Mod+Comma { consume-window-into-column; } - Mod+Period { expel-window-from-column; } - Mod+R { switch-preset-column-width; } - Mod+F { maximize-column; } - Mod+Ctrl+F { fullscreen-window; } - Mod+C { center-visible-columns; } - Mod+Ctrl+C { center-column; } - Mod+Space { toggle-window-floating; } - Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; } - Mod+T { toggle-column-tabbed-display; } - Print { screenshot-screen; } - Mod+Print { screenshot; } - Ctrl+Print { screenshot-window; } - Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } - Mod+Alt+E { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } - Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } - Mod+Ctrl+P { power-off-monitors; } - } - ''; -} diff --git a/users/modules/direnv.nix b/users/modules/direnv.nix deleted file mode 100644 index c91d0af..0000000 --- a/users/modules/direnv.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: - -{ - programs.direnv = { - enable = true; - nix-direnv.enable = true; - }; -} \ No newline at end of file diff --git a/users/modules/gaming.nix b/users/modules/gaming.nix deleted file mode 100644 index 48825ab..0000000 --- a/users/modules/gaming.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, ... }: - -{ - programs.mangohud = { - enable = true; - enableSessionWide = true; - settings = { - position = "top-left"; - fps = true; - frametime = false; - frame_timing = false; - gpu_stats = true; - gpu_temp = true; - gpu_power = true; - cpu_stats = true; - cpu_temp = true; - cpu_power = true; - ram = true; - vram = true; - gamemode = false; - vkbasalt = false; - version = false; - engine_version = false; - vulkan_driver = false; - wine = false; - time = false; - fps_sampling_period = 500; - toggle_hud = "Shift_L+F12"; - toggle_logging = "Ctrl_L+F2"; - output_folder = "${config.home.homeDirectory}/.local/share/mangohud"; - }; - }; -} diff --git a/users/modules/helix.nix b/users/modules/helix.nix deleted file mode 100644 index a72ead3..0000000 --- a/users/modules/helix.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ pkgs, ... }: - -{ - home.sessionVariables = { - EDITOR = "hx"; - }; - - programs.helix = { - enable = true; - settings = { - editor = { - file-picker.hidden = false; - idle-timeout = 0; - line-number = "relative"; - cursor-shape = { - normal = "underline"; - insert = "bar"; - select = "underline"; - }; - soft-wrap.enable = true; - auto-format = true; - indent-guides.render = true; - }; - keys.normal = { - space = { - o = "file_picker_in_current_buffer_directory"; - esc = [ - "collapse_selection" - "keep_primary_selection" - ]; - }; - }; - }; - languages = { - language = [ - { - name = "nix"; - auto-format = true; - formatter.command = "nixfmt"; - } - { - name = "typst"; - auto-format = true; - formatter.command = "typstyle -c 1000 -i"; - } - ]; - }; - }; -} diff --git a/users/modules/obs-studio.nix b/users/modules/obs-studio.nix deleted file mode 100644 index 67e3b8b..0000000 --- a/users/modules/obs-studio.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ pkgs, ... }: - -{ - programs.obs-studio = { - enable = true; - plugins = [ - pkgs.obs-studio-plugins.obs-vkcapture - pkgs.obs-studio-plugins.obs-backgroundremoval - pkgs.obs-studio-plugins.obs-pipewire-audio-capture - ]; - }; - -} diff --git a/users/modules/starship.nix b/users/modules/starship.nix deleted file mode 100644 index c836c51..0000000 --- a/users/modules/starship.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ pkgs, ... }: - -{ - programs.starship = { - enable = true; - enableBashIntegration = true; - enableFishIntegration = true; - settings = { - add_newline = false; - format = '' - $hostname$directory$git_branch$git_status$nix_shell - [ ❯ ](bold green) - ''; - right_format = "$cmd_duration$character"; - hostname = { - ssh_symbol = "󰖟 "; - }; - character = { - error_symbol = "[](red)"; - success_symbol = "[󱐋](green)"; - }; - cmd_duration = { - format = "[󰄉 $duration ]($style)"; - style = "yellow"; - min_time = 500; - }; - git_branch = { - symbol = " "; - style = "purple"; - }; - git_status.style = "red"; - nix_shell = { - format = "via [$symbol$state]($style)"; - heuristic = true; - style = "blue"; - symbol = "󱄅 "; - }; - }; - }; -} diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix deleted file mode 100644 index 6b34e43..0000000 --- a/users/modules/stylix.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ - config, - inputs, - pkgs, - ... -}: - -{ - imports = [ - inputs.stylix.homeModules.stylix - inputs.zen-browser.homeModules.beta - ]; - - stylix = { - enable = true; - polarity = "dark"; - base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyodark.yaml"; - cursor = { - package = pkgs.kdePackages.breeze; - name = "breeze_cursors"; - size = 24; - }; - icons = { - enable = true; - package = pkgs.morewaita-icon-theme; - light = "MoreWaita"; - dark = "MoreWaita"; - }; - opacity = { - applications = 1.0; - desktop = 1.0; - popups = config.stylix.opacity.desktop; - terminal = 1.0; - }; - fonts = { - serif = { - package = pkgs.source-serif; - name = "Source Serif 4 Display"; - }; - sansSerif = { - package = pkgs.inter; - name = "Inter"; - }; - monospace = { - package = pkgs.nerd-fonts.fira-code; - name = "FiraCode Nerd Font"; - }; - emoji = { - package = pkgs.noto-fonts-color-emoji; - name = "Noto Color Emoji"; - }; - sizes = { - applications = 10; - desktop = config.stylix.fonts.sizes.applications; - popups = config.stylix.fonts.sizes.applications; - terminal = 12; - }; - }; - targets.zen-browser = { - enable = true; - profileNames = [ "william" ]; - }; - }; - - programs.zen-browser = { - enable = true; - profiles.william = { }; - }; -} diff --git a/users/modules/tmux.nix b/users/modules/tmux.nix deleted file mode 100644 index 4268e7a..0000000 --- a/users/modules/tmux.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ pkgs, ... }: - -{ - programs.tmux = { - enable = true; - clock24 = true; - terminal = "xterm-256color"; - mouse = true; - keyMode = "vi"; - }; -} \ No newline at end of file diff --git a/users/user/git.nix b/users/user/git.nix deleted file mode 100644 index 9c1fb20..0000000 --- a/users/user/git.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, ... }: - -{ - programs = { - git = { - enable = true; - settings.user = { - name = "William"; - email = "baduhai@proton.me"; - }; - }; - diff-so-fancy = { - enable = true; - enableGitIntegration = true; - }; - }; -} diff --git a/utils.nix b/utils.nix deleted file mode 100644 index e65837c..0000000 --- a/utils.nix +++ /dev/null @@ -1,233 +0,0 @@ -{ inputs, lib }: - -let - inherit (inputs) - self - nixpkgs - nixpkgs-stable - home-manager - agenix - ; - - # Import shared service definitions - sharedServices = import ./shared/services.nix; - - # Enrich services with host IP information - enrichedServices = builtins.map (svc: - let - hostInfo = sharedServices.hosts.${svc.host} or {}; - in - svc // lib.optionalAttrs (hostInfo ? lanIP) { inherit (hostInfo) lanIP; } - // lib.optionalAttrs (hostInfo ? tailscaleIP) { inherit (hostInfo) tailscaleIP; } - ) sharedServices.services; -in - -{ - # Re-export enriched services and hosts for use in host configs - services = enrichedServices; - inherit (sharedServices) hosts; - # Tag-based host configuration system - mkHost = - { - hostname, - tags ? [ ], - system ? "x86_64-linux", - extraModules ? [ ], - }: - let - # Validate that server and desktop tags are mutually exclusive - hasServer = builtins.elem "server" tags; - hasDesktop = builtins.elem "desktop" tags; - - # Always include "common" tag implicitly - allTags = - if hasServer && hasDesktop then - throw "Error: 'server' and 'desktop' tags are mutually exclusive for host '${hostname}'" - else - [ "common" ] ++ tags; - - # Choose nixpkgs based on server tag - pkgs = if builtins.elem "server" allTags then nixpkgs-stable else nixpkgs; - - # Tag-specific modules: each tag can be either: - # 1. A file: hosts/modules/${tag}.nix - # 2. A directory: hosts/modules/${tag}/*.nix (all .nix files imported) - tagModuleFiles = builtins.concatMap ( - tag: - let - filePath = ./hosts/modules/${tag}.nix; - dirPath = ./hosts/modules/${tag}; - in - # Check if it's a file first - if builtins.pathExists filePath then - [ filePath ] - # Then check if it's a directory - else if builtins.pathExists dirPath then - let - entries = builtins.readDir dirPath; - nixFiles = pkgs.lib.filterAttrs ( - name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name - ) entries; - in - map (name: dirPath + "/${name}") (builtins.attrNames nixFiles) - else - [ ] - ) allTags; - - # Automatically import all .nix files from hosts/${hostname}/ - hostModulePath = ./hosts/${hostname}; - hostModuleFiles = - if builtins.pathExists hostModulePath then - let - entries = builtins.readDir hostModulePath; - nixFiles = pkgs.lib.filterAttrs ( - name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name && name != "${hostname}.nix" - ) entries; - in - map (name: hostModulePath + "/${name}") (builtins.attrNames nixFiles) - else - [ ]; - - # Combine all modules - allModules = [ - agenix.nixosModules.default - { - networking.hostName = hostname; - nix.nixPath = [ "nixos-config=${self.outPath}/nixosConfigurations/${hostname}" ]; - nixpkgs.overlays = [ - agenix.overlays.default - self.overlays.default - ]; - } - ] - ++ tagModuleFiles - ++ hostModuleFiles - ++ extraModules; - in - pkgs.lib.nixosSystem { - inherit system; - specialArgs = { - inherit inputs; - hostTags = allTags; - }; - modules = allModules; - }; - - # Tag-based user configuration system - mkHome = - { - username, - hostname ? null, - homeDirectory ? "/home/${username}", - tags ? [ ], - extraModules ? [ ], - }: - let - pkgs = nixpkgs.legacyPackages.x86_64-linux; - - # Always include "common" tag implicitly - allTags = [ "common" ] ++ tags; - - # Tag-specific modules: each tag maps to users/modules/${tag}.nix if it exists - tagModuleFiles = builtins.concatMap ( - tag: - let - filePath = ./users/modules/${tag}.nix; - dirPath = ./users/modules/${tag}; - in - # Check if it's a file first - if builtins.pathExists filePath then - [ filePath ] - # Then check if it's a directory - else if builtins.pathExists dirPath then - let - entries = builtins.readDir dirPath; - nixFiles = pkgs.lib.filterAttrs ( - name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name - ) entries; - in - map (name: dirPath + "/${name}") (builtins.attrNames nixFiles) - else - [ ] - ) allTags; - - # Automatically import all .nix files from users/${username}/ - userModulePath = ./users/${username}; - userModuleFiles = - if builtins.pathExists userModulePath then - let - entries = builtins.readDir userModulePath; - nixFiles = pkgs.lib.filterAttrs ( - name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name - ) entries; - in - map (name: userModulePath + "/${name}") (builtins.attrNames nixFiles) - else - [ ]; - - # Combine all modules - allModules = [ - { - home = { - inherit username homeDirectory; - stateVersion = "22.05"; - }; - } - ] - ++ tagModuleFiles - ++ userModuleFiles - ++ extraModules; - in - home-manager.lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { - inherit inputs hostname; - userTags = allTags; - }; - modules = allModules ++ [ - { - nixpkgs.overlays = [ self.overlays.default ]; - } - ]; - }; - - # Nginx virtual host utilities - mkNginxVHosts = - { domains }: - let - # Extract domain name and apply it as useACMEHost - mkVHostConfig = domain: config: - lib.recursiveUpdate { - useACMEHost = domain; - forceSSL = true; - kTLS = true; - } config; - in - lib.mapAttrs mkVHostConfig domains; - - # Split DNS utilities for unbound - # Generates unbound view config from a list of DNS entries - mkSplitDNS = - entries: - let - # Generate local-data entries for all domains - tailscaleData = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') entries; - lanData = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') entries; - in - [ - # Single Tailscale view with all domains - { - name = "tailscale"; - view-first = true; - local-zone = ''"baduhai.dev." transparent''; - local-data = tailscaleData; - } - # Single LAN view with all domains - { - name = "lan"; - view-first = true; - local-zone = ''"baduhai.dev." transparent''; - local-data = lanData; - } - ]; -} From bde5e2aabc17b452be085704cfdaa9e11e510fa6 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 22:46:49 -0300 Subject: [PATCH 150/206] add data/services.nix for shared service definitions Creates a standalone data file that can be imported by both aspects/constants.nix and terranix configurations. Co-Authored-By: Claude Opus 4.5 --- aspects/desktop/boot.nix | 5 +- aspects/desktop/nix.nix | 3 - aspects/desktop/services.nix | 5 +- aspects/hosts/_alexandria/jellyfin.nix | 3 +- aspects/hosts/_alexandria/kanidm.nix | 3 +- aspects/hosts/_alexandria/nextcloud.nix | 3 +- aspects/hosts/_alexandria/nginx.nix | 3 +- aspects/hosts/_alexandria/unbound.nix | 4 +- aspects/hosts/_alexandria/vaultwarden.nix | 3 +- aspects/hosts/_trantor/forgejo.nix | 3 +- aspects/hosts/_trantor/nginx.nix | 3 +- aspects/hosts/_trantor/unbound.nix | 4 +- aspects/server/boot.nix | 5 +- aspects/server/nix.nix | 3 - aspects/server/tailscale.nix | 5 +- data/services.nix | 42 +++++++++++ flake.lock | 16 ++++ flake.nix | 34 +++++---- plan.md | 89 +++++++++++++++++++++++ terranix/cloudflare/baduhai.dev.nix | 10 ++- 20 files changed, 189 insertions(+), 57 deletions(-) create mode 100644 data/services.nix create mode 100644 plan.md diff --git a/aspects/desktop/boot.nix b/aspects/desktop/boot.nix index bd98184..48f879d 100644 --- a/aspects/desktop/boot.nix +++ b/aspects/desktop/boot.nix @@ -1,9 +1,6 @@ -{ inputs, ... }: +{ ... }: { flake.modules.nixos.desktop-boot = { config, lib, pkgs, ... }: { - # Import parent aspect for inheritance - imports = [ inputs.self.modules.nixos.common-boot ]; - boot = { plymouth.enable = true; initrd.systemd.enable = true; diff --git a/aspects/desktop/nix.nix b/aspects/desktop/nix.nix index 67cfa11..a3aa421 100644 --- a/aspects/desktop/nix.nix +++ b/aspects/desktop/nix.nix @@ -1,9 +1,6 @@ { inputs, ... }: { flake.modules.nixos.desktop-nix = { config, lib, pkgs, ... }: { - # Import parent aspect for inheritance - imports = [ inputs.self.modules.nixos.common-nix ]; - environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; nix = { diff --git a/aspects/desktop/services.nix b/aspects/desktop/services.nix index 59f0a56..8ebbb6b 100644 --- a/aspects/desktop/services.nix +++ b/aspects/desktop/services.nix @@ -1,9 +1,6 @@ -{ inputs, ... }: +{ ... }: { flake.modules.nixos.desktop-services = { config, lib, pkgs, ... }: { - # Import parent aspect for inheritance - imports = [ inputs.self.modules.nixos.common-services ]; - services = { printing.enable = true; udev.packages = with pkgs; [ yubikey-personalization ]; diff --git a/aspects/hosts/_alexandria/jellyfin.nix b/aspects/hosts/_alexandria/jellyfin.nix index 591403d..0b024bd 100644 --- a/aspects/hosts/_alexandria/jellyfin.nix +++ b/aspects/hosts/_alexandria/jellyfin.nix @@ -1,7 +1,6 @@ { lib, inputs, ... }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + mkNginxVHosts = inputs.self.lib.mkNginxVHosts; in { services.jellyfin = { diff --git a/aspects/hosts/_alexandria/kanidm.nix b/aspects/hosts/_alexandria/kanidm.nix index d51eb14..35e08c8 100644 --- a/aspects/hosts/_alexandria/kanidm.nix +++ b/aspects/hosts/_alexandria/kanidm.nix @@ -7,8 +7,7 @@ }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + mkNginxVHosts = inputs.self.lib.mkNginxVHosts; kanidmCertDir = "/var/lib/kanidm/certs"; in diff --git a/aspects/hosts/_alexandria/nextcloud.nix b/aspects/hosts/_alexandria/nextcloud.nix index 9d69199..c4a9669 100644 --- a/aspects/hosts/_alexandria/nextcloud.nix +++ b/aspects/hosts/_alexandria/nextcloud.nix @@ -7,8 +7,7 @@ }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + mkNginxVHosts = inputs.self.lib.mkNginxVHosts; in { diff --git a/aspects/hosts/_alexandria/nginx.nix b/aspects/hosts/_alexandria/nginx.nix index 19258dd..26a7ba1 100644 --- a/aspects/hosts/_alexandria/nginx.nix +++ b/aspects/hosts/_alexandria/nginx.nix @@ -6,8 +6,7 @@ }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts services; + services = inputs.self.services; # Get all unique domains from shared services that have LAN IPs (served by this host) localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "alexandria") services)); diff --git a/aspects/hosts/_alexandria/unbound.nix b/aspects/hosts/_alexandria/unbound.nix index 6e46cdd..07c8850 100644 --- a/aspects/hosts/_alexandria/unbound.nix +++ b/aspects/hosts/_alexandria/unbound.nix @@ -1,7 +1,7 @@ { inputs, lib, ... }: let - utils = import ../../../utils.nix { inherit inputs lib; }; + services = inputs.self.services; in { @@ -35,7 +35,7 @@ in # LAN-only DNS records local-zone = ''"baduhai.dev." transparent''; local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') - (lib.filter (e: e ? lanIP) utils.services); + (lib.filter (e: e.lanIP != null) services); }; forward-zone = [ diff --git a/aspects/hosts/_alexandria/vaultwarden.nix b/aspects/hosts/_alexandria/vaultwarden.nix index 81e65b1..8577b2d 100644 --- a/aspects/hosts/_alexandria/vaultwarden.nix +++ b/aspects/hosts/_alexandria/vaultwarden.nix @@ -5,8 +5,7 @@ ... }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + mkNginxVHosts = inputs.self.lib.mkNginxVHosts; in { services.vaultwarden = { diff --git a/aspects/hosts/_trantor/forgejo.nix b/aspects/hosts/_trantor/forgejo.nix index e6b2159..1112622 100644 --- a/aspects/hosts/_trantor/forgejo.nix +++ b/aspects/hosts/_trantor/forgejo.nix @@ -6,8 +6,7 @@ }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; + mkNginxVHosts = inputs.self.lib.mkNginxVHosts; in { diff --git a/aspects/hosts/_trantor/nginx.nix b/aspects/hosts/_trantor/nginx.nix index 1fd6b5c..5522e24 100644 --- a/aspects/hosts/_trantor/nginx.nix +++ b/aspects/hosts/_trantor/nginx.nix @@ -6,8 +6,7 @@ }: let - utils = import ../../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts services; + services = inputs.self.services; # Get all unique domains from shared services on trantor (host = "trantor") localDomains = lib.unique ( diff --git a/aspects/hosts/_trantor/unbound.nix b/aspects/hosts/_trantor/unbound.nix index 367c2c8..9f84228 100644 --- a/aspects/hosts/_trantor/unbound.nix +++ b/aspects/hosts/_trantor/unbound.nix @@ -1,7 +1,7 @@ { inputs, lib, ... }: let - utils = import ../../../utils.nix { inherit inputs lib; }; + services = inputs.self.services; in { @@ -35,7 +35,7 @@ in # Tailnet DNS records from shared services local-zone = ''"baduhai.dev." transparent''; - local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') utils.services; + local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') services; }; forward-zone = [ diff --git a/aspects/server/boot.nix b/aspects/server/boot.nix index 68397f2..ff5ef25 100644 --- a/aspects/server/boot.nix +++ b/aspects/server/boot.nix @@ -1,10 +1,7 @@ # aspects/server/boot.nix -{ inputs, ... }: +{ ... }: { flake.modules.nixos.server-boot = { config, lib, pkgs, ... }: { - # Import parent aspect for inheritance - imports = [ inputs.self.modules.nixos.common-boot ]; - boot.kernelPackages = pkgs.linuxPackages_hardened; }; } diff --git a/aspects/server/nix.nix b/aspects/server/nix.nix index b22565c..84bec67 100644 --- a/aspects/server/nix.nix +++ b/aspects/server/nix.nix @@ -2,9 +2,6 @@ { inputs, ... }: { flake.modules.nixos.server-nix = { config, lib, pkgs, ... }: { - # Import parent aspect for inheritance - imports = [ inputs.self.modules.nixos.common-nix ]; - environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; nix = { diff --git a/aspects/server/tailscale.nix b/aspects/server/tailscale.nix index 433494c..5a48799 100644 --- a/aspects/server/tailscale.nix +++ b/aspects/server/tailscale.nix @@ -1,10 +1,7 @@ # aspects/server/tailscale.nix -{ inputs, ... }: +{ ... }: { flake.modules.nixos.server-tailscale = { config, lib, pkgs, ... }: { - # Import parent aspect for inheritance - imports = [ inputs.self.modules.nixos.common-tailscale ]; - services.tailscale = { extraSetFlags = [ "--advertise-exit-node" ]; useRoutingFeatures = "server"; diff --git a/data/services.nix b/data/services.nix new file mode 100644 index 0000000..ae7395c --- /dev/null +++ b/data/services.nix @@ -0,0 +1,42 @@ +# Shared service and host definitions +# This file can be imported directly (unlike aspects which use flake-parts) +{ + hosts = { + alexandria = { + lanIP = "192.168.15.142"; + tailscaleIP = "100.76.19.50"; + }; + trantor = { + tailscaleIP = "100.108.5.90"; + }; + }; + + services = [ + { + name = "kanidm"; + domain = "auth.baduhai.dev"; + host = "alexandria"; + } + { + name = "vaultwarden"; + domain = "pass.baduhai.dev"; + host = "alexandria"; + } + { + name = "forgejo"; + domain = "git.baduhai.dev"; + host = "trantor"; + public = true; + } + { + name = "nextcloud"; + domain = "cloud.baduhai.dev"; + host = "alexandria"; + } + { + name = "jellyfin"; + domain = "jellyfin.baduhai.dev"; + host = "alexandria"; + } + ]; +} diff --git a/flake.lock b/flake.lock index b5b63cf..c7b2e16 100644 --- a/flake.lock +++ b/flake.lock @@ -453,6 +453,21 @@ "type": "github" } }, + "import-tree": { + "locked": { + "lastModified": 1763762820, + "narHash": "sha256-ZvYKbFib3AEwiNMLsejb/CWs/OL/srFQ8AogkebEPF0=", + "owner": "vic", + "repo": "import-tree", + "rev": "3c23749d8013ec6daa1d7255057590e9ca726646", + "type": "github" + }, + "original": { + "owner": "vic", + "repo": "import-tree", + "type": "github" + } + }, "niri": { "inputs": { "nixpkgs": "nixpkgs_4", @@ -932,6 +947,7 @@ "flake-parts": "flake-parts", "home-manager": "home-manager_2", "impermanence": "impermanence", + "import-tree": "import-tree", "niri": "niri", "niri-flake": "niri-flake", "nix-ai-tools": "nix-ai-tools", diff --git a/flake.nix b/flake.nix index 701406d..ca1a349 100644 --- a/flake.nix +++ b/flake.nix @@ -58,21 +58,23 @@ outputs = inputs@{ flake-parts, import-tree, ... }: - flake-parts.lib.mkFlake { inherit inputs; } ( - import-tree ./aspects - // { - systems = [ - "x86_64-linux" - "aarch64-linux" - ]; + let + aspectsModule = import-tree ./aspects; + in + flake-parts.lib.mkFlake { inherit inputs; } { + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; - imports = [ - ./deploy.nix - ./devShells.nix - ./overlays.nix - ./packages.nix - ./terranixConfigurations.nix - ]; - } - ); + imports = [ + flake-parts.flakeModules.modules + ] ++ aspectsModule.imports ++ [ + ./deploy.nix + ./devShells.nix + ./overlays.nix + ./packages.nix + ./terranixConfigurations.nix + ]; + }; } diff --git a/plan.md b/plan.md new file mode 100644 index 0000000..af88fb9 --- /dev/null +++ b/plan.md @@ -0,0 +1,89 @@ +# Current structure: + +``` + hosts +├──  alexandria +│ ├──  hardware-configuration.nix +│ ├──  jellyfin.nix +│ ├──  kanidm.nix +│ ├──  nextcloud.nix +│ ├──  nginx.nix +│ ├──  unbound.nix +│ └──  vaultwarden.nix +├──  io +│ ├──  boot.nix +│ ├──  disko.nix +│ ├──  hardware-configuration.nix +│ ├──  programs.nix +│ └──  services.nix +├──  modules +│ ├──  common +│ │ ├──  boot.nix +│ │ ├──  console.nix +│ │ ├──  firewall.nix +│ │ ├──  locale.nix +│ │ ├──  nix.nix +│ │ ├──  openssh.nix +│ │ ├──  programs.nix +│ │ ├──  security.nix +│ │ ├──  services.nix +│ │ ├──  tailscale.nix +│ │ └──  users.nix +│ ├──  desktop +│ │ ├──  boot.nix +│ │ ├──  desktop.nix +│ │ ├──  nix.nix +│ │ └──  services.nix +│ ├──  server +│ │ ├──  boot.nix +│ │ ├──  nix.nix +│ │ └──  tailscale.nix +│ ├──  ai.nix +│ ├──  bluetooth.nix +│ ├──  dev.nix +│ ├──  ephemeral.nix +│ ├──  fwupd.nix +│ ├──  gaming.nix +│ ├──  libvirtd.nix +│ ├──  networkmanager.nix +│ └──  podman.nix +├──  rotterdam +│ ├──  boot.nix +│ ├──  hardware-configuration.nix +│ ├──  hardware.nix +│ ├──  programs.nix +│ └──  services.nix +└──  trantor + ├──  boot.nix + ├──  disko.nix + ├──  fail2ban.nix + ├──  forgejo.nix + ├──  hardware-configuration.nix + ├──  networking.nix + ├──  nginx.nix + ├──  openssh.nix + └──  unbound.nix + modules +└──  ephemeral.nix + users +├──  modules +│ ├──  common +│ │ ├──  bash.nix +│ │ ├──  fish.nix +│ │ └──  hm-cli.nix +│ ├──  desktop +│ │ ├──  desktop.nix +│ │ └──  niri.nix +│ ├──  btop.nix +│ ├──  comma.nix +│ ├──  direnv.nix +│ ├──  gaming.nix +│ ├──  helix.nix +│ ├──  obs-studio.nix +│ ├──  starship.nix +│ ├──  stylix.nix +│ └──  tmux.nix +└──  user + └──  git.nix +``` + diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix index 1b456f3..185e5bd 100644 --- a/terranix/cloudflare/baduhai.dev.nix +++ b/terranix/cloudflare/baduhai.dev.nix @@ -6,7 +6,15 @@ { config, lib, ... }: let - inherit (import ../../shared/services.nix) services; + sharedData = import ../../data/services.nix; + # Enrich services with host IPs + services = map (svc: + let hostInfo = sharedData.hosts.${svc.host} or {}; + in svc // { + lanIP = hostInfo.lanIP or null; + tailscaleIP = hostInfo.tailscaleIP or null; + } + ) sharedData.services; # Helper to extract subdomain from full domain (e.g., "git.baduhai.dev" -> "git") getSubdomain = domain: lib.head (lib.splitString "." domain); From 1b7ea7e59b95bee0dbf969e9b31cf9a142201f19 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 6 Feb 2026 23:50:27 -0300 Subject: [PATCH 151/206] constants: import hosts/services from data/services.nix Eliminates duplication by using data/services.nix as single source of truth for both flake-parts modules and terranix. Co-Authored-By: Claude Opus 4.5 --- aspects/constants.nix | 43 ++++--------------------------------------- 1 file changed, 4 insertions(+), 39 deletions(-) diff --git a/aspects/constants.nix b/aspects/constants.nix index 633cff6..2d980e1 100644 --- a/aspects/constants.nix +++ b/aspects/constants.nix @@ -50,35 +50,8 @@ let }; }; - # Raw services list before enrichment - rawServices = [ - { - name = "kanidm"; - domain = "auth.baduhai.dev"; - host = "alexandria"; - } - { - name = "vaultwarden"; - domain = "pass.baduhai.dev"; - host = "alexandria"; - } - { - name = "forgejo"; - domain = "git.baduhai.dev"; - host = "trantor"; - public = true; - } - { - name = "nextcloud"; - domain = "cloud.baduhai.dev"; - host = "alexandria"; - } - { - name = "jellyfin"; - domain = "jellyfin.baduhai.dev"; - host = "alexandria"; - } - ]; + # Import shared data (also used by terranix) + sharedData = import ../data/services.nix; # Enrich services with host IP information enrichServices = hosts: services: @@ -115,17 +88,9 @@ in }; config.flake = { - hosts = { - alexandria = { - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - }; - trantor = { - tailscaleIP = "100.108.5.90"; - }; - }; + hosts = sharedData.hosts; - services = enrichServices config.flake.hosts rawServices; + services = enrichServices config.flake.hosts sharedData.services; lib = { # Nginx virtual host utilities From 829fde6a3af7ba20959d90911e07dde5167b3f4b Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 07:54:49 -0300 Subject: [PATCH 152/206] packages: convert to self-contained flake-parts modules Each package file now exports its own perSystem.packages. definition instead of being called from a centralized packages.nix file. Co-Authored-By: Claude Opus 4.5 --- packages/base16-schemes.nix | 55 ++--- packages/claude-desktop.nix | 400 +++++++++++++++++------------------ packages/fastfetch.nix | 159 +++++++------- packages/hm-cli.nix | 176 +++++++-------- packages/kwrite.nix | 32 +-- packages/toggleaudiosink.nix | 82 +++---- 6 files changed, 459 insertions(+), 445 deletions(-) diff --git a/packages/base16-schemes.nix b/packages/base16-schemes.nix index ffd6c04..fbb1341 100644 --- a/packages/base16-schemes.nix +++ b/packages/base16-schemes.nix @@ -1,32 +1,35 @@ +{ ... }: + { - lib, - stdenv, - fetchFromGitHub, -}: -stdenv.mkDerivation (finalAttrs: { - pname = "base16-schemes"; - version = "0-unstable-2025-06-04"; + perSystem = + { pkgs, ... }: + { + packages.base16-schemes = pkgs.stdenv.mkDerivation (finalAttrs: { + pname = "base16-schemes"; + version = "0-unstable-2025-06-04"; - src = fetchFromGitHub { - owner = "tinted-theming"; - repo = "schemes"; - rev = "317a5e10c35825a6c905d912e480dfe8e71c7559"; - hash = "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM="; - }; + src = pkgs.fetchFromGitHub { + owner = "tinted-theming"; + repo = "schemes"; + rev = "317a5e10c35825a6c905d912e480dfe8e71c7559"; + hash = "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM="; + }; - installPhase = '' - runHook preInstall + installPhase = '' + runHook preInstall - mkdir -p $out/share/themes/ - install base16/*.yaml $out/share/themes/ + mkdir -p $out/share/themes/ + install base16/*.yaml $out/share/themes/ - runHook postInstall - ''; + runHook postInstall + ''; - meta = { - description = "All the color schemes for use in base16 packages"; - homepage = "https://github.com/tinted-theming/schemes"; - maintainers = [ lib.maintainers.DamienCassou ]; - license = lib.licenses.mit; - }; -}) + meta = { + description = "All the color schemes for use in base16 packages"; + homepage = "https://github.com/tinted-theming/schemes"; + maintainers = [ pkgs.lib.maintainers.DamienCassou ]; + license = pkgs.lib.licenses.mit; + }; + }); + }; +} diff --git a/packages/claude-desktop.nix b/packages/claude-desktop.nix index e72fc37..e93f3af 100644 --- a/packages/claude-desktop.nix +++ b/packages/claude-desktop.nix @@ -1,221 +1,215 @@ +{ inputs, ... }: + { - lib, - stdenv, - fetchurl, - makeWrapper, - makeDesktopItem, - copyDesktopItems, - p7zip, - unzip, - electron, - nodejs, - asar, - graphicsmagick, -}: + perSystem = + { system, ... }: + let + pkgs = import inputs.nixpkgs { + inherit system; + config.allowUnfree = true; + }; -let - pname = "claude-desktop"; - version = "1.0.1768"; # Updated based on extracted nupkg + pname = "claude-desktop"; + version = "1.0.1768"; - srcs.x86_64-linux = fetchurl { - url = "https://downloads.claude.ai/releases/win32/x64/1.0.1768/Claude-67d01376d0e9d08b328455f6db9e63b0d603506a.exe"; - hash = "sha256-x76Qav38ya3ObpWIq3dDowo79LgvVquMfaZeH8M1LUk=;"; - }; + srcs.x86_64-linux = pkgs.fetchurl { + url = "https://downloads.claude.ai/releases/win32/x64/1.0.1768/Claude-67d01376d0e9d08b328455f6db9e63b0d603506a.exe"; + hash = "sha256-x76Qav38ya3ObpWIq3dDowo79LgvVquMfaZeH8M1LUk=;"; + }; - src = - srcs.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); + src = + srcs.${pkgs.stdenv.hostPlatform.system} or (throw "Unsupported system: ${pkgs.stdenv.hostPlatform.system}"); - # Stub implementation for claude-native module - claudeNativeStub = '' - // Stub implementation of claude-native using KeyboardKey enum values - const KeyboardKey = { - Backspace: 43, Tab: 280, Enter: 261, Shift: 272, Control: 61, Alt: 40, - CapsLock: 56, Escape: 85, Space: 276, PageUp: 251, PageDown: 250, - End: 83, Home: 154, LeftArrow: 175, UpArrow: 282, RightArrow: 262, - DownArrow: 81, Delete: 79, Meta: 187 - }; - Object.freeze(KeyboardKey); - module.exports = { - getWindowsVersion: () => "10.0.0", - setWindowEffect: () => {}, - removeWindowEffect: () => {}, - getIsMaximized: () => false, - flashFrame: () => {}, - clearFlashFrame: () => {}, - showNotification: () => {}, - setProgressBar: () => {}, - clearProgressBar: () => {}, - setOverlayIcon: () => {}, - clearOverlayIcon: () => {}, - KeyboardKey - }; - ''; + claudeNativeStub = '' + // Stub implementation of claude-native using KeyboardKey enum values + const KeyboardKey = { + Backspace: 43, Tab: 280, Enter: 261, Shift: 272, Control: 61, Alt: 40, + CapsLock: 56, Escape: 85, Space: 276, PageUp: 251, PageDown: 250, + End: 83, Home: 154, LeftArrow: 175, UpArrow: 282, RightArrow: 262, + DownArrow: 81, Delete: 79, Meta: 187 + }; + Object.freeze(KeyboardKey); + module.exports = { + getWindowsVersion: () => "10.0.0", + setWindowEffect: () => {}, + removeWindowEffect: () => {}, + getIsMaximized: () => false, + flashFrame: () => {}, + clearFlashFrame: () => {}, + showNotification: () => {}, + setProgressBar: () => {}, + clearProgressBar: () => {}, + setOverlayIcon: () => {}, + clearOverlayIcon: () => {}, + KeyboardKey + }; + ''; + in + { + packages.claude-desktop = pkgs.stdenv.mkDerivation rec { + inherit pname version src; -in -stdenv.mkDerivation rec { - inherit pname version src; + nativeBuildInputs = with pkgs; [ + makeWrapper + copyDesktopItems + p7zip + unzip + nodejs + graphicsmagick + ]; - nativeBuildInputs = [ - makeWrapper - copyDesktopItems - p7zip - unzip - nodejs - graphicsmagick - ]; + buildInputs = [ pkgs.electron ]; - buildInputs = [ - electron - ]; + desktopItems = [ + (pkgs.makeDesktopItem { + name = "claude-desktop"; + desktopName = "Claude"; + comment = "AI assistant from Anthropic"; + exec = "claude-desktop %u"; + icon = "claude-desktop"; + categories = [ + "Network" + "Chat" + "Office" + ]; + mimeTypes = [ "x-scheme-handler/claude" ]; + startupNotify = true; + startupWMClass = "Claude"; + }) + ]; - desktopItems = [ - (makeDesktopItem { - name = "claude-desktop"; - desktopName = "Claude"; - comment = "AI assistant from Anthropic"; - exec = "claude-desktop %u"; - icon = "claude-desktop"; - categories = [ - "Network" - "Chat" - "Office" - ]; - mimeTypes = [ "x-scheme-handler/claude" ]; - startupNotify = true; - startupWMClass = "Claude"; - }) - ]; + unpackPhase = '' + runHook preUnpack - unpackPhase = '' - runHook preUnpack + # Extract the Windows installer - use -y to auto-overwrite + 7z x -y $src -o./extracted - # Extract the Windows installer - use -y to auto-overwrite - 7z x -y $src -o./extracted + # The installer contains a NuGet package + if [ -f ./extracted/AnthropicClaude-*-full.nupkg ]; then + echo "Found NuGet package, extracting..." + # NuGet packages are just zip files + unzip -q ./extracted/AnthropicClaude-*-full.nupkg -d ./nupkg - # The installer contains a NuGet package - if [ -f ./extracted/AnthropicClaude-*-full.nupkg ]; then - echo "Found NuGet package, extracting..." - # NuGet packages are just zip files - unzip -q ./extracted/AnthropicClaude-*-full.nupkg -d ./nupkg + # Extract app.asar to modify it + if [ -f ./nupkg/lib/net45/resources/app.asar ]; then + echo "Extracting app.asar..." + ${pkgs.asar}/bin/asar extract ./nupkg/lib/net45/resources/app.asar ./app - # Extract app.asar to modify it - if [ -f ./nupkg/lib/net45/resources/app.asar ]; then - echo "Extracting app.asar..." - ${asar}/bin/asar extract ./nupkg/lib/net45/resources/app.asar ./app + # Also copy the unpacked resources + if [ -d ./nupkg/lib/net45/resources/app.asar.unpacked ]; then + cp -r ./nupkg/lib/net45/resources/app.asar.unpacked/* ./app/ + fi - # Also copy the unpacked resources - if [ -d ./nupkg/lib/net45/resources/app.asar.unpacked ]; then - cp -r ./nupkg/lib/net45/resources/app.asar.unpacked/* ./app/ - fi - - # Copy additional resources - mkdir -p ./app/resources - mkdir -p ./app/resources/i18n - cp ./nupkg/lib/net45/resources/Tray* ./app/resources/ || true - cp ./nupkg/lib/net45/resources/*-*.json ./app/resources/i18n/ || true - fi - else - echo "NuGet package not found" - ls -la ./extracted/ - exit 1 - fi - - runHook postUnpack - ''; - - buildPhase = '' - runHook preBuild - - # Replace the Windows-specific claude-native module with a stub - if [ -d ./app/node_modules/claude-native ]; then - echo "Replacing claude-native module with Linux stub..." - rm -rf ./app/node_modules/claude-native/*.node - cat > ./app/node_modules/claude-native/index.js << 'EOF' - ${claudeNativeStub} - EOF - fi - - # Fix the title bar detection (from aaddrick script) - echo "Fixing title bar detection..." - SEARCH_BASE="./app/.vite/renderer/main_window/assets" - if [ -d "$SEARCH_BASE" ]; then - TARGET_FILE=$(find "$SEARCH_BASE" -type f -name "MainWindowPage-*.js" | head -1) - if [ -n "$TARGET_FILE" ]; then - echo "Found target file: $TARGET_FILE" - # Replace patterns like 'if(!VAR1 && VAR2)' with 'if(VAR1 && VAR2)' - sed -i -E 's/if\(!([a-zA-Z]+)[[:space:]]*&&[[:space:]]*([a-zA-Z]+)\)/if(\1 \&\& \2)/g' "$TARGET_FILE" - echo "Title bar fix applied" - fi - fi - - runHook postBuild - ''; - - installPhase = '' - runHook preInstall - - mkdir -p $out/lib/claude-desktop - - # Repack the modified app as app.asar - cd ./app - ${asar}/bin/asar pack . ../app.asar - cd .. - - # Copy resources - mkdir -p $out/lib/claude-desktop/resources - cp ./app.asar $out/lib/claude-desktop/resources/ - - # Create app.asar.unpacked directory with the stub - mkdir -p $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native - cat > $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native/index.js << 'EOF' - ${claudeNativeStub} - EOF - - # Copy other resources - if [ -d ./nupkg/lib/net45/resources ]; then - cp ./nupkg/lib/net45/resources/*.png $out/lib/claude-desktop/resources/ 2>/dev/null || true - cp ./nupkg/lib/net45/resources/*.ico $out/lib/claude-desktop/resources/ 2>/dev/null || true - cp ./nupkg/lib/net45/resources/*.json $out/lib/claude-desktop/resources/ 2>/dev/null || true - fi - - # Create wrapper script - makeWrapper ${electron}/bin/electron $out/bin/claude-desktop \ - --add-flags "$out/lib/claude-desktop/resources/app.asar" \ - --set DISABLE_AUTOUPDATER 1 \ - --set NODE_ENV production - - # Extract and install icons in multiple sizes - if [ -f ./extracted/setupIcon.ico ]; then - echo "Converting and installing icons..." - # Count frames in the ICO file and extract each one - frame_count=$(gm identify ./extracted/setupIcon.ico | wc -l) - for i in $(seq 0 $((frame_count - 1))); do - gm convert "./extracted/setupIcon.ico[$i]" "./extracted/setupIcon-$i.png" 2>/dev/null || true - done - - # Loop through converted icons and install them by size - for img in ./extracted/setupIcon-*.png; do - if [ -f "$img" ]; then - size=$(gm identify -format "%wx%h" "$img") - # Skip smallest icons (16x16 and 32x32) as they're too low quality - if [ "$size" != "16x16" ] && [ "$size" != "32x32" ]; then - mkdir -p "$out/share/icons/hicolor/$size/apps" - cp "$img" "$out/share/icons/hicolor/$size/apps/claude-desktop.png" + # Copy additional resources + mkdir -p ./app/resources + mkdir -p ./app/resources/i18n + cp ./nupkg/lib/net45/resources/Tray* ./app/resources/ || true + cp ./nupkg/lib/net45/resources/*-*.json ./app/resources/i18n/ || true + fi + else + echo "NuGet package not found" + ls -la ./extracted/ + exit 1 fi - fi - done - fi - runHook postInstall - ''; + runHook postUnpack + ''; - meta = with lib; { - description = "Claude Desktop - AI assistant from Anthropic"; - homepage = "https://claude.ai"; - license = licenses.unfree; - sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; - maintainers = with maintainers; [ ]; - platforms = [ "x86_64-linux" ]; - mainProgram = "claude-desktop"; - }; + buildPhase = '' + runHook preBuild + + # Replace the Windows-specific claude-native module with a stub + if [ -d ./app/node_modules/claude-native ]; then + echo "Replacing claude-native module with Linux stub..." + rm -rf ./app/node_modules/claude-native/*.node + cat > ./app/node_modules/claude-native/index.js << 'EOF' + ${claudeNativeStub} + EOF + fi + + # Fix the title bar detection (from aaddrick script) + echo "Fixing title bar detection..." + SEARCH_BASE="./app/.vite/renderer/main_window/assets" + if [ -d "$SEARCH_BASE" ]; then + TARGET_FILE=$(find "$SEARCH_BASE" -type f -name "MainWindowPage-*.js" | head -1) + if [ -n "$TARGET_FILE" ]; then + echo "Found target file: $TARGET_FILE" + # Replace patterns like 'if(!VAR1 && VAR2)' with 'if(VAR1 && VAR2)' + sed -i -E 's/if\(!([a-zA-Z]+)[[:space:]]*&&[[:space:]]*([a-zA-Z]+)\)/if(\1 \&\& \2)/g' "$TARGET_FILE" + echo "Title bar fix applied" + fi + fi + + runHook postBuild + ''; + + installPhase = '' + runHook preInstall + + mkdir -p $out/lib/claude-desktop + + # Repack the modified app as app.asar + cd ./app + ${pkgs.asar}/bin/asar pack . ../app.asar + cd .. + + # Copy resources + mkdir -p $out/lib/claude-desktop/resources + cp ./app.asar $out/lib/claude-desktop/resources/ + + # Create app.asar.unpacked directory with the stub + mkdir -p $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native + cat > $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native/index.js << 'EOF' + ${claudeNativeStub} + EOF + + # Copy other resources + if [ -d ./nupkg/lib/net45/resources ]; then + cp ./nupkg/lib/net45/resources/*.png $out/lib/claude-desktop/resources/ 2>/dev/null || true + cp ./nupkg/lib/net45/resources/*.ico $out/lib/claude-desktop/resources/ 2>/dev/null || true + cp ./nupkg/lib/net45/resources/*.json $out/lib/claude-desktop/resources/ 2>/dev/null || true + fi + + # Create wrapper script + makeWrapper ${pkgs.electron}/bin/electron $out/bin/claude-desktop \ + --add-flags "$out/lib/claude-desktop/resources/app.asar" \ + --set DISABLE_AUTOUPDATER 1 \ + --set NODE_ENV production + + # Extract and install icons in multiple sizes + if [ -f ./extracted/setupIcon.ico ]; then + echo "Converting and installing icons..." + # Count frames in the ICO file and extract each one + frame_count=$(gm identify ./extracted/setupIcon.ico | wc -l) + for i in $(seq 0 $((frame_count - 1))); do + gm convert "./extracted/setupIcon.ico[$i]" "./extracted/setupIcon-$i.png" 2>/dev/null || true + done + + # Loop through converted icons and install them by size + for img in ./extracted/setupIcon-*.png; do + if [ -f "$img" ]; then + size=$(gm identify -format "%wx%h" "$img") + # Skip smallest icons (16x16 and 32x32) as they're too low quality + if [ "$size" != "16x16" ] && [ "$size" != "32x32" ]; then + mkdir -p "$out/share/icons/hicolor/$size/apps" + cp "$img" "$out/share/icons/hicolor/$size/apps/claude-desktop.png" + fi + fi + done + fi + + runHook postInstall + ''; + + meta = with pkgs.lib; { + description = "Claude Desktop - AI assistant from Anthropic"; + homepage = "https://claude.ai"; + license = licenses.unfree; + sourceProvenance = with sourceTypes; [ binaryNativeCode ]; + maintainers = [ ]; + platforms = [ "x86_64-linux" ]; + mainProgram = "claude-desktop"; + }; + }; + }; } diff --git a/packages/fastfetch.nix b/packages/fastfetch.nix index fa8e0ea..aa8d616 100644 --- a/packages/fastfetch.nix +++ b/packages/fastfetch.nix @@ -1,81 +1,84 @@ +{ ... }: + { - lib, - pkgs ? import { }, -}: + perSystem = + { pkgs, lib, ... }: + let + fastfetch-logo = pkgs.fetchurl { + url = "https://discourse.nixos.org/uploads/default/original/3X/3/6/36954e6d6aa32c8b00f50ca43f142d898c1ff535.png"; + hash = "sha256-aLHz8jSAFocrn+Pb4vRq0wtkYFJpBpZRevd+VoZC/PQ="; + }; -let - fastfetch-logo = pkgs.fetchurl { - url = "https://discourse.nixos.org/uploads/default/original/3X/3/6/36954e6d6aa32c8b00f50ca43f142d898c1ff535.png"; - hash = "sha256-aLHz8jSAFocrn+Pb4vRq0wtkYFJpBpZRevd+VoZC/PQ="; - }; - - fastfetch-config = pkgs.writeText "fastfetch-config.json" ( - builtins.toJSON { - "$schema" = "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json"; - modules = [ - "title" - "separator" - { - type = "os"; - keyWidth = 9; + fastfetch-config = pkgs.writeText "fastfetch-config.json" ( + builtins.toJSON { + "$schema" = "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json"; + modules = [ + "title" + "separator" + { + type = "os"; + keyWidth = 9; + } + { + type = "kernel"; + keyWidth = 9; + } + { + type = "uptime"; + keyWidth = 9; + } + { + type = "shell"; + keyWidth = 9; + } + "break" + { + type = "cpu"; + keyWidth = 11; + } + { + type = "memory"; + keyWidth = 11; + } + { + type = "swap"; + keyWidth = 11; + } + { + type = "disk"; + folders = "/"; + keyWidth = 11; + } + { + type = "command"; + key = "Systemd"; + keyWidth = 11; + text = "echo \"$(systemctl list-units --state=failed --no-legend | wc -l) failed units, $(systemctl list-jobs --no-legend | wc -l) queued jobs\""; + } + "break" + { + type = "command"; + key = "Public IP"; + keyWidth = 15; + text = "curl -s -4 ifconfig.me 2>/dev/null || echo 'N/A'"; + } + { + type = "command"; + key = "Tailscale IP"; + keyWidth = 15; + text = "tailscale ip -4 2>/dev/null || echo 'N/A'"; + } + { + type = "command"; + key = "Local IP"; + keyWidth = 15; + text = "ip -4 addr show scope global | grep inet | head -n1 | awk '{print $2}' | cut -d/ -f1"; + } + ]; } - { - type = "kernel"; - keyWidth = 9; - } - { - type = "uptime"; - keyWidth = 9; - } - { - type = "shell"; - keyWidth = 9; - } - "break" - { - type = "cpu"; - keyWidth = 11; - } - { - type = "memory"; - keyWidth = 11; - } - { - type = "swap"; - keyWidth = 11; - } - { - type = "disk"; - folders = "/"; - keyWidth = 11; - } - { - type = "command"; - key = "Systemd"; - keyWidth = 11; - text = "echo \"$(systemctl list-units --state=failed --no-legend | wc -l) failed units, $(systemctl list-jobs --no-legend | wc -l) queued jobs\""; - } - "break" - { - type = "command"; - key = "Public IP"; - keyWidth = 15; - text = "curl -s -4 ifconfig.me 2>/dev/null || echo 'N/A'"; - } - { - type = "command"; - key = "Tailscale IP"; - keyWidth = 15; - text = "tailscale ip -4 2>/dev/null || echo 'N/A'"; - } - { - type = "command"; - key = "Local IP"; - keyWidth = 15; - text = "ip -4 addr show scope global | grep inet | head -n1 | awk '{print $2}' | cut -d/ -f1"; - } - ]; - } - ); -in -pkgs.writeShellScriptBin "fastfetch" ''exec ${lib.getExe pkgs.fastfetch} --config ${fastfetch-config} --logo-type kitty --logo ${fastfetch-logo} --logo-padding-right 1 --logo-width 36 "$@" '' + ); + in + { + packages.fastfetch = pkgs.writeShellScriptBin "fastfetch" ''exec ${lib.getExe pkgs.fastfetch} --config ${fastfetch-config} --logo-type kitty --logo ${fastfetch-logo} --logo-padding-right 1 --logo-width 36 "$@" ''; + }; +} diff --git a/packages/hm-cli.nix b/packages/hm-cli.nix index f6034ea..94dae66 100644 --- a/packages/hm-cli.nix +++ b/packages/hm-cli.nix @@ -1,105 +1,109 @@ +{ ... }: + { - pkgs ? import { }, -}: + perSystem = + { pkgs, ... }: + { + packages.hm-cli = pkgs.writeShellScriptBin "hm" '' + set -e -pkgs.writeShellScriptBin "hm" '' - set -e + HM="${pkgs.lib.getExe pkgs.home-manager}" + FLAKE_PATH="''${HM_PATH:-$HOME/.config/home-manager}" + FLAKE_OUTPUT="''${HM_USER:-$(whoami)@$(hostname)}" - HM="${pkgs.lib.getExe pkgs.home-manager}" - FLAKE_PATH="''${HM_PATH:-$HOME/.config/home-manager}" - FLAKE_OUTPUT="''${HM_USER:-$(whoami)@$(hostname)}" + show_usage() { + cat < [args] - show_usage() { - cat < [args] + Commands: + apply Switch to a new generation + generation list List all generations + generation delete ID... Delete specified generation(s) + generation rollback Rollback to the previous generation + generation switch ID Switch to the specified generation + generation cleanup Delete all but the current generation - Commands: - apply Switch to a new generation - generation list List all generations - generation delete ID... Delete specified generation(s) - generation rollback Rollback to the previous generation - generation switch ID Switch to the specified generation - generation cleanup Delete all but the current generation + Environment Variables: + HM_PATH Override default flake path (~/.config/home-manager) + Currently set to "''${HM_PATH:-}" + HM_USER Override default user output ("$(whoami)@$(hostname)") + Currently set to "''${HM_USER:-}" + EOF + } - Environment Variables: - HM_PATH Override default flake path (~/.config/home-manager) - Currently set to "''${HM_PATH:-}" - HM_USER Override default user output ("$(whoami)@$(hostname)") - Currently set to "''${HM_USER:-}" - EOF - } - - if [[ $# -eq 0 ]]; then - show_usage - exit 1 - fi - - case "$1" in - apply) - "$HM" switch --flake "$FLAKE_PATH#$FLAKE_OUTPUT" -b bkp - ;; - generation) - if [[ $# -lt 2 ]]; then - echo "Error: generation command requires a subcommand" + if [[ $# -eq 0 ]]; then show_usage exit 1 fi - case "$2" in - list) - "$HM" generations + case "$1" in + apply) + "$HM" switch --flake "$FLAKE_PATH#$FLAKE_OUTPUT" -b bkp ;; - delete) - if [[ $# -lt 3 ]]; then - echo "Error: delete requires at least one generation ID" + generation) + if [[ $# -lt 2 ]]; then + echo "Error: generation command requires a subcommand" + show_usage exit 1 fi - shift 2 - "$HM" remove-generations "$@" - ;; - rollback) - PREV_GEN=$("$HM" generations | \ - sed -n 's/^[[:space:]]*id \([0-9]\+\).*/\1/p' | \ - head -n 2 | tail -n 1) - if [[ -z "$PREV_GEN" ]]; then - echo "Error: could not determine previous generation (possibly only one generation exists)" - exit 1 - fi - "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$PREV_GEN" -b bkp - ;; - switch) - if [[ $# -ne 3 ]]; then - echo "Error: switch requires exactly one generation ID" - exit 1 - fi - "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$3" -b bkp - ;; - cleanup) - CURRENT_GEN=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .* (current)$/\1/p') - if [[ -z "$CURRENT_GEN" ]]; then - echo "Error: could not determine current generation" - exit 1 - fi - OLD_GENS=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .*/\1/p' | grep -v "^$CURRENT_GEN$") - if [[ -z "$OLD_GENS" ]]; then - echo "No old generations to delete" - else - echo "Deleting generations: $(echo $OLD_GENS | tr '\n' ' ')" - echo "$OLD_GENS" | xargs "$HM" remove-generations - echo "Cleanup complete. Current generation $CURRENT_GEN preserved." - fi + + case "$2" in + list) + "$HM" generations + ;; + delete) + if [[ $# -lt 3 ]]; then + echo "Error: delete requires at least one generation ID" + exit 1 + fi + shift 2 + "$HM" remove-generations "$@" + ;; + rollback) + PREV_GEN=$("$HM" generations | \ + sed -n 's/^[[:space:]]*id \([0-9]\+\).*/\1/p' | \ + head -n 2 | tail -n 1) + if [[ -z "$PREV_GEN" ]]; then + echo "Error: could not determine previous generation (possibly only one generation exists)" + exit 1 + fi + "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$PREV_GEN" -b bkp + ;; + switch) + if [[ $# -ne 3 ]]; then + echo "Error: switch requires exactly one generation ID" + exit 1 + fi + "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$3" -b bkp + ;; + cleanup) + CURRENT_GEN=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .* (current)$/\1/p') + if [[ -z "$CURRENT_GEN" ]]; then + echo "Error: could not determine current generation" + exit 1 + fi + OLD_GENS=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .*/\1/p' | grep -v "^$CURRENT_GEN$") + if [[ -z "$OLD_GENS" ]]; then + echo "No old generations to delete" + else + echo "Deleting generations: $(echo $OLD_GENS | tr '\n' ' ')" + echo "$OLD_GENS" | xargs "$HM" remove-generations + echo "Cleanup complete. Current generation $CURRENT_GEN preserved." + fi + ;; + *) + echo "Error: unknown generation subcommand '$2'" + show_usage + exit 1 + ;; + esac ;; *) - echo "Error: unknown generation subcommand '$2'" + echo "Error: unknown command '$1'" show_usage exit 1 ;; esac - ;; - *) - echo "Error: unknown command '$1'" - show_usage - exit 1 - ;; - esac -'' + ''; + }; +} diff --git a/packages/kwrite.nix b/packages/kwrite.nix index 14ebce1..67ce69e 100644 --- a/packages/kwrite.nix +++ b/packages/kwrite.nix @@ -1,15 +1,21 @@ -{ pkgs }: +{ ... }: -pkgs.symlinkJoin { - name = "kwrite"; - paths = [ pkgs.kdePackages.kate ]; - postBuild = '' - rm -rf $out/bin/kate \ - $out/bin/.kate-wrapped \ - $out/share/applications/org.kde.kate.desktop \ - $out/share/man \ - $out/share/icons/hicolor/*/apps/kate.png \ - $out/share/icons/hicolor/scalable/apps/kate.svg \ - $out/share/appdata/org.kde.kate.appdata.xml - ''; +{ + perSystem = + { pkgs, ... }: + { + packages.kwrite = pkgs.symlinkJoin { + name = "kwrite"; + paths = [ pkgs.kdePackages.kate ]; + postBuild = '' + rm -rf $out/bin/kate \ + $out/bin/.kate-wrapped \ + $out/share/applications/org.kde.kate.desktop \ + $out/share/man \ + $out/share/icons/hicolor/*/apps/kate.png \ + $out/share/icons/hicolor/scalable/apps/kate.svg \ + $out/share/appdata/org.kde.kate.appdata.xml + ''; + }; + }; } diff --git a/packages/toggleaudiosink.nix b/packages/toggleaudiosink.nix index 623346f..22e0d44 100644 --- a/packages/toggleaudiosink.nix +++ b/packages/toggleaudiosink.nix @@ -1,48 +1,52 @@ +{ ... }: + { - pkgs ? import { }, -}: + perSystem = + { pkgs, ... }: + { + packages.toggleaudiosink = pkgs.writeShellScriptBin "toggleaudiosink" '' + #!/usr/bin/env bash -pkgs.writeShellScriptBin "toggleaudiosink" '' - #!/usr/bin/env bash + sound_server="pipewire" - sound_server="pipewire" + # Grab a count of how many audio sinks we have + sink_count=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -c "Sink #[[:digit:]]") + # Create an array of the actual sink IDs + sinks=() + mapfile -t sinks < <(${pkgs.pulseaudio}/bin/pactl list sinks | grep 'Sink #[[:digit:]]' | sed -n -e 's/.*Sink #\([[:digit:]]\)/\1/p') + # Get the ID of the active sink + active_sink_name=$(${pkgs.pulseaudio}/bin/pactl info | grep 'Default Sink:' | sed -n -e 's/.*Default Sink:[[:space:]]\+\(.*\)/\1/p') + active_sink=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -B 2 "$active_sink_name" | sed -n -e 's/Sink #\([[:digit:]]\)/\1/p' | head -n 1) - # Grab a count of how many audio sinks we have - sink_count=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -c "Sink #[[:digit:]]") - # Create an array of the actual sink IDs - sinks=() - mapfile -t sinks < <(${pkgs.pulseaudio}/bin/pactl list sinks | grep 'Sink #[[:digit:]]' | sed -n -e 's/.*Sink #\([[:digit:]]\)/\1/p') - # Get the ID of the active sink - active_sink_name=$(${pkgs.pulseaudio}/bin/pactl info | grep 'Default Sink:' | sed -n -e 's/.*Default Sink:[[:space:]]\+\(.*\)/\1/p') - active_sink=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -B 2 "$active_sink_name" | sed -n -e 's/Sink #\([[:digit:]]\)/\1/p' | head -n 1) + # Get the ID of the last sink in the array + final_sink=''${sinks[$((sink_count - 1))]} - # Get the ID of the last sink in the array - final_sink=''${sinks[$((sink_count - 1))]} + # Find the index of the active sink + for index in "''${!sinks[@]}"; do + if [[ "''${sinks[$index]}" == "$active_sink" ]]; then + active_sink_index=$index + fi + done - # Find the index of the active sink - for index in "''${!sinks[@]}"; do - if [[ "''${sinks[$index]}" == "$active_sink" ]]; then - active_sink_index=$index - fi - done + # Default to the first sink in the list + next_sink=''${sinks[0]} + next_sink_index=0 - # Default to the first sink in the list - next_sink=''${sinks[0]} - next_sink_index=0 + # If we're not at the end of the list, move up the list + if [[ $active_sink -ne $final_sink ]]; then + next_sink_index=$((active_sink_index + 1)) + next_sink=''${sinks[$next_sink_index]} + fi - # If we're not at the end of the list, move up the list - if [[ $active_sink -ne $final_sink ]]; then - next_sink_index=$((active_sink_index + 1)) - next_sink=''${sinks[$next_sink_index]} - fi + # Change the default sink + # Get the name of the next sink + next_sink_name=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -C 2 "Sink #$next_sink" | sed -n -e 's/.*Name:[[:space:]]\+\(.*\)/\1/p' | head -n 1) + ${pkgs.pulseaudio}/bin/pactl set-default-sink "$next_sink_name" - # Change the default sink - # Get the name of the next sink - next_sink_name=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -C 2 "Sink #$next_sink" | sed -n -e 's/.*Name:[[:space:]]\+\(.*\)/\1/p' | head -n 1) - ${pkgs.pulseaudio}/bin/pactl set-default-sink "$next_sink_name" - - # Move all inputs to the new sink - for app in $(${pkgs.pulseaudio}/bin/pactl list sink-inputs | sed -n -e 's/.*Sink Input #\([[:digit:]]\)/\1/p'); do - ${pkgs.pulseaudio}/bin/pactl "move-sink-input $app $next_sink" - done -'' + # Move all inputs to the new sink + for app in $(${pkgs.pulseaudio}/bin/pactl list sink-inputs | sed -n -e 's/.*Sink Input #\([[:digit:]]\)/\1/p'); do + ${pkgs.pulseaudio}/bin/pactl "move-sink-input $app $next_sink" + done + ''; + }; +} From 29f7621d4275f6460629306df176836f90f92d38 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 07:56:24 -0300 Subject: [PATCH 153/206] flake: use import-tree for packages directory - Move overlays.nix into packages/overlays.nix with dynamic pattern - Update flake.nix to use packagesModule from import-tree - Delete centralized packages.nix (packages are now self-contained) The packages directory is now fully self-contained with each package exporting its own flake output and overlays auto-including all packages. Co-Authored-By: Claude Opus 4.5 --- flake.nix | 15 ++++++++------- overlays.nix | 14 -------------- packages.nix | 22 ---------------------- packages/overlays.nix | 12 ++++++++++++ 4 files changed, 20 insertions(+), 43 deletions(-) delete mode 100644 overlays.nix delete mode 100644 packages.nix create mode 100644 packages/overlays.nix diff --git a/flake.nix b/flake.nix index ca1a349..a4126cb 100644 --- a/flake.nix +++ b/flake.nix @@ -60,6 +60,7 @@ inputs@{ flake-parts, import-tree, ... }: let aspectsModule = import-tree ./aspects; + packagesModule = import-tree ./packages; in flake-parts.lib.mkFlake { inherit inputs; } { systems = [ @@ -69,12 +70,12 @@ imports = [ flake-parts.flakeModules.modules - ] ++ aspectsModule.imports ++ [ - ./deploy.nix - ./devShells.nix - ./overlays.nix - ./packages.nix - ./terranixConfigurations.nix - ]; + ] ++ aspectsModule.imports + ++ packagesModule.imports + ++ [ + ./deploy.nix + ./devShells.nix + ./terranixConfigurations.nix + ]; }; } diff --git a/overlays.nix b/overlays.nix deleted file mode 100644 index b8f807f..0000000 --- a/overlays.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ inputs, ... }: - -{ - flake.overlays = { - default = final: prev: { - base16-schemes = inputs.self.packages.${final.system}.base16-schemes; - claude-desktop = inputs.self.packages.${final.system}.claude-desktop; - fastfetch = inputs.self.packages.${final.system}.fastfetch; - hm-cli = inputs.self.packages.${final.system}.hm-cli; - kwrite = inputs.self.packages.${final.system}.kwrite; - toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; - }; - }; -} diff --git a/packages.nix b/packages.nix deleted file mode 100644 index bf0319e..0000000 --- a/packages.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ inputs, ... }: - -{ - perSystem = - { system, ... }: - let - pkgs = import inputs.nixpkgs { - inherit system; - config.allowUnfree = true; - }; - in - { - packages = { - base16-schemes = pkgs.callPackage ./packages/base16-schemes.nix { }; - claude-desktop = pkgs.callPackage ./packages/claude-desktop.nix { }; - fastfetch = pkgs.callPackage ./packages/fastfetch.nix { }; - hm-cli = pkgs.callPackage ./packages/hm-cli.nix { }; - kwrite = pkgs.callPackage ./packages/kwrite.nix { }; - toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; - }; - }; -} diff --git a/packages/overlays.nix b/packages/overlays.nix new file mode 100644 index 0000000..dde58b6 --- /dev/null +++ b/packages/overlays.nix @@ -0,0 +1,12 @@ +{ inputs, ... }: + +{ + flake.overlays.default = final: prev: { + base16-schemes = inputs.self.packages.${final.system}.base16-schemes; + claude-desktop = inputs.self.packages.${final.system}.claude-desktop; + fastfetch = inputs.self.packages.${final.system}.fastfetch; + hm-cli = inputs.self.packages.${final.system}.hm-cli; + kwrite = inputs.self.packages.${final.system}.kwrite; + toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; + }; +} From 124d414359468f37f4d80190e23dfc789297945f Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 08:08:59 -0300 Subject: [PATCH 154/206] packages/overlays: use builtins.readDir for dynamic package discovery Instead of manually listing packages, the overlay now reads the packages/ directory and automatically includes all .nix files (except overlays.nix itself) as overlay attributes. This makes adding new packages simpler - just add the file and it will automatically be included in the overlay. Co-Authored-By: Claude Opus 4.5 --- packages/overlays.nix | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/packages/overlays.nix b/packages/overlays.nix index dde58b6..a36ed60 100644 --- a/packages/overlays.nix +++ b/packages/overlays.nix @@ -1,12 +1,22 @@ { inputs, ... }: +let + packageDir = builtins.readDir ./.; + + # Filter to .nix files, excluding overlays.nix + isPackageFile = name: + name != "overlays.nix" && builtins.match ".*\\.nix$" name != null; + + # Extract package name from filename (e.g., "foo-bar.nix" -> "foo-bar") + toPackageName = filename: + builtins.head (builtins.match "(.+)\\.nix$" filename); + + packageNames = map toPackageName (builtins.filter isPackageFile (builtins.attrNames packageDir)); +in { - flake.overlays.default = final: prev: { - base16-schemes = inputs.self.packages.${final.system}.base16-schemes; - claude-desktop = inputs.self.packages.${final.system}.claude-desktop; - fastfetch = inputs.self.packages.${final.system}.fastfetch; - hm-cli = inputs.self.packages.${final.system}.hm-cli; - kwrite = inputs.self.packages.${final.system}.kwrite; - toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; - }; + flake.overlays.default = final: prev: + builtins.listToAttrs (map (name: { + inherit name; + value = inputs.self.packages.${final.system}.${name}; + }) packageNames); } From f8478a75ebc2533e67e86a1ce4b0da93ecc69357 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 08:11:55 -0300 Subject: [PATCH 155/206] shells: convert to self-contained flake-parts module Move devShells.nix to shells/default.nix as a flake-parts module and use import-tree for automatic module discovery. Co-Authored-By: Claude Opus 4.5 --- flake.nix | 3 ++- devShells.nix => shells/default.nix | 0 2 files changed, 2 insertions(+), 1 deletion(-) rename devShells.nix => shells/default.nix (100%) diff --git a/flake.nix b/flake.nix index a4126cb..2cbb189 100644 --- a/flake.nix +++ b/flake.nix @@ -61,6 +61,7 @@ let aspectsModule = import-tree ./aspects; packagesModule = import-tree ./packages; + shellsModule = import-tree ./shells; in flake-parts.lib.mkFlake { inherit inputs; } { systems = [ @@ -72,9 +73,9 @@ flake-parts.flakeModules.modules ] ++ aspectsModule.imports ++ packagesModule.imports + ++ shellsModule.imports ++ [ ./deploy.nix - ./devShells.nix ./terranixConfigurations.nix ]; }; diff --git a/devShells.nix b/shells/default.nix similarity index 100% rename from devShells.nix rename to shells/default.nix From c7757c139f7a1f840c88ef5c9725c71fb335e95b Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 08:16:58 -0300 Subject: [PATCH 156/206] terranix: convert to self-contained flake-parts modules Each terranix configuration now exports its own flake output as a self-contained module. Flattened directory structure and removed centralized terranixConfigurations.nix in favor of import-tree. Co-Authored-By: Claude Opus 4.5 --- flake.nix | 3 +- terranix/baduhai.dev.nix | 115 +++++++++ terranix/cloudflare/baduhai.dev.nix | 94 -------- terranix/cloudflare/kernelpanic.space.nix | 0 terranix/kernelpanic.space.nix | 19 ++ terranix/oci/terminus.nix | 0 terranix/oci/trantor.nix | 258 -------------------- terranix/tailnet.nix | 59 +++++ terranix/tailscale/tailnet.nix | 43 ---- terranix/terminus.nix | 19 ++ terranix/trantor.nix | 274 ++++++++++++++++++++++ terranixConfigurations.nix | 27 --- 12 files changed, 488 insertions(+), 423 deletions(-) create mode 100644 terranix/baduhai.dev.nix delete mode 100644 terranix/cloudflare/baduhai.dev.nix delete mode 100644 terranix/cloudflare/kernelpanic.space.nix create mode 100644 terranix/kernelpanic.space.nix delete mode 100644 terranix/oci/terminus.nix delete mode 100644 terranix/oci/trantor.nix create mode 100644 terranix/tailnet.nix delete mode 100644 terranix/tailscale/tailnet.nix create mode 100644 terranix/terminus.nix create mode 100644 terranix/trantor.nix delete mode 100644 terranixConfigurations.nix diff --git a/flake.nix b/flake.nix index 2cbb189..c3fa2f6 100644 --- a/flake.nix +++ b/flake.nix @@ -62,6 +62,7 @@ aspectsModule = import-tree ./aspects; packagesModule = import-tree ./packages; shellsModule = import-tree ./shells; + terranixModule = import-tree ./terranix; in flake-parts.lib.mkFlake { inherit inputs; } { systems = [ @@ -74,9 +75,9 @@ ] ++ aspectsModule.imports ++ packagesModule.imports ++ shellsModule.imports + ++ terranixModule.imports ++ [ ./deploy.nix - ./terranixConfigurations.nix ]; }; } diff --git a/terranix/baduhai.dev.nix b/terranix/baduhai.dev.nix new file mode 100644 index 0000000..396ecf4 --- /dev/null +++ b/terranix/baduhai.dev.nix @@ -0,0 +1,115 @@ +# Required environment variables: +# CLOUDFLARE_API_TOKEN - API token with "Edit zone DNS" permissions +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + +{ inputs, ... }: + +{ + imports = [ inputs.terranix.flakeModule ]; + + perSystem = + { pkgs, ... }: + { + terranix.terranixConfigurations.cloudflare-baduhaidev = { + terraformWrapper.package = pkgs.opentofu; + modules = [ + ( + { config, lib, ... }: + + let + sharedData = import ../data/services.nix; + # Enrich services with host IPs + services = map ( + svc: + let + hostInfo = sharedData.hosts.${svc.host} or { }; + in + svc + // { + lanIP = hostInfo.lanIP or null; + tailscaleIP = hostInfo.tailscaleIP or null; + } + ) sharedData.services; + + # Helper to extract subdomain from full domain (e.g., "git.baduhai.dev" -> "git") + getSubdomain = domain: lib.head (lib.splitString "." domain); + + # Generate DNS records for services + # Public services point to trantor's public IP + # Private services point to their tailscale IP + mkServiceRecords = lib.listToAttrs ( + lib.imap0 ( + i: svc: + let + subdomain = getSubdomain svc.domain; + targetIP = + if svc.public or false then + config.data.terraform_remote_state.trantor "outputs.instance_public_ip" + else + svc.tailscaleIP; + in + { + name = "service_${toString i}"; + value = { + zone_id = config.variable.zone_id.default; + name = subdomain; + type = "A"; + content = targetIP; + proxied = false; + ttl = 3600; + }; + } + ) services + ); + in + + { + terraform.required_providers.cloudflare = { + source = "cloudflare/cloudflare"; + version = "~> 5.0"; + }; + + terraform.backend.s3 = { + bucket = "terraform-state"; + key = "cloudflare/baduhai.dev.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + + variable = { + zone_id = { + default = "c63a8332fdddc4a8e5612ddc54557044"; + type = "string"; + }; + }; + + data = { + terraform_remote_state.trantor = { + backend = "s3"; + config = { + bucket = "terraform-state"; + key = "oci/trantor.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + }; + }; + + resource.cloudflare_dns_record = mkServiceRecords; + } + ) + ]; + }; + }; +} diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix deleted file mode 100644 index 185e5bd..0000000 --- a/terranix/cloudflare/baduhai.dev.nix +++ /dev/null @@ -1,94 +0,0 @@ -# Required environment variables: -# CLOUDFLARE_API_TOKEN - API token with "Edit zone DNS" permissions -# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage -# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage - -{ config, lib, ... }: - -let - sharedData = import ../../data/services.nix; - # Enrich services with host IPs - services = map (svc: - let hostInfo = sharedData.hosts.${svc.host} or {}; - in svc // { - lanIP = hostInfo.lanIP or null; - tailscaleIP = hostInfo.tailscaleIP or null; - } - ) sharedData.services; - - # Helper to extract subdomain from full domain (e.g., "git.baduhai.dev" -> "git") - getSubdomain = domain: lib.head (lib.splitString "." domain); - - # Generate DNS records for services - # Public services point to trantor's public IP - # Private services point to their tailscale IP - mkServiceRecords = lib.listToAttrs ( - lib.imap0 ( - i: svc: - let - subdomain = getSubdomain svc.domain; - targetIP = - if svc.public or false then - config.data.terraform_remote_state.trantor "outputs.instance_public_ip" - else - svc.tailscaleIP; - in - { - name = "service_${toString i}"; - value = { - zone_id = config.variable.zone_id.default; - name = subdomain; - type = "A"; - content = targetIP; - proxied = false; - ttl = 3600; - }; - } - ) services - ); -in - -{ - terraform.required_providers.cloudflare = { - source = "cloudflare/cloudflare"; - version = "~> 5.0"; - }; - - terraform.backend.s3 = { - bucket = "terraform-state"; - key = "cloudflare/baduhai.dev.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - - variable = { - zone_id = { - default = "c63a8332fdddc4a8e5612ddc54557044"; - type = "string"; - }; - }; - - data = { - terraform_remote_state.trantor = { - backend = "s3"; - config = { - bucket = "terraform-state"; - key = "oci/trantor.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - }; - }; - - resource.cloudflare_dns_record = mkServiceRecords; -} diff --git a/terranix/cloudflare/kernelpanic.space.nix b/terranix/cloudflare/kernelpanic.space.nix deleted file mode 100644 index e69de29..0000000 diff --git a/terranix/kernelpanic.space.nix b/terranix/kernelpanic.space.nix new file mode 100644 index 0000000..e3bfe72 --- /dev/null +++ b/terranix/kernelpanic.space.nix @@ -0,0 +1,19 @@ +# Cloudflare kernelpanic.space configuration placeholder +{ inputs, ... }: + +{ + imports = [ inputs.terranix.flakeModule ]; + + perSystem = + { pkgs, ... }: + { + terranix.terranixConfigurations.cloudflare-kernelpanicspace = { + terraformWrapper.package = pkgs.opentofu; + modules = [ + ({ config, ... }: { + # Terraform config goes here + }) + ]; + }; + }; +} diff --git a/terranix/oci/terminus.nix b/terranix/oci/terminus.nix deleted file mode 100644 index e69de29..0000000 diff --git a/terranix/oci/trantor.nix b/terranix/oci/trantor.nix deleted file mode 100644 index 170ad04..0000000 --- a/terranix/oci/trantor.nix +++ /dev/null @@ -1,258 +0,0 @@ -# Required environment variables: -# instead of OCI variables, ~/.oci/config may also be used -# OCI_TENANCY_OCID - Oracle tenancy OCID (or use TF_VAR_* to override variables) -# OCI_USER_OCID - Oracle user OCID -# OCI_FINGERPRINT - API key fingerprint -# OCI_PRIVATE_KEY_PATH - Path to OCI API private key -# AWS variables are required -# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage -# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage - -{ config, ... }: - -{ - terraform.required_providers.oci = { - source = "oracle/oci"; - version = "~> 7.0"; - }; - - provider.oci.region = "sa-saopaulo-1"; - - terraform.backend.s3 = { - bucket = "terraform-state"; - key = "oci/trantor.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - - variable = { - tenancy_ocid = { - default = "ocid1.tenancy.oc1..aaaaaaaap3vfdz4piygqza6e6zqunbcuso43ddqfo3ydmpmnomidyghh7rvq"; - type = "string"; - }; - - compartment_name = { - default = "trantor"; - type = "string"; - }; - - vcn_cidr = { - default = "10.0.0.0/24"; - type = "string"; - }; - - instance_name = { - default = "trantor"; - type = "string"; - }; - - ssh_public_keys = { - default = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" - ]; - type = "list(string)"; - }; - }; - - data = { - oci_identity_availability_domains.ads = { - compartment_id = config.variable.tenancy_ocid.default; - }; - - oci_core_images.ubuntu_arm = { - compartment_id = config.variable.tenancy_ocid.default; - operating_system = "Canonical Ubuntu"; - operating_system_version = "24.04"; - shape = "VM.Standard.A1.Flex"; - sort_by = "TIMECREATED"; - sort_order = "DESC"; - }; - }; - - resource = { - oci_identity_compartment.trantor = { - compartment_id = config.variable.tenancy_ocid.default; - description = "trantor infrastructure compartment"; - name = config.variable.compartment_name.default; - }; - - oci_core_vcn.vcn = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - cidr_blocks = [ config.variable.vcn_cidr.default ]; - display_name = "trantor-vcn"; - dns_label = "trantor"; - }; - - oci_core_internet_gateway.ig = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - vcn_id = config.resource.oci_core_vcn.vcn "id"; - display_name = "trantor-ig"; - enabled = true; - }; - - oci_core_route_table.rt = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - vcn_id = config.resource.oci_core_vcn.vcn "id"; - display_name = "trantor-rt"; - - route_rules = [ - { - network_entity_id = config.resource.oci_core_internet_gateway.ig "id"; - destination = "0.0.0.0/0"; - destination_type = "CIDR_BLOCK"; - } - ]; - }; - - oci_core_security_list.sl = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - vcn_id = config.resource.oci_core_vcn.vcn "id"; - display_name = "trantor-sl"; - - egress_security_rules = [ - { - destination = "0.0.0.0/0"; - protocol = "all"; - stateless = false; - } - ]; - - ingress_security_rules = [ - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 22; - max = 22; - }; - } - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 80; - max = 80; - }; - } - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 443; - max = 443; - }; - } - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 25565; - max = 25565; - }; - } - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 19132; - max = 19133; - }; - } - { - protocol = "17"; # UDP - source = "0.0.0.0/0"; - stateless = false; - udp_options = { - min = 19132; - max = 19133; - }; - } - ]; - }; - - oci_core_subnet.subnet = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - vcn_id = config.resource.oci_core_vcn.vcn "id"; - cidr_block = config.variable.vcn_cidr.default; - display_name = "trantor-subnet"; - dns_label = "subnet"; - route_table_id = config.resource.oci_core_route_table.rt "id"; - security_list_ids = [ (config.resource.oci_core_security_list.sl "id") ]; - prohibit_public_ip_on_vnic = false; - }; - - oci_core_instance.trantor = { - availability_domain = config.data.oci_identity_availability_domains.ads "availability_domains[0].name"; - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - display_name = config.variable.instance_name.default; - shape = "VM.Standard.A1.Flex"; - - shape_config = { - ocpus = 2; - memory_in_gbs = 12; - }; - - source_details = { - source_type = "image"; - source_id = config.data.oci_core_images.ubuntu_arm "images[0].id"; - boot_volume_size_in_gbs = 100; - }; - - create_vnic_details = { - subnet_id = config.resource.oci_core_subnet.subnet "id"; - display_name = "trantor-vnic"; - assign_public_ip = true; - hostname_label = config.variable.instance_name.default; - }; - - metadata = { - ssh_authorized_keys = builtins.concatStringsSep "\n" config.variable.ssh_public_keys.default; - }; - - preserve_boot_volume = false; - }; - - oci_budget_budget.trantor_budget = { - compartment_id = config.variable.tenancy_ocid.default; - targets = [ (config.resource.oci_identity_compartment.trantor "id") ]; - amount = 1; - reset_period = "MONTHLY"; - display_name = "trantor-budget"; - description = "Monthly budget for trantor compartment"; - target_type = "COMPARTMENT"; - }; - - oci_budget_alert_rule.daily_spend_alert = { - budget_id = config.resource.oci_budget_budget.trantor_budget "id"; - type = "ACTUAL"; - threshold = 5; - threshold_type = "PERCENTAGE"; - display_name = "daily-spend-alert"; - recipients = "baduhai@proton.me"; - description = "Alert when daily spending exceeds $0.05"; - message = "Daily spending has exceeded $0.05 in the trantor compartment"; - }; - }; - - output = { - compartment_id = { - value = config.resource.oci_identity_compartment.trantor "id"; - }; - - instance_public_ip = { - value = config.resource.oci_core_instance.trantor "public_ip"; - }; - }; -} diff --git a/terranix/tailnet.nix b/terranix/tailnet.nix new file mode 100644 index 0000000..7bc55f2 --- /dev/null +++ b/terranix/tailnet.nix @@ -0,0 +1,59 @@ +# Required environment variables: +# TAILSCALE_API_KEY - Tailscale API key with appropriate permissions +# TAILSCALE_TAILNET - Your tailnet name (e.g., "user@example.com" or "example.org.github") +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + +{ inputs, ... }: + +{ + imports = [ inputs.terranix.flakeModule ]; + + perSystem = + { pkgs, ... }: + { + terranix.terranixConfigurations.tailscale-tailnet = { + terraformWrapper.package = pkgs.opentofu; + modules = [ + ( + { config, ... }: + { + terraform.required_providers.tailscale = { + source = "tailscale/tailscale"; + version = "~> 0.17"; + }; + + terraform.backend.s3 = { + bucket = "terraform-state"; + key = "tailscale/tailnet.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + + variable = { + trantor_tailscale_ip = { + default = "100.108.5.90"; + type = "string"; + }; + }; + + resource = { + tailscale_dns_nameservers.global = { + nameservers = [ + config.variable.trantor_tailscale_ip.default + "1.1.1.1" + "1.0.0.1" + ]; + }; + }; + } + ) + ]; + }; + }; +} diff --git a/terranix/tailscale/tailnet.nix b/terranix/tailscale/tailnet.nix deleted file mode 100644 index 929e79b..0000000 --- a/terranix/tailscale/tailnet.nix +++ /dev/null @@ -1,43 +0,0 @@ -# Required environment variables: -# TAILSCALE_API_KEY - Tailscale API key with appropriate permissions -# TAILSCALE_TAILNET - Your tailnet name (e.g., "user@example.com" or "example.org.github") -# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage -# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage - -{ config, ... }: - -{ - terraform.required_providers.tailscale = { - source = "tailscale/tailscale"; - version = "~> 0.17"; - }; - - terraform.backend.s3 = { - bucket = "terraform-state"; - key = "tailscale/tailnet.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - - variable = { - trantor_tailscale_ip = { - default = "100.108.5.90"; - type = "string"; - }; - }; - - resource = { - tailscale_dns_nameservers.global = { - nameservers = [ - config.variable.trantor_tailscale_ip.default - "1.1.1.1" - "1.0.0.1" - ]; - }; - }; -} diff --git a/terranix/terminus.nix b/terranix/terminus.nix new file mode 100644 index 0000000..25e227e --- /dev/null +++ b/terranix/terminus.nix @@ -0,0 +1,19 @@ +# OCI Terminus configuration placeholder +{ inputs, ... }: + +{ + imports = [ inputs.terranix.flakeModule ]; + + perSystem = + { pkgs, ... }: + { + terranix.terranixConfigurations.oci-terminus = { + terraformWrapper.package = pkgs.opentofu; + modules = [ + ({ config, ... }: { + # Terraform config goes here + }) + ]; + }; + }; +} diff --git a/terranix/trantor.nix b/terranix/trantor.nix new file mode 100644 index 0000000..0f1f9ba --- /dev/null +++ b/terranix/trantor.nix @@ -0,0 +1,274 @@ +# Required environment variables: +# instead of OCI variables, ~/.oci/config may also be used +# OCI_TENANCY_OCID - Oracle tenancy OCID (or use TF_VAR_* to override variables) +# OCI_USER_OCID - Oracle user OCID +# OCI_FINGERPRINT - API key fingerprint +# OCI_PRIVATE_KEY_PATH - Path to OCI API private key +# AWS variables are required +# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage +# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage + +{ inputs, ... }: + +{ + imports = [ inputs.terranix.flakeModule ]; + + perSystem = + { pkgs, ... }: + { + terranix.terranixConfigurations.oci-trantor = { + terraformWrapper.package = pkgs.opentofu; + modules = [ + ( + { config, ... }: + { + terraform.required_providers.oci = { + source = "oracle/oci"; + version = "~> 7.0"; + }; + + provider.oci.region = "sa-saopaulo-1"; + + terraform.backend.s3 = { + bucket = "terraform-state"; + key = "oci/trantor.tfstate"; + region = "auto"; + endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; + skip_credentials_validation = true; + skip_metadata_api_check = true; + skip_region_validation = true; + skip_requesting_account_id = true; + use_path_style = true; + }; + + variable = { + tenancy_ocid = { + default = "ocid1.tenancy.oc1..aaaaaaaap3vfdz4piygqza6e6zqunbcuso43ddqfo3ydmpmnomidyghh7rvq"; + type = "string"; + }; + + compartment_name = { + default = "trantor"; + type = "string"; + }; + + vcn_cidr = { + default = "10.0.0.0/24"; + type = "string"; + }; + + instance_name = { + default = "trantor"; + type = "string"; + }; + + ssh_public_keys = { + default = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + ]; + type = "list(string)"; + }; + }; + + data = { + oci_identity_availability_domains.ads = { + compartment_id = config.variable.tenancy_ocid.default; + }; + + oci_core_images.ubuntu_arm = { + compartment_id = config.variable.tenancy_ocid.default; + operating_system = "Canonical Ubuntu"; + operating_system_version = "24.04"; + shape = "VM.Standard.A1.Flex"; + sort_by = "TIMECREATED"; + sort_order = "DESC"; + }; + }; + + resource = { + oci_identity_compartment.trantor = { + compartment_id = config.variable.tenancy_ocid.default; + description = "trantor infrastructure compartment"; + name = config.variable.compartment_name.default; + }; + + oci_core_vcn.vcn = { + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + cidr_blocks = [ config.variable.vcn_cidr.default ]; + display_name = "trantor-vcn"; + dns_label = "trantor"; + }; + + oci_core_internet_gateway.ig = { + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + display_name = "trantor-ig"; + enabled = true; + }; + + oci_core_route_table.rt = { + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + display_name = "trantor-rt"; + + route_rules = [ + { + network_entity_id = config.resource.oci_core_internet_gateway.ig "id"; + destination = "0.0.0.0/0"; + destination_type = "CIDR_BLOCK"; + } + ]; + }; + + oci_core_security_list.sl = { + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + display_name = "trantor-sl"; + + egress_security_rules = [ + { + destination = "0.0.0.0/0"; + protocol = "all"; + stateless = false; + } + ]; + + ingress_security_rules = [ + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 22; + max = 22; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 80; + max = 80; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 443; + max = 443; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 25565; + max = 25565; + }; + } + { + protocol = "6"; # TCP + source = "0.0.0.0/0"; + stateless = false; + tcp_options = { + min = 19132; + max = 19133; + }; + } + { + protocol = "17"; # UDP + source = "0.0.0.0/0"; + stateless = false; + udp_options = { + min = 19132; + max = 19133; + }; + } + ]; + }; + + oci_core_subnet.subnet = { + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + vcn_id = config.resource.oci_core_vcn.vcn "id"; + cidr_block = config.variable.vcn_cidr.default; + display_name = "trantor-subnet"; + dns_label = "subnet"; + route_table_id = config.resource.oci_core_route_table.rt "id"; + security_list_ids = [ (config.resource.oci_core_security_list.sl "id") ]; + prohibit_public_ip_on_vnic = false; + }; + + oci_core_instance.trantor = { + availability_domain = config.data.oci_identity_availability_domains.ads "availability_domains[0].name"; + compartment_id = config.resource.oci_identity_compartment.trantor "id"; + display_name = config.variable.instance_name.default; + shape = "VM.Standard.A1.Flex"; + + shape_config = { + ocpus = 2; + memory_in_gbs = 12; + }; + + source_details = { + source_type = "image"; + source_id = config.data.oci_core_images.ubuntu_arm "images[0].id"; + boot_volume_size_in_gbs = 100; + }; + + create_vnic_details = { + subnet_id = config.resource.oci_core_subnet.subnet "id"; + display_name = "trantor-vnic"; + assign_public_ip = true; + hostname_label = config.variable.instance_name.default; + }; + + metadata = { + ssh_authorized_keys = builtins.concatStringsSep "\n" config.variable.ssh_public_keys.default; + }; + + preserve_boot_volume = false; + }; + + oci_budget_budget.trantor_budget = { + compartment_id = config.variable.tenancy_ocid.default; + targets = [ (config.resource.oci_identity_compartment.trantor "id") ]; + amount = 1; + reset_period = "MONTHLY"; + display_name = "trantor-budget"; + description = "Monthly budget for trantor compartment"; + target_type = "COMPARTMENT"; + }; + + oci_budget_alert_rule.daily_spend_alert = { + budget_id = config.resource.oci_budget_budget.trantor_budget "id"; + type = "ACTUAL"; + threshold = 5; + threshold_type = "PERCENTAGE"; + display_name = "daily-spend-alert"; + recipients = "baduhai@proton.me"; + description = "Alert when daily spending exceeds $0.05"; + message = "Daily spending has exceeded $0.05 in the trantor compartment"; + }; + }; + + output = { + compartment_id = { + value = config.resource.oci_identity_compartment.trantor "id"; + }; + + instance_public_ip = { + value = config.resource.oci_core_instance.trantor "public_ip"; + }; + }; + } + ) + ]; + }; + }; +} diff --git a/terranixConfigurations.nix b/terranixConfigurations.nix deleted file mode 100644 index 12c90d1..0000000 --- a/terranixConfigurations.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ - inputs.terranix.flakeModule - ]; - - perSystem = - { pkgs, ... }: - - { - terranix.terranixConfigurations = { - oci-trantor = { - modules = [ ./terranix/oci/trantor.nix ]; - terraformWrapper.package = pkgs.opentofu; - }; - cloudflare-baduhaidev = { - modules = [ ./terranix/cloudflare/baduhai.dev.nix ]; - terraformWrapper.package = pkgs.opentofu; - }; - tailscale-tailnet = { - modules = [ ./terranix/tailscale/tailnet.nix ]; - terraformWrapper.package = pkgs.opentofu; - }; - }; - }; -} From 4bbf14f7505809fb3029c91cc5d88a07369c8d69 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 08:18:49 -0300 Subject: [PATCH 157/206] terranix: import flakeModule once in flake.nix Fixes duplicate module declaration error by importing terranix flakeModule once at the top level instead of in each config file. Co-Authored-By: Claude Opus 4.5 --- flake.nix | 1 + terranix/baduhai.dev.nix | 4 +--- terranix/kernelpanic.space.nix | 4 +--- terranix/tailnet.nix | 4 +--- terranix/terminus.nix | 4 +--- terranix/trantor.nix | 4 +--- 6 files changed, 6 insertions(+), 15 deletions(-) diff --git a/flake.nix b/flake.nix index c3fa2f6..f995bad 100644 --- a/flake.nix +++ b/flake.nix @@ -72,6 +72,7 @@ imports = [ flake-parts.flakeModules.modules + inputs.terranix.flakeModule ] ++ aspectsModule.imports ++ packagesModule.imports ++ shellsModule.imports diff --git a/terranix/baduhai.dev.nix b/terranix/baduhai.dev.nix index 396ecf4..cea9f22 100644 --- a/terranix/baduhai.dev.nix +++ b/terranix/baduhai.dev.nix @@ -3,11 +3,9 @@ # AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage # AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage -{ inputs, ... }: +{ ... }: { - imports = [ inputs.terranix.flakeModule ]; - perSystem = { pkgs, ... }: { diff --git a/terranix/kernelpanic.space.nix b/terranix/kernelpanic.space.nix index e3bfe72..01e5c08 100644 --- a/terranix/kernelpanic.space.nix +++ b/terranix/kernelpanic.space.nix @@ -1,9 +1,7 @@ # Cloudflare kernelpanic.space configuration placeholder -{ inputs, ... }: +{ ... }: { - imports = [ inputs.terranix.flakeModule ]; - perSystem = { pkgs, ... }: { diff --git a/terranix/tailnet.nix b/terranix/tailnet.nix index 7bc55f2..4e01ab9 100644 --- a/terranix/tailnet.nix +++ b/terranix/tailnet.nix @@ -4,11 +4,9 @@ # AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage # AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage -{ inputs, ... }: +{ ... }: { - imports = [ inputs.terranix.flakeModule ]; - perSystem = { pkgs, ... }: { diff --git a/terranix/terminus.nix b/terranix/terminus.nix index 25e227e..7a0fa5b 100644 --- a/terranix/terminus.nix +++ b/terranix/terminus.nix @@ -1,9 +1,7 @@ # OCI Terminus configuration placeholder -{ inputs, ... }: +{ ... }: { - imports = [ inputs.terranix.flakeModule ]; - perSystem = { pkgs, ... }: { diff --git a/terranix/trantor.nix b/terranix/trantor.nix index 0f1f9ba..5f19e22 100644 --- a/terranix/trantor.nix +++ b/terranix/trantor.nix @@ -8,11 +8,9 @@ # AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage # AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage -{ inputs, ... }: +{ ... }: { - imports = [ inputs.terranix.flakeModule ]; - perSystem = { pkgs, ... }: { From ab69b26b40dbba3345aa3c1ab60df6c468d900ff Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 08:21:02 -0300 Subject: [PATCH 158/206] this shouldn't ever have been commited --- plan.md | 89 --------------------------------------------------------- 1 file changed, 89 deletions(-) delete mode 100644 plan.md diff --git a/plan.md b/plan.md deleted file mode 100644 index af88fb9..0000000 --- a/plan.md +++ /dev/null @@ -1,89 +0,0 @@ -# Current structure: - -``` - hosts -├──  alexandria -│ ├──  hardware-configuration.nix -│ ├──  jellyfin.nix -│ ├──  kanidm.nix -│ ├──  nextcloud.nix -│ ├──  nginx.nix -│ ├──  unbound.nix -│ └──  vaultwarden.nix -├──  io -│ ├──  boot.nix -│ ├──  disko.nix -│ ├──  hardware-configuration.nix -│ ├──  programs.nix -│ └──  services.nix -├──  modules -│ ├──  common -│ │ ├──  boot.nix -│ │ ├──  console.nix -│ │ ├──  firewall.nix -│ │ ├──  locale.nix -│ │ ├──  nix.nix -│ │ ├──  openssh.nix -│ │ ├──  programs.nix -│ │ ├──  security.nix -│ │ ├──  services.nix -│ │ ├──  tailscale.nix -│ │ └──  users.nix -│ ├──  desktop -│ │ ├──  boot.nix -│ │ ├──  desktop.nix -│ │ ├──  nix.nix -│ │ └──  services.nix -│ ├──  server -│ │ ├──  boot.nix -│ │ ├──  nix.nix -│ │ └──  tailscale.nix -│ ├──  ai.nix -│ ├──  bluetooth.nix -│ ├──  dev.nix -│ ├──  ephemeral.nix -│ ├──  fwupd.nix -│ ├──  gaming.nix -│ ├──  libvirtd.nix -│ ├──  networkmanager.nix -│ └──  podman.nix -├──  rotterdam -│ ├──  boot.nix -│ ├──  hardware-configuration.nix -│ ├──  hardware.nix -│ ├──  programs.nix -│ └──  services.nix -└──  trantor - ├──  boot.nix - ├──  disko.nix - ├──  fail2ban.nix - ├──  forgejo.nix - ├──  hardware-configuration.nix - ├──  networking.nix - ├──  nginx.nix - ├──  openssh.nix - └──  unbound.nix - modules -└──  ephemeral.nix - users -├──  modules -│ ├──  common -│ │ ├──  bash.nix -│ │ ├──  fish.nix -│ │ └──  hm-cli.nix -│ ├──  desktop -│ │ ├──  desktop.nix -│ │ └──  niri.nix -│ ├──  btop.nix -│ ├──  comma.nix -│ ├──  direnv.nix -│ ├──  gaming.nix -│ ├──  helix.nix -│ ├──  obs-studio.nix -│ ├──  starship.nix -│ ├──  stylix.nix -│ └──  tmux.nix -└──  user - └──  git.nix -``` - From d83172f48758bb768def8b7d665fd414b8b2359b Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 09:31:14 -0300 Subject: [PATCH 159/206] eza uses --git by default --- aspects/common/programs.nix | 70 +++++++++++++++++++------------------ 1 file changed, 36 insertions(+), 34 deletions(-) diff --git a/aspects/common/programs.nix b/aspects/common/programs.nix index a3233e9..7d12f09 100644 --- a/aspects/common/programs.nix +++ b/aspects/common/programs.nix @@ -1,41 +1,43 @@ { ... }: { - flake.modules.nixos.common-programs = { lib, pkgs, ... }: { - environment = { - systemPackages = with pkgs; [ - ### Dev Tools ### - git - ### System Utilities ### - btop - fastfetch - helix - nixos-firewall-tool - nvd - sysz - tmux - wget - yazi - ]; - shellAliases = { - cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; - ls = "${lib.getExe pkgs.eza} --icons --group-directories-first"; - tree = "ls --tree"; + flake.modules.nixos.common-programs = + { lib, pkgs, ... }: + { + environment = { + systemPackages = with pkgs; [ + ### Dev Tools ### + git + ### System Utilities ### + btop + fastfetch + helix + nixos-firewall-tool + nvd + sysz + tmux + wget + yazi + ]; + shellAliases = { + cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; + ls = "${lib.getExe pkgs.eza} --git --icons --group-directories-first"; + tree = "ls --tree"; + }; }; - }; - programs = { - command-not-found.enable = false; - fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - if set -q SSH_CONNECTION - export TERM=xterm-256color - clear - fastfetch - end - ''; + programs = { + command-not-found.enable = false; + fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + if set -q SSH_CONNECTION + export TERM=xterm-256color + clear + fastfetch + end + ''; + }; }; }; - }; } From c6fbd210097e7adb193b25ea410a058fae583f7b Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 09:33:55 -0300 Subject: [PATCH 160/206] move podmand security options to podman aspect --- aspects/common/security.nix | 9 ++++----- aspects/podman.nix | 29 +++++++++++++++++++---------- 2 files changed, 23 insertions(+), 15 deletions(-) diff --git a/aspects/common/security.nix b/aspects/common/security.nix index b63074b..2ad04a0 100644 --- a/aspects/common/security.nix +++ b/aspects/common/security.nix @@ -1,14 +1,13 @@ { ... }: { - flake.modules.nixos.common-security = { ... }: { - security = { - unprivilegedUsernsClone = true; # Needed for rootless podman - sudo = { + flake.modules.nixos.common-security = + { ... }: + { + security.sudo = { wheelNeedsPassword = false; extraConfig = '' Defaults lecture = never ''; }; }; - }; } diff --git a/aspects/podman.nix b/aspects/podman.nix index 04e7e04..6afa327 100644 --- a/aspects/podman.nix +++ b/aspects/podman.nix @@ -1,15 +1,24 @@ { ... }: { - flake.modules.nixos.podman = { config, lib, pkgs, ... }: { - virtualisation.podman = { - enable = true; - autoPrune.enable = true; - extraPackages = [ pkgs.podman-compose ]; - }; + flake.modules.nixos.podman = + { + config, + lib, + pkgs, + ... + }: + { + virtualisation.podman = { + enable = true; + autoPrune.enable = true; + extraPackages = [ pkgs.podman-compose ]; + }; - systemd = { - services.podman-auto-update.enable = true; - timers.podman-auto-update.enable = true; + security.unprivilegedUsernsClone = true; # Needed for rootless podman + + systemd = { + services.podman-auto-update.enable = true; + timers.podman-auto-update.enable = true; + }; }; - }; } From 0112637288a29a1eb11f5803e0d3ecc68a279374 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 09:49:52 -0300 Subject: [PATCH 161/206] move common/users.nix into users/ --- aspects/common/users.nix | 25 ------ aspects/hosts/alexandria.nix | 12 ++- aspects/hosts/io.nix | 12 ++- aspects/hosts/rotterdam.nix | 12 ++- aspects/hosts/trantor.nix | 12 ++- aspects/users/root.nix | 12 +++ aspects/users/user.nix | 169 ++++++++++++++++++++--------------- 7 files changed, 150 insertions(+), 104 deletions(-) delete mode 100644 aspects/common/users.nix create mode 100644 aspects/users/root.nix diff --git a/aspects/common/users.nix b/aspects/common/users.nix deleted file mode 100644 index e911663..0000000 --- a/aspects/common/users.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ ... }: -{ - flake.modules.nixos.common-users = { pkgs, ... }: { - users.users = { - user = { - isNormalUser = true; - shell = pkgs.fish; - extraGroups = [ - "networkmanager" - "wheel" - ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" - ]; - hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; - }; - root = { - shell = pkgs.fish; - hashedPassword = "!"; - }; - }; - }; -} diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index 28a367d..83304b1 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -6,7 +6,12 @@ modules = [ inputs.agenix.nixosModules.default { networking.hostName = "alexandria"; } - { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } # Common aspects (always included) inputs.self.modules.nixos.common-boot @@ -19,7 +24,10 @@ inputs.self.modules.nixos.common-security inputs.self.modules.nixos.common-services inputs.self.modules.nixos.common-tailscale - inputs.self.modules.nixos.common-users + + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root # Server aspects inputs.self.modules.nixos.server-boot diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix index 1d7f15a..6e5b237 100644 --- a/aspects/hosts/io.nix +++ b/aspects/hosts/io.nix @@ -6,7 +6,12 @@ modules = [ inputs.agenix.nixosModules.default { networking.hostName = "io"; } - { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } # Common aspects (always included) inputs.self.modules.nixos.common-boot @@ -19,7 +24,10 @@ inputs.self.modules.nixos.common-security inputs.self.modules.nixos.common-services inputs.self.modules.nixos.common-tailscale - inputs.self.modules.nixos.common-users + + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root # Desktop aspects inputs.self.modules.nixos.desktop-boot diff --git a/aspects/hosts/rotterdam.nix b/aspects/hosts/rotterdam.nix index e9d3f18..76ffbb0 100644 --- a/aspects/hosts/rotterdam.nix +++ b/aspects/hosts/rotterdam.nix @@ -6,7 +6,12 @@ modules = [ inputs.agenix.nixosModules.default { networking.hostName = "rotterdam"; } - { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } # Common aspects (always included) inputs.self.modules.nixos.common-boot @@ -19,7 +24,10 @@ inputs.self.modules.nixos.common-security inputs.self.modules.nixos.common-services inputs.self.modules.nixos.common-tailscale - inputs.self.modules.nixos.common-users + + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root # Desktop aspects inputs.self.modules.nixos.desktop-boot diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix index 646cc73..c43c6f2 100644 --- a/aspects/hosts/trantor.nix +++ b/aspects/hosts/trantor.nix @@ -6,7 +6,12 @@ modules = [ inputs.agenix.nixosModules.default { networking.hostName = "trantor"; } - { nixpkgs.overlays = [ inputs.agenix.overlays.default inputs.self.overlays.default ]; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } # Common aspects (always included) inputs.self.modules.nixos.common-boot @@ -19,7 +24,10 @@ inputs.self.modules.nixos.common-security inputs.self.modules.nixos.common-services inputs.self.modules.nixos.common-tailscale - inputs.self.modules.nixos.common-users + + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root # Server aspects inputs.self.modules.nixos.server-boot diff --git a/aspects/users/root.nix b/aspects/users/root.nix new file mode 100644 index 0000000..18b70eb --- /dev/null +++ b/aspects/users/root.nix @@ -0,0 +1,12 @@ +{ ... }: + +{ + flake.modules.nixos.root = + { pkgs, ... }: + { + users.root = { + shell = pkgs.fish; + hashedPassword = "!"; + }; + }; +} diff --git a/aspects/users/user.nix b/aspects/users/user.nix index 5130abf..050b1a5 100644 --- a/aspects/users/user.nix +++ b/aspects/users/user.nix @@ -1,91 +1,118 @@ -# aspects/users/user.nix { inputs, ... }: + { - flake.homeConfigurations = { - "user@rotterdam" = inputs.home-manager.lib.homeManagerConfiguration { - pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = { inherit inputs; hostname = "rotterdam"; }; - modules = [ - { nixpkgs.overlays = [ inputs.self.overlays.default ]; } + flake = { + modules.nixos.user = + { pkgs, ... }: + { + users.users.user = { + isNormalUser = true; + shell = pkgs.fish; + extraGroups = [ + "networkmanager" + "wheel" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + ]; + hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; + }; + }; - # CLI aspects (common module included) - inputs.self.modules.homeManager.cli-base - inputs.self.modules.homeManager.cli-btop - inputs.self.modules.homeManager.cli-comma - inputs.self.modules.homeManager.cli-direnv - inputs.self.modules.homeManager.cli-helix - inputs.self.modules.homeManager.cli-starship - inputs.self.modules.homeManager.cli-tmux + homeConfigurations = { + "user@rotterdam" = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { + inherit inputs; + hostname = "rotterdam"; + }; + modules = [ + { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - # Shell - inputs.self.modules.homeManager.shell-fish - inputs.self.modules.homeManager.shell-bash + # CLI aspects (common module included) + inputs.self.modules.homeManager.cli-base + inputs.self.modules.homeManager.cli-btop + inputs.self.modules.homeManager.cli-comma + inputs.self.modules.homeManager.cli-direnv + inputs.self.modules.homeManager.cli-helix + inputs.self.modules.homeManager.cli-starship + inputs.self.modules.homeManager.cli-tmux - # Desktop - inputs.self.modules.homeManager.desktop-desktop - inputs.self.modules.homeManager.desktop-niri + # Shell + inputs.self.modules.homeManager.shell-fish + inputs.self.modules.homeManager.shell-bash - # Gaming - inputs.self.modules.homeManager.gaming-mangohud + # Desktop + inputs.self.modules.homeManager.desktop-desktop + inputs.self.modules.homeManager.desktop-niri - # Programs - inputs.self.modules.homeManager.programs-media # for obs-studio + # Gaming + inputs.self.modules.homeManager.gaming-mangohud - # Stylix - inputs.self.modules.homeManager.stylix + # Programs + inputs.self.modules.homeManager.programs-media # for obs-studio - # User-specific (from _user/) - ./_user/git.nix + # Stylix + inputs.self.modules.homeManager.stylix - # Home configuration - { - home = { - username = "user"; - homeDirectory = "/home/user"; - stateVersion = "22.05"; - }; - } - ]; - }; + # User-specific (from _user/) + ./_user/git.nix - "user@io" = inputs.home-manager.lib.homeManagerConfiguration { - pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = { inherit inputs; hostname = "io"; }; - modules = [ - { nixpkgs.overlays = [ inputs.self.overlays.default ]; } + # Home configuration + { + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + }; + } + ]; + }; - # CLI aspects (common module included) - inputs.self.modules.homeManager.cli-base - inputs.self.modules.homeManager.cli-btop - inputs.self.modules.homeManager.cli-comma - inputs.self.modules.homeManager.cli-direnv - inputs.self.modules.homeManager.cli-helix - inputs.self.modules.homeManager.cli-starship - inputs.self.modules.homeManager.cli-tmux + "user@io" = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { + inherit inputs; + hostname = "io"; + }; + modules = [ + { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - # Shell - inputs.self.modules.homeManager.shell-fish - inputs.self.modules.homeManager.shell-bash + # CLI aspects (common module included) + inputs.self.modules.homeManager.cli-base + inputs.self.modules.homeManager.cli-btop + inputs.self.modules.homeManager.cli-comma + inputs.self.modules.homeManager.cli-direnv + inputs.self.modules.homeManager.cli-helix + inputs.self.modules.homeManager.cli-starship + inputs.self.modules.homeManager.cli-tmux - # Desktop - inputs.self.modules.homeManager.desktop-desktop - inputs.self.modules.homeManager.desktop-niri + # Shell + inputs.self.modules.homeManager.shell-fish + inputs.self.modules.homeManager.shell-bash - # Stylix - inputs.self.modules.homeManager.stylix + # Desktop + inputs.self.modules.homeManager.desktop-desktop + inputs.self.modules.homeManager.desktop-niri - # User-specific (from _user/) - ./_user/git.nix + # Stylix + inputs.self.modules.homeManager.stylix - # Home configuration - { - home = { - username = "user"; - homeDirectory = "/home/user"; - stateVersion = "22.05"; - }; - } - ]; + # User-specific (from _user/) + ./_user/git.nix + + # Home configuration + { + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + }; + } + ]; + }; }; }; } From 6d28510dcaa41d4c193e80531152035ed3100e01 Mon Sep 17 00:00:00 2001 From: William Date: Sat, 7 Feb 2026 10:00:06 -0300 Subject: [PATCH 162/206] reformat programs --- aspects/programs/graphics.nix | 42 +++++++------- aspects/programs/media.nix | 42 +++++++------- aspects/programs/office.nix | 37 ++++++------ aspects/programs/utilities.nix | 101 ++++++++++++++++----------------- aspects/programs/web.nix | 31 +++++----- 5 files changed, 124 insertions(+), 129 deletions(-) diff --git a/aspects/programs/graphics.nix b/aspects/programs/graphics.nix index 1488125..4b7a16b 100644 --- a/aspects/programs/graphics.nix +++ b/aspects/programs/graphics.nix @@ -1,27 +1,25 @@ { ... }: { - flake.modules.nixos.programs-graphics = { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - # Image Editing - gimp - inkscape - # CAD & 3D Modeling - plasticity - ]; + flake.modules.nixos.programs-graphics = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + gimp + inkscape + plasticity + ]; - services.flatpak.packages = [ - # Vector Graphics - "com.boxy_svg.BoxySVG" - # 3D Printing / Slicing - rec { - appId = "io.github.softfever.OrcaSlicer"; - sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; - bundle = "${pkgs.fetchurl { - url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; - inherit sha256; - }}"; - } - ]; - }; + services.flatpak.packages = [ + "com.boxy_svg.BoxySVG" + rec { + appId = "io.github.softfever.OrcaSlicer"; + sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; + bundle = "${pkgs.fetchurl { + url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; + inherit sha256; + }}"; + } + ]; + }; } diff --git a/aspects/programs/media.nix b/aspects/programs/media.nix index 8b50b2e..7daaa87 100644 --- a/aspects/programs/media.nix +++ b/aspects/programs/media.nix @@ -2,28 +2,28 @@ { flake.modules = { - nixos.programs-media = { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - # Audio - decibels - # Video - showtime - # Image Viewer - loupe - # Recording & Streaming - obs-studio - ]; - }; - - homeManager.programs-media = { pkgs, ... }: { - programs.obs-studio = { - enable = true; - plugins = with pkgs.obs-studio-plugins; [ - obs-vkcapture - obs-backgroundremoval - obs-pipewire-audio-capture + nixos.programs-media = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + decibels + loupe + obs-studio + showtime ]; }; - }; + + homeManager.programs-media = + { pkgs, ... }: + { + programs.obs-studio = { + enable = true; + plugins = with pkgs.obs-studio-plugins; [ + obs-vkcapture + obs-backgroundremoval + obs-pipewire-audio-capture + ]; + }; + }; }; } diff --git a/aspects/programs/office.nix b/aspects/programs/office.nix index 1fc6817..c3349f3 100644 --- a/aspects/programs/office.nix +++ b/aspects/programs/office.nix @@ -1,25 +1,22 @@ { ... }: { - flake.modules.nixos.programs-office = { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - # Spelling - aspell - aspellDicts.de - aspellDicts.en - aspellDicts.en-computers - aspellDicts.pt_BR - # Document Viewing - papers - # Presentations - presenterm - # Note Taking & Drawing - rnote - ]; + flake.modules.nixos.programs-office = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + aspell + aspellDicts.de + aspellDicts.en + aspellDicts.en-computers + aspellDicts.pt_BR + papers + presenterm + rnote + ]; - services.flatpak.packages = [ - # Office Suite - "com.collabora.Office" - ]; - }; + services.flatpak.packages = [ + "com.collabora.Office" + ]; + }; } diff --git a/aspects/programs/utilities.nix b/aspects/programs/utilities.nix index 15b267f..4a207af 100644 --- a/aspects/programs/utilities.nix +++ b/aspects/programs/utilities.nix @@ -2,64 +2,61 @@ { flake.modules = { - nixos.programs-utilities = { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - # Terminal - ghostty - # File Management - nautilus - gnome-disk-utility - # Archive Tools - p7zip - unrar - # Cloud & Remote - rclone - # System Monitoring - mission-center - # Desktop Integration - adwaita-icon-theme - junction - libfido2 - toggleaudiosink - # Xwayland Support - xwayland-satellite - ]; + nixos.programs-utilities = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + ghostty + gnome-disk-utility + mission-center + nautilus + p7zip + rclone + unrar + # Desktop Integration + adwaita-icon-theme + junction + libfido2 + toggleaudiosink + # Xwayland Support + xwayland-satellite + ]; - services.flatpak.packages = [ - # Flatpak Management - "com.github.tchx84.Flatseal" - # Remote Desktop - "com.rustdesk.RustDesk" - ]; - }; + services.flatpak.packages = [ + "com.github.tchx84.Flatseal" + "com.rustdesk.RustDesk" + ]; + }; - homeManager.programs-utilities = { pkgs, ... }: { - programs = { - ghostty = { - enable = true; - settings = { - cursor-style = "block"; - shell-integration-features = "no-cursor"; - cursor-style-blink = false; - custom-shader = "${builtins.fetchurl { - url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; - sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; - }}"; - bell-features = ""; - gtk-titlebar-style = "tabs"; - keybind = [ "shift+enter=text:\\x1b\\r" ]; + homeManager.programs-utilities = + { pkgs, ... }: + { + programs = { + ghostty = { + enable = true; + settings = { + cursor-style = "block"; + shell-integration-features = "no-cursor"; + cursor-style-blink = false; + custom-shader = "${builtins.fetchurl { + url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; + sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; + }}"; + bell-features = ""; + gtk-titlebar-style = "tabs"; + keybind = [ "shift+enter=text:\\x1b\\r" ]; + }; + }; + + password-store = { + enable = true; + package = pkgs.pass-wayland; }; }; - password-store = { - enable = true; - package = pkgs.pass-wayland; + home.sessionVariables = { + TERMINAL = "ghostty"; }; }; - - home.sessionVariables = { - TERMINAL = "ghostty"; - }; - }; }; } diff --git a/aspects/programs/web.nix b/aspects/programs/web.nix index cc3753b..a11ca57 100644 --- a/aspects/programs/web.nix +++ b/aspects/programs/web.nix @@ -1,18 +1,21 @@ { ... }: { - flake.modules.nixos.programs-web = { inputs, pkgs, system, ... }: { - environment.systemPackages = with pkgs; [ - # Browsers - inputs.zen-browser.packages."${system}".default - tor-browser - # Communication - vesktop - # Cloud & Sync - bitwarden-desktop - nextcloud-client - # Downloads - fragments - ]; - }; + flake.modules.nixos.programs-web = + { + inputs, + pkgs, + system, + ... + }: + { + environment.systemPackages = with pkgs; [ + inputs.zen-browser.packages."${system}".default + bitwarden-desktop + fragments + nextcloud-client + tor-browser + vesktop + ]; + }; } From d482fd06945b6c3422b998552472cff21e6dde0e Mon Sep 17 00:00:00 2001 From: William Date: Sun, 8 Feb 2026 14:02:12 -0300 Subject: [PATCH 163/206] flake file rearranging --- flake.nix | 57 +++++++++++++++++++++++++------------------------------ 1 file changed, 26 insertions(+), 31 deletions(-) diff --git a/flake.nix b/flake.nix index f995bad..482ebea 100644 --- a/flake.nix +++ b/flake.nix @@ -2,58 +2,52 @@ description = "My nix hosts"; inputs = { + # nix tools flake-parts.url = "github:hercules-ci/flake-parts"; import-tree.url = "github:vic/import-tree"; + # nixos/hm nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11"; - home-manager = { url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; }; + # nixos/hm functionality modules agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs-stable"; }; - disko.url = "github:nix-community/disko"; - - noctalia = { - url = "github:noctalia-dev/noctalia-shell"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - + impermanence.url = "github:nix-community/impermanence"; + nixos-cli.url = "github:nix-community/nixos-cli"; + nix-flatpak.url = "github:gmodena/nix-flatpak/main"; stylix.url = "github:danth/stylix"; - nixos-cli.url = "github:nix-community/nixos-cli"; - - nix-flatpak.url = "github:gmodena/nix-flatpak/main"; - - zen-browser.url = "github:0xc000022070/zen-browser-flake"; - - impermanence.url = "github:nix-community/impermanence"; - - deploy-rs.url = "github:serokell/deploy-rs"; - + # nixos/hm program modules niri-flake.url = "github:sodiboo/niri-flake"; - - niri.url = "github:baduhai/niri/auto-center-when-space-available"; - + nix-ai-tools.url = "github:numtide/llm-agents.nix"; nix-index-database = { url = "github:nix-community/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; }; + noctalia = { + url = "github:noctalia-dev/noctalia-shell"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + vicinae.url = "github:vicinaehq/vicinae"; + zen-browser.url = "github:0xc000022070/zen-browser-flake"; + # stand-alone tools + deploy-rs.url = "github:serokell/deploy-rs"; terranix = { url = "github:terranix/terranix"; inputs.nixpkgs.follows = "nixpkgs"; }; - nix-ai-tools.url = "github:numtide/llm-agents.nix"; - - vicinae.url = "github:vicinaehq/vicinae"; + # others + niri.url = "github:baduhai/niri/auto-center-when-space-available"; }; outputs = @@ -73,12 +67,13 @@ imports = [ flake-parts.flakeModules.modules inputs.terranix.flakeModule - ] ++ aspectsModule.imports - ++ packagesModule.imports - ++ shellsModule.imports - ++ terranixModule.imports - ++ [ - ./deploy.nix - ]; + ] + ++ aspectsModule.imports + ++ packagesModule.imports + ++ shellsModule.imports + ++ terranixModule.imports + ++ [ + ./deploy.nix + ]; }; } From aac98fda2e7d555cea374996493f1bac305b9ac9 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 11 Feb 2026 18:07:31 -0300 Subject: [PATCH 164/206] move deploy outputs to self-contained aspects --- aspects/hosts/alexandria.nix | 94 ++++++++++++++++------------- aspects/hosts/io.nix | 111 +++++++++++++++++++---------------- aspects/hosts/trantor.nix | 102 +++++++++++++++++--------------- aspects/users/user.nix | 8 ++- deploy.nix | 48 --------------- flake.nix | 19 +++--- 6 files changed, 184 insertions(+), 198 deletions(-) delete mode 100644 deploy.nix diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index 83304b1..b63c370 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -1,50 +1,60 @@ -{ inputs, ... }: +{ inputs, self, ... }: { - flake.nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "alexandria"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } + flake = { + nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "alexandria"; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root - # Server aspects - inputs.self.modules.nixos.server-boot - inputs.self.modules.nixos.server-nix - inputs.self.modules.nixos.server-tailscale + # Server aspects + inputs.self.modules.nixos.server-boot + inputs.self.modules.nixos.server-nix + inputs.self.modules.nixos.server-tailscale - # Other aspects based on tags - inputs.self.modules.nixos.fwupd + # Other aspects based on tags + inputs.self.modules.nixos.fwupd - # Host-specific files (from _alexandria/) - ./_alexandria/hardware-configuration.nix - ./_alexandria/jellyfin.nix - ./_alexandria/kanidm.nix - ./_alexandria/nextcloud.nix - ./_alexandria/nginx.nix - ./_alexandria/unbound.nix - ./_alexandria/vaultwarden.nix - ]; + # Host-specific files (from _alexandria/) + ./_alexandria/hardware-configuration.nix + ./_alexandria/jellyfin.nix + ./_alexandria/kanidm.nix + ./_alexandria/nextcloud.nix + ./_alexandria/nginx.nix + ./_alexandria/unbound.nix + ./_alexandria/vaultwarden.nix + ]; + }; + deploy.nodes.alexandria = { + hostname = "alexandria"; + profiles.system = { + sshUser = "user"; + path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; + user = "root"; + }; + }; }; } diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix index 6e5b237..2b5f72f 100644 --- a/aspects/hosts/io.nix +++ b/aspects/hosts/io.nix @@ -1,59 +1,70 @@ -{ inputs, ... }: +{ inputs, self, ... }: { - flake.nixosConfigurations.io = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "io"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } + flake = { + nixosConfigurations.io = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "io"; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root - # Desktop aspects - inputs.self.modules.nixos.desktop-boot - inputs.self.modules.nixos.desktop-desktop - inputs.self.modules.nixos.desktop-nix - inputs.self.modules.nixos.desktop-services + # Desktop aspects + inputs.self.modules.nixos.desktop-boot + inputs.self.modules.nixos.desktop-desktop + inputs.self.modules.nixos.desktop-nix + inputs.self.modules.nixos.desktop-services - # Other aspects based on tags - inputs.self.modules.nixos.ai - inputs.self.modules.nixos.bluetooth - inputs.self.modules.nixos.dev - inputs.self.modules.nixos.libvirtd - inputs.self.modules.nixos.networkmanager - inputs.self.modules.nixos.podman + # Other aspects based on tags + inputs.self.modules.nixos.ai + inputs.self.modules.nixos.bluetooth + inputs.self.modules.nixos.dev + inputs.self.modules.nixos.libvirtd + inputs.self.modules.nixos.networkmanager + inputs.self.modules.nixos.podman - # Factory-generated ephemeral module - (inputs.self.factory.ephemeral { - rootDevice = "/dev/mapper/cryptroot"; - }) + # Factory-generated ephemeral module + (inputs.self.factory.ephemeral { + rootDevice = "/dev/mapper/cryptroot"; + }) - # Host-specific files (from _io/) - ./_io/hardware-configuration.nix - ./_io/disko.nix - ./_io/boot.nix - ./_io/programs.nix - ./_io/services.nix - ]; + # Host-specific files (from _io/) + ./_io/hardware-configuration.nix + ./_io/disko.nix + ./_io/boot.nix + ./_io/programs.nix + ./_io/services.nix + ]; + }; + deploy.nodes.io = { + hostname = "io"; + profiles.system = { + sshUser = "user"; + path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.io; + user = "root"; + remoteBuild = false; + }; + }; }; } diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix index c43c6f2..c806987 100644 --- a/aspects/hosts/trantor.nix +++ b/aspects/hosts/trantor.nix @@ -1,54 +1,64 @@ -{ inputs, ... }: +{ inputs, self, ... }: { - flake.nixosConfigurations.trantor = inputs.nixpkgs-stable.lib.nixosSystem { - system = "aarch64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "trantor"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } + flake = { + nixosConfigurations.trantor = inputs.nixpkgs-stable.lib.nixosSystem { + system = "aarch64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "trantor"; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root - # Server aspects - inputs.self.modules.nixos.server-boot - inputs.self.modules.nixos.server-nix - inputs.self.modules.nixos.server-tailscale + # Server aspects + inputs.self.modules.nixos.server-boot + inputs.self.modules.nixos.server-nix + inputs.self.modules.nixos.server-tailscale - # Factory-generated ephemeral module - (inputs.self.factory.ephemeral { - rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; - }) + # Factory-generated ephemeral module + (inputs.self.factory.ephemeral { + rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; + }) - # Host-specific files (from _trantor/) - ./_trantor/hardware-configuration.nix - ./_trantor/disko.nix - ./_trantor/boot.nix - ./_trantor/fail2ban.nix - ./_trantor/forgejo.nix - ./_trantor/networking.nix - ./_trantor/nginx.nix - ./_trantor/openssh.nix - ./_trantor/unbound.nix - ]; + # Host-specific files (from _trantor/) + ./_trantor/hardware-configuration.nix + ./_trantor/disko.nix + ./_trantor/boot.nix + ./_trantor/fail2ban.nix + ./_trantor/forgejo.nix + ./_trantor/networking.nix + ./_trantor/nginx.nix + ./_trantor/openssh.nix + ./_trantor/unbound.nix + ]; + }; + deploy.nodes.trantor = { + hostname = "trantor"; + profiles.system = { + sshUser = "user"; + path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.trantor; + user = "root"; + }; + }; }; } diff --git a/aspects/users/user.nix b/aspects/users/user.nix index 050b1a5..4106ffb 100644 --- a/aspects/users/user.nix +++ b/aspects/users/user.nix @@ -1,4 +1,4 @@ -{ inputs, ... }: +{ inputs, self, ... }: { flake = { @@ -114,5 +114,11 @@ ]; }; }; + deploy.nodes.io.profiles.user = { + sshUser = "user"; + path = inputs.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations."user@io"; + user = "user"; + remoteBuild = false; + }; }; } diff --git a/deploy.nix b/deploy.nix deleted file mode 100644 index 187c92f..0000000 --- a/deploy.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ inputs, self, ... }: -{ - flake.deploy = { - remoteBuild = true; - nodes = { - alexandria = { - hostname = "alexandria"; - profiles.system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; - user = "root"; - }; - }; - - trantor = { - hostname = "trantor"; - profiles.system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.trantor; - user = "root"; - }; - }; - - io = { - hostname = "io"; - profiles = { - system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.io; - user = "root"; - remoteBuild = false; - }; - user = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations."user@io"; - user = "user"; - remoteBuild = false; - }; - }; - }; - }; - }; - perSystem = - { system, ... }: - { - checks = inputs.deploy-rs.lib.${system}.deployChecks self.deploy; - }; -} diff --git a/flake.nix b/flake.nix index 482ebea..35735d0 100644 --- a/flake.nix +++ b/flake.nix @@ -53,10 +53,10 @@ outputs = inputs@{ flake-parts, import-tree, ... }: let - aspectsModule = import-tree ./aspects; - packagesModule = import-tree ./packages; - shellsModule = import-tree ./shells; - terranixModule = import-tree ./terranix; + aspectsModules = import-tree ./aspects; + packagesModules = import-tree ./packages; + shellsModules = import-tree ./shells; + terranixModules = import-tree ./terranix; in flake-parts.lib.mkFlake { inherit inputs; } { systems = [ @@ -68,12 +68,9 @@ flake-parts.flakeModules.modules inputs.terranix.flakeModule ] - ++ aspectsModule.imports - ++ packagesModule.imports - ++ shellsModule.imports - ++ terranixModule.imports - ++ [ - ./deploy.nix - ]; + ++ aspectsModules.imports + ++ packagesModules.imports + ++ shellsModules.imports + ++ terranixModules.imports; }; } From e89cd6e91d68322020f03eee6546464140777078 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 11 Feb 2026 18:13:30 -0300 Subject: [PATCH 165/206] stylix: flake output `homeManagerModules` has been renamed to `homeModules` and will be removed after 26.05. --- aspects/stylix.nix | 135 ++++++++++++++++++++++++--------------------- 1 file changed, 72 insertions(+), 63 deletions(-) diff --git a/aspects/stylix.nix b/aspects/stylix.nix index e64386f..ec3fd42 100644 --- a/aspects/stylix.nix +++ b/aspects/stylix.nix @@ -1,71 +1,80 @@ { ... }: { flake.modules = { - nixos.stylix = { inputs, ... }: { - imports = [ inputs.stylix.nixosModules.stylix ]; - }; - - homeManager.stylix = { config, inputs, pkgs, ... }: { - imports = [ - inputs.stylix.homeManagerModules.stylix - inputs.zen-browser.homeModules.beta - ]; - - stylix = { - enable = true; - polarity = "dark"; - base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyodark.yaml"; - cursor = { - package = pkgs.kdePackages.breeze; - name = "breeze_cursors"; - size = 24; - }; - icons = { - enable = true; - package = pkgs.morewaita-icon-theme; - light = "MoreWaita"; - dark = "MoreWaita"; - }; - opacity = { - applications = 1.0; - desktop = 1.0; - popups = config.stylix.opacity.desktop; - terminal = 1.0; - }; - fonts = { - serif = { - package = pkgs.source-serif; - name = "Source Serif 4 Display"; - }; - sansSerif = { - package = pkgs.inter; - name = "Inter"; - }; - monospace = { - package = pkgs.nerd-fonts.fira-code; - name = "FiraCode Nerd Font"; - }; - emoji = { - package = pkgs.noto-fonts-color-emoji; - name = "Noto Color Emoji"; - }; - sizes = { - applications = 10; - desktop = config.stylix.fonts.sizes.applications; - popups = config.stylix.fonts.sizes.applications; - terminal = 12; - }; - }; - targets.zen-browser = { - enable = true; - profileNames = [ "william" ]; - }; + nixos.stylix = + { inputs, ... }: + { + imports = [ inputs.stylix.nixosModules.stylix ]; }; - programs.zen-browser = { - enable = true; - profiles.william = { }; + homeManager.stylix = + { + config, + inputs, + pkgs, + ... + }: + { + imports = [ + inputs.stylix.homeModules.stylix + inputs.zen-browser.homeModules.beta + ]; + + stylix = { + enable = true; + polarity = "dark"; + base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyodark.yaml"; + cursor = { + package = pkgs.kdePackages.breeze; + name = "breeze_cursors"; + size = 24; + }; + icons = { + enable = true; + package = pkgs.morewaita-icon-theme; + light = "MoreWaita"; + dark = "MoreWaita"; + }; + opacity = { + applications = 1.0; + desktop = 1.0; + popups = config.stylix.opacity.desktop; + terminal = 1.0; + }; + fonts = { + serif = { + package = pkgs.source-serif; + name = "Source Serif 4 Display"; + }; + sansSerif = { + package = pkgs.inter; + name = "Inter"; + }; + monospace = { + package = pkgs.nerd-fonts.fira-code; + name = "FiraCode Nerd Font"; + }; + emoji = { + package = pkgs.noto-fonts-color-emoji; + name = "Noto Color Emoji"; + }; + sizes = { + applications = 10; + desktop = config.stylix.fonts.sizes.applications; + popups = config.stylix.fonts.sizes.applications; + terminal = 12; + }; + }; + targets.zen-browser = { + enable = true; + profileNames = [ "william" ]; + }; + }; + + programs.zen-browser = { + enable = true; + profiles.william = { }; + }; }; - }; }; } From 2998dd81adcab30bb04112eebe48c737675222e4 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 11 Feb 2026 18:14:00 -0300 Subject: [PATCH 166/206] users.root -> users.users.root --- aspects/users/root.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspects/users/root.nix b/aspects/users/root.nix index 18b70eb..ff04c56 100644 --- a/aspects/users/root.nix +++ b/aspects/users/root.nix @@ -4,7 +4,7 @@ flake.modules.nixos.root = { pkgs, ... }: { - users.root = { + users.users.root = { shell = pkgs.fish; hashedPassword = "!"; }; From 06b0c379601d71d9fe9e5c8a1b7b94a6f632d560 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 12 Feb 2026 16:41:53 -0300 Subject: [PATCH 167/206] no more deploy-rs --- aspects/hosts/alexandria.nix | 92 +++++++++--------- aspects/hosts/io.nix | 109 ++++++++++------------ aspects/hosts/trantor.nix | 100 +++++++++----------- aspects/users/user.nix | 6 -- flake.lock | 174 +++++++++-------------------------- flake.nix | 1 - shells/default.nix | 1 - 7 files changed, 179 insertions(+), 304 deletions(-) diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index b63c370..28c333e 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -1,60 +1,50 @@ { inputs, self, ... }: { - flake = { - nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "alexandria"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } + flake.nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "alexandria"; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root - # Server aspects - inputs.self.modules.nixos.server-boot - inputs.self.modules.nixos.server-nix - inputs.self.modules.nixos.server-tailscale + # Server aspects + inputs.self.modules.nixos.server-boot + inputs.self.modules.nixos.server-nix + inputs.self.modules.nixos.server-tailscale - # Other aspects based on tags - inputs.self.modules.nixos.fwupd + # Other aspects based on tags + inputs.self.modules.nixos.fwupd - # Host-specific files (from _alexandria/) - ./_alexandria/hardware-configuration.nix - ./_alexandria/jellyfin.nix - ./_alexandria/kanidm.nix - ./_alexandria/nextcloud.nix - ./_alexandria/nginx.nix - ./_alexandria/unbound.nix - ./_alexandria/vaultwarden.nix - ]; - }; - deploy.nodes.alexandria = { - hostname = "alexandria"; - profiles.system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; - user = "root"; - }; - }; + # Host-specific files (from _alexandria/) + ./_alexandria/hardware-configuration.nix + ./_alexandria/jellyfin.nix + ./_alexandria/kanidm.nix + ./_alexandria/nextcloud.nix + ./_alexandria/nginx.nix + ./_alexandria/unbound.nix + ./_alexandria/vaultwarden.nix + ]; }; } diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix index 2b5f72f..c6c3dbf 100644 --- a/aspects/hosts/io.nix +++ b/aspects/hosts/io.nix @@ -1,70 +1,59 @@ { inputs, self, ... }: { - flake = { - nixosConfigurations.io = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "io"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } + flake.nixosConfigurations.io = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "io"; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root - # Desktop aspects - inputs.self.modules.nixos.desktop-boot - inputs.self.modules.nixos.desktop-desktop - inputs.self.modules.nixos.desktop-nix - inputs.self.modules.nixos.desktop-services + # Desktop aspects + inputs.self.modules.nixos.desktop-boot + inputs.self.modules.nixos.desktop-desktop + inputs.self.modules.nixos.desktop-nix + inputs.self.modules.nixos.desktop-services - # Other aspects based on tags - inputs.self.modules.nixos.ai - inputs.self.modules.nixos.bluetooth - inputs.self.modules.nixos.dev - inputs.self.modules.nixos.libvirtd - inputs.self.modules.nixos.networkmanager - inputs.self.modules.nixos.podman + # Other aspects based on tags + inputs.self.modules.nixos.ai + inputs.self.modules.nixos.bluetooth + inputs.self.modules.nixos.dev + inputs.self.modules.nixos.libvirtd + inputs.self.modules.nixos.networkmanager + inputs.self.modules.nixos.podman - # Factory-generated ephemeral module - (inputs.self.factory.ephemeral { - rootDevice = "/dev/mapper/cryptroot"; - }) + # Factory-generated ephemeral module + (inputs.self.factory.ephemeral { + rootDevice = "/dev/mapper/cryptroot"; + }) - # Host-specific files (from _io/) - ./_io/hardware-configuration.nix - ./_io/disko.nix - ./_io/boot.nix - ./_io/programs.nix - ./_io/services.nix - ]; - }; - deploy.nodes.io = { - hostname = "io"; - profiles.system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.io; - user = "root"; - remoteBuild = false; - }; - }; + # Host-specific files (from _io/) + ./_io/hardware-configuration.nix + ./_io/disko.nix + ./_io/boot.nix + ./_io/programs.nix + ./_io/services.nix + ]; }; } diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix index c806987..3de68a9 100644 --- a/aspects/hosts/trantor.nix +++ b/aspects/hosts/trantor.nix @@ -1,64 +1,54 @@ { inputs, self, ... }: { - flake = { - nixosConfigurations.trantor = inputs.nixpkgs-stable.lib.nixosSystem { - system = "aarch64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "trantor"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } + flake.nixosConfigurations.trantor = inputs.nixpkgs-stable.lib.nixosSystem { + system = "aarch64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "trantor"; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root - # Server aspects - inputs.self.modules.nixos.server-boot - inputs.self.modules.nixos.server-nix - inputs.self.modules.nixos.server-tailscale + # Server aspects + inputs.self.modules.nixos.server-boot + inputs.self.modules.nixos.server-nix + inputs.self.modules.nixos.server-tailscale - # Factory-generated ephemeral module - (inputs.self.factory.ephemeral { - rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; - }) + # Factory-generated ephemeral module + (inputs.self.factory.ephemeral { + rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; + }) - # Host-specific files (from _trantor/) - ./_trantor/hardware-configuration.nix - ./_trantor/disko.nix - ./_trantor/boot.nix - ./_trantor/fail2ban.nix - ./_trantor/forgejo.nix - ./_trantor/networking.nix - ./_trantor/nginx.nix - ./_trantor/openssh.nix - ./_trantor/unbound.nix - ]; - }; - deploy.nodes.trantor = { - hostname = "trantor"; - profiles.system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.trantor; - user = "root"; - }; - }; + # Host-specific files (from _trantor/) + ./_trantor/hardware-configuration.nix + ./_trantor/disko.nix + ./_trantor/boot.nix + ./_trantor/fail2ban.nix + ./_trantor/forgejo.nix + ./_trantor/networking.nix + ./_trantor/nginx.nix + ./_trantor/openssh.nix + ./_trantor/unbound.nix + ]; }; } diff --git a/aspects/users/user.nix b/aspects/users/user.nix index 4106ffb..ad1b8ca 100644 --- a/aspects/users/user.nix +++ b/aspects/users/user.nix @@ -114,11 +114,5 @@ ]; }; }; - deploy.nodes.io.profiles.user = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations."user@io"; - user = "user"; - remoteBuild = false; - }; }; } diff --git a/flake.lock b/flake.lock index c7b2e16..05b233b 100644 --- a/flake.lock +++ b/flake.lock @@ -97,7 +97,7 @@ "nix-ai-tools", "nixpkgs" ], - "systems": "systems_3" + "systems": "systems_2" }, "locked": { "lastModified": 1767386128, @@ -135,29 +135,9 @@ "type": "github" } }, - "deploy-rs": { - "inputs": { - "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs", - "utils": "utils" - }, - "locked": { - "lastModified": 1766051518, - "narHash": "sha256-znKOwPXQnt3o7lDb3hdf19oDo0BLP4MfBOYiWkEHoik=", - "owner": "serokell", - "repo": "deploy-rs", - "rev": "d5eff7f948535b9c723d60cd8239f8f11ddc90fa", - "type": "github" - }, - "original": { - "owner": "serokell", - "repo": "deploy-rs", - "type": "github" - } - }, "disko": { "inputs": { - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs" }, "locked": { "lastModified": 1768923567, @@ -190,22 +170,6 @@ } }, "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { "flake": false, "locked": { "lastModified": 1767039857, @@ -221,7 +185,7 @@ "type": "github" } }, - "flake-compat_3": { + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1747046372, @@ -437,7 +401,7 @@ "impermanence": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1768835187, @@ -470,7 +434,7 @@ }, "niri": { "inputs": { - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_3", "rust-overlay": "rust-overlay" }, "locked": { @@ -492,7 +456,7 @@ "inputs": { "niri-stable": "niri-stable", "niri-unstable": "niri-unstable", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "nixpkgs-stable": "nixpkgs-stable", "xwayland-satellite-stable": "xwayland-satellite-stable", "xwayland-satellite-unstable": "xwayland-satellite-unstable" @@ -547,7 +511,7 @@ "nix-ai-tools": { "inputs": { "blueprint": "blueprint", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_5", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -602,9 +566,9 @@ }, "nixos-cli": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat", "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_6", "optnix": "optnix" }, "locked": { @@ -623,11 +587,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743014863, - "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=", + "lastModified": 1768661221, + "narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f", + "rev": "3327b113f2ef698d380df83fbccefad7e83d7769", "type": "github" }, "original": { @@ -700,22 +664,6 @@ } }, "nixpkgs_10": { - "locked": { - "lastModified": 1767767207, - "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { "locked": { "lastModified": 1762111121, "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", @@ -731,7 +679,7 @@ "type": "github" } }, - "nixpkgs_12": { + "nixpkgs_11": { "locked": { "lastModified": 1768127708, "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", @@ -748,22 +696,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1768661221, - "narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "3327b113f2ef698d380df83fbccefad7e83d7769", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1768564909, "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", @@ -779,7 +711,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1757967192, "narHash": "sha256-/aA9A/OBmnuOMgwfzdsXRusqzUpd8rQnQY8jtrHK+To=", @@ -795,7 +727,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { "lastModified": 1768564909, "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", @@ -811,7 +743,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { "lastModified": 1768783163, "narHash": "sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo+w8KsY4=", @@ -827,7 +759,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_6": { "locked": { "lastModified": 1767151656, "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", @@ -843,7 +775,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_7": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -859,7 +791,7 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_8": { "locked": { "lastModified": 1768564909, "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", @@ -875,6 +807,22 @@ "type": "github" } }, + "nixpkgs_9": { + "locked": { + "lastModified": 1767767207, + "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "noctalia": { "inputs": { "nixpkgs": [ @@ -922,8 +870,8 @@ }, "optnix": { "inputs": { - "flake-compat": "flake-compat_3", - "nixpkgs": "nixpkgs_8" + "flake-compat": "flake-compat_2", + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1765418479, @@ -942,7 +890,6 @@ "root": { "inputs": { "agenix": "agenix", - "deploy-rs": "deploy-rs", "disko": "disko", "flake-parts": "flake-parts", "home-manager": "home-manager_2", @@ -954,7 +901,7 @@ "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_8", "nixpkgs-stable": "nixpkgs-stable_2", "noctalia": "noctalia", "stylix": "stylix", @@ -993,9 +940,9 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_3", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_9", "nur": "nur", - "systems": "systems_4", + "systems": "systems_3", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -1091,28 +1038,13 @@ "type": "github" } }, - "systems_6": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "terranix": { "inputs": { "flake-parts": "flake-parts_4", "nixpkgs": [ "nixpkgs" ], - "systems": "systems_5" + "systems": "systems_4" }, "locked": { "lastModified": 1762472226, @@ -1230,28 +1162,10 @@ "type": "github" } }, - "utils": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "vicinae": { "inputs": { - "nixpkgs": "nixpkgs_11", - "systems": "systems_6" + "nixpkgs": "nixpkgs_10", + "systems": "systems_5" }, "locked": { "lastModified": 1768856963, @@ -1303,7 +1217,7 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_4", - "nixpkgs": "nixpkgs_12" + "nixpkgs": "nixpkgs_11" }, "locked": { "lastModified": 1768919538, diff --git a/flake.nix b/flake.nix index 35735d0..6026fa3 100644 --- a/flake.nix +++ b/flake.nix @@ -40,7 +40,6 @@ zen-browser.url = "github:0xc000022070/zen-browser-flake"; # stand-alone tools - deploy-rs.url = "github:serokell/deploy-rs"; terranix = { url = "github:terranix/terranix"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/shells/default.nix b/shells/default.nix index 1c93cf3..a7cda20 100644 --- a/shells/default.nix +++ b/shells/default.nix @@ -7,7 +7,6 @@ devShells.default = pkgs.mkShell { packages = with pkgs; [ inputs.agenix.packages.${system}.default - deploy-rs nil nixfmt ]; From 7309074f25a641007e38bdbca3bca2e9d342a44b Mon Sep 17 00:00:00 2001 From: William Date: Thu, 12 Feb 2026 17:16:01 -0300 Subject: [PATCH 168/206] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/fcdea223397448d35d9b31f798479227e80183f6?narHash=sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L%2BVSybPfiIgzU8lbQ%3D' (2025-11-08) → 'github:ryantm/agenix/b027ee29d959fda4b60b57566d64c98a202e0feb?narHash=sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I%3D' (2026-02-04) • Updated input 'disko': 'github:nix-community/disko/00395d188e3594a1507f214a2f15d4ce5c07cb28?narHash=sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q%3D' (2026-01-20) → 'github:nix-community/disko/71a3fc97d80881e91710fe721f1158d3b96ae14d?narHash=sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE%3D' (2026-01-27) • Updated input 'disko/nixpkgs': 'github:NixOS/nixpkgs/3327b113f2ef698d380df83fbccefad7e83d7769?narHash=sha256-MJwOjrIISfOpdI9x4C%2B5WFQXvHtOuj5mqLZ4TMEtk1M%3D' (2026-01-17) → 'github:NixOS/nixpkgs/48698d12cc10555a4f3e3222d9c669b884a49dfe?narHash=sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv%2B6jcvA212M%3D' (2026-01-25) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/80daad04eddbbf5a4d883996a73f3f542fa437ac?narHash=sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY%3D' (2026-01-11) → 'github:hercules-ci/flake-parts/57928607ea566b5db3ad13af0e57e921e6b12381?narHash=sha256-AnYjnFWgS49RlqX7LrC4uA%2BsCCDBj0Ry/WOJ5XWAsa0%3D' (2026-02-02) • Updated input 'flake-parts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/2075416fcb47225d9b68ac469a5c4801a9c4dd85?narHash=sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo%3D' (2025-12-14) → 'github:nix-community/nixpkgs.lib/72716169fe93074c333e8d0173151350670b824c?narHash=sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ%2BQDT/KDuyHXVJOpM%3D' (2026-02-01) • Updated input 'home-manager': 'github:nix-community/home-manager/63a87808f5f9b6e4195a1d33f6ea25d23f4aa0df?narHash=sha256-zyMpWHqcpKVmRc1W2NEK7DAuyVJZV62Jdjqudg70b1k%3D' (2026-01-20) → 'github:nix-community/home-manager/6a1f7101d2c3ee87d485a87880d73b4665c6a4bd?narHash=sha256-ZwU5wXKNqpOQvjNz6aBp1j5peiBZow1%2B%2B6pLnk5VAhs%3D' (2026-02-12) • Updated input 'impermanence': 'github:nix-community/impermanence/0d633a69480bb3a3e2f18c080d34a8fa81da6395?narHash=sha256-6nY0ixjGjPQCL%2B/sUC1B1MRiO1LOI3AkRSIywm3i3bE%3D' (2026-01-19) → 'github:nix-community/impermanence/7b1d382faf603b6d264f58627330f9faa5cba149?narHash=sha256-03%2BJxvzmfwRu%2B5JafM0DLbxgHttOQZkUtDWBmeUkN8Y%3D' (2026-01-27) • Updated input 'niri-flake': 'github:sodiboo/niri-flake/6581f5458309233622c1b73c8902dcaea7be16eb?narHash=sha256-ct4qxmFJeJbaJKiOnXOZmRmVmk7TpT%2BlohuTgTr%2BkYQ%3D' (2026-01-20) → 'github:sodiboo/niri-flake/7634add8bf2dd225d04f535de4bd0ee60982f367?narHash=sha256-QgJZ%2BW6YE6nAzO/m7ezamAzr9DTflIEXRozMivL0%2Bhc%3D' (2026-02-11) • Updated input 'niri-flake/niri-unstable': 'github:YaLTeR/niri/d7184a04b904e07113f4623610775ae78d32394c?narHash=sha256-Ub8eed4DsfIDWyg30xEe%2B8bSxL/z5Af/gCjmvJ0V/Hs%3D' (2026-01-17) → 'github:YaLTeR/niri/41b5de87692b8262fbdbff7faab93f04ff0be453?narHash=sha256-8GzUa8bCyQ688jYW2waXrOqetTr7oV8UPTO2He%2B5Hsg%3D' (2026-02-10) • Updated input 'niri-flake/nixpkgs': 'github:NixOS/nixpkgs/e4bae1bd10c9c57b2cf517953ab70060a828ee6f?narHash=sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc%3D' (2026-01-16) → 'github:NixOS/nixpkgs/d6c71932130818840fc8fe9509cf50be8c64634f?narHash=sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84%3D' (2026-02-08) • Updated input 'niri-flake/nixpkgs-stable': 'github:NixOS/nixpkgs/77ef7a29d276c6d8303aece3444d61118ef71ac2?narHash=sha256-XsM7GP3jHlephymxhDE%2B/TKKO1Q16phz/vQiLBGhpF4%3D' (2026-01-18) → 'github:NixOS/nixpkgs/6c5e707c6b5339359a9a9e215c5e66d6d802fd7a?narHash=sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs%3D' (2026-02-11) • Updated input 'niri-flake/xwayland-satellite-unstable': 'github:Supreeeme/xwayland-satellite/ed1cef792b4def3321ff9ab5479df09609f17a69?narHash=sha256-C1JbyJ3ftogmN3vmLNfyPtnJw2wY64TiUTIhFtk1Leg%3D' (2026-01-18) → 'github:Supreeeme/xwayland-satellite/86f5bd5d867ad6e120935dfe825f6b903ebbeddd?narHash=sha256-Q75S8cEqJoZ92s1y4zArvk2U1ayAy2E4SaF7gbNXkYQ%3D' (2026-02-08) • Updated input 'nix-ai-tools': 'github:numtide/llm-agents.nix/78f3fdc13ef903475aa5bfc0f85eeefaa36af837?narHash=sha256-gFoGvnW2YDWsxKD56kdiXbhh9vBPAU3yusssbXF0UMo%3D' (2026-01-20) → 'github:numtide/llm-agents.nix/266d4d8a55eef6dd23cd0adced301053d8fc23c9?narHash=sha256-HQXK2CXAhBuTBw99Ip018Vp9MMAPfJVywgRrkwMUgMc%3D' (2026-02-12) • Updated input 'nix-ai-tools/blueprint': 'github:numtide/blueprint/0ed984d51a3031065925ab08812a5434f40b93d4?narHash=sha256-BJDu7dIMauO2nYRSL4aI8wDNtEm2KOb7lDKP3hxdrpo%3D' (2026-01-02) → 'github:numtide/blueprint/c7da5c70ad1c9b60b6f5d4f674fbe205d48d8f6c?narHash=sha256-zI%2B7cbMI4wMIR57jMjDSEsVb3grapTnURDxxJPYFIW0%3D' (2026-01-25) • Updated input 'nix-ai-tools/nixpkgs': 'github:NixOS/nixpkgs/bde09022887110deb780067364a0818e89258968?narHash=sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo%2Bw8KsY4%3D' (2026-01-19) → 'github:NixOS/nixpkgs/2343bbb58f99267223bc2aac4fc9ea301a155a16?narHash=sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8%3D' (2026-02-11) • Updated input 'nix-ai-tools/treefmt-nix': 'github:numtide/treefmt-nix/e96d59dff5c0d7fddb9d113ba108f03c3ef99eca?narHash=sha256-67vyT1%2BxClLldnumAzCTBvU0jLZ1YBcf4vANRWP3%2BAk%3D' (2026-01-11) → 'github:numtide/treefmt-nix/337a4fe074be1042a35086f15481d763b8ddc0e7?narHash=sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD%2BFyxk%3D' (2026-02-04) • Updated input 'nix-index-database': 'github:nix-community/nix-index-database/82befcf7dc77c909b0f2a09f5da910ec95c5b78f?narHash=sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws%3D' (2025-12-09) → 'github:nix-community/nix-index-database/2684bb8080a6f2ca5f9d494de5ef875bc1c4ecdb?narHash=sha256-hy0gcAgAcxrnSWKGuNO%2BOb0x6jQ2xkR6hoaR0qJBHYs%3D' (2026-02-05) • Updated input 'nixos-cli': 'github:nix-community/nixos-cli/5e79001c7a8b556c3c61d4ef38f0f0fa1187ee90?narHash=sha256-6w1Mhg6%2B46LlaheCa1O/jIk02ukerZ7DdUf9GlQVGxc%3D' (2026-01-18) → 'github:nix-community/nixos-cli/9a2e97e8832b211df22c5cb21a55ebf1c3eb2be1?narHash=sha256-TFRhwVzPg3ly388J3CYYvjrma/dWjsBVpNE437bWeHk%3D' (2026-02-12) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/e4bae1bd10c9c57b2cf517953ab70060a828ee6f?narHash=sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc%3D' (2026-01-16) → 'github:nixos/nixpkgs/d6c71932130818840fc8fe9509cf50be8c64634f?narHash=sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84%3D' (2026-02-08) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/77ef7a29d276c6d8303aece3444d61118ef71ac2?narHash=sha256-XsM7GP3jHlephymxhDE%2B/TKKO1Q16phz/vQiLBGhpF4%3D' (2026-01-18) → 'github:nixos/nixpkgs/6c5e707c6b5339359a9a9e215c5e66d6d802fd7a?narHash=sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs%3D' (2026-02-11) • Updated input 'noctalia': 'github:noctalia-dev/noctalia-shell/1ef5c0eb307e8a4f30dfa6bcc75cf90ae8c6af46?narHash=sha256-T4H/VMjGwBuHEIrPYWfXQ73XV0foCuFGgH7k3SNSJDo%3D' (2026-01-20) → 'github:noctalia-dev/noctalia-shell/d87364964948b9d691f8363f85a5e23bee154df9?narHash=sha256-xg40mnp5KKBepACmvlPzmn5iPyUBxktfv50saSVUn0M%3D' (2026-02-12) • Updated input 'stylix': 'github:danth/stylix/06684f00cfbee14da96fd4307b966884de272d3a?narHash=sha256-3%2Bh7OxqfrPIB/tRsiZXWE9sCbTm7NQN5Ie428p%2BS6BA%3D' (2026-01-18) → 'github:danth/stylix/db03fed72e5ca02be34e1d24789345a943329738?narHash=sha256-QHFYyngohNhih4w%2B3IqQty5DV%2Bp1txsx1kkk6XJWar8%3D' (2026-02-12) • Updated input 'vicinae': 'github:vicinaehq/vicinae/934bc0ad47be6dbd6498a0dac655c4613fd0ab27?narHash=sha256-u5bWDuwk6oieTnvm1YjNotcYK8iJSddH5%2BS68%2BX4TSc%3D' (2026-01-19) → 'github:vicinaehq/vicinae/0c70267ab7e07d7972012fcf8ae58808a32a2e86?narHash=sha256-21lurBRyHgJbVD3E0/i7Fhxi4rBUxyznGfKpdGVtEdc%3D' (2026-02-12) • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/37149a5b77e8fd2b5332e8cec9edf39ca5b8e8bc?narHash=sha256-w10iy/aqd5LtD78NDWWG%2BeKGzkb%2BcGhAAo7PVciLbWE%3D' (2026-01-20) → 'github:0xc000022070/zen-browser-flake/0078cf2d5e81eb56a9356d51f2738f7141194de1?narHash=sha256-iJ9c0ZewfRRYUflaEOj43n5TWaB6Ezygn2UA/ZHGQJA%3D' (2026-02-12) • Updated input 'zen-browser/home-manager': 'github:nix-community/home-manager/b4d88c9ac42ae1a745283f6547701da43b6e9f9b?narHash=sha256-cJbFn17oyg6qAraLr%2BNVeNJrXsrzJdrudkzI4H2iTcg%3D' (2026-01-14) → 'github:nix-community/home-manager/f4ad5068ee8e89e4a7c2e963e10dd35cd77b37b7?narHash=sha256-07HMIGQ/WJeAQJooA7Kkg1SDKxhAiV6eodvOwTX6WKI%3D' (2026-01-31) • Updated input 'zen-browser/nixpkgs': 'github:nixos/nixpkgs/ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38?narHash=sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs%3D' (2026-01-11) → 'github:nixos/nixpkgs/bfc1b8a4574108ceef22f02bafcf6611380c100d?narHash=sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI%3D' (2026-01-26) --- flake.lock | 156 ++++++++++++++++++++++++++--------------------------- 1 file changed, 78 insertions(+), 78 deletions(-) diff --git a/flake.lock b/flake.lock index 05b233b..806550a 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1762618334, - "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "lastModified": 1770165109, + "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", "owner": "ryantm", "repo": "agenix", - "rev": "fcdea223397448d35d9b31f798479227e80183f6", + "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", "type": "github" }, "original": { @@ -100,11 +100,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1767386128, - "narHash": "sha256-BJDu7dIMauO2nYRSL4aI8wDNtEm2KOb7lDKP3hxdrpo=", + "lastModified": 1769353768, + "narHash": "sha256-zI+7cbMI4wMIR57jMjDSEsVb3grapTnURDxxJPYFIW0=", "owner": "numtide", "repo": "blueprint", - "rev": "0ed984d51a3031065925ab08812a5434f40b93d4", + "rev": "c7da5c70ad1c9b60b6f5d4f674fbe205d48d8f6c", "type": "github" }, "original": { @@ -140,11 +140,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1768923567, - "narHash": "sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q=", + "lastModified": 1769524058, + "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=", "owner": "nix-community", "repo": "disko", - "rev": "00395d188e3594a1507f214a2f15d4ce5c07cb28", + "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d", "type": "github" }, "original": { @@ -206,11 +206,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1768135262, - "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "type": "github" }, "original": { @@ -342,11 +342,11 @@ ] }, "locked": { - "lastModified": 1768927746, - "narHash": "sha256-zyMpWHqcpKVmRc1W2NEK7DAuyVJZV62Jdjqudg70b1k=", + "lastModified": 1770915843, + "narHash": "sha256-ZwU5wXKNqpOQvjNz6aBp1j5peiBZow1++6pLnk5VAhs=", "owner": "nix-community", "repo": "home-manager", - "rev": "63a87808f5f9b6e4195a1d33f6ea25d23f4aa0df", + "rev": "6a1f7101d2c3ee87d485a87880d73b4665c6a4bd", "type": "github" }, "original": { @@ -385,11 +385,11 @@ ] }, "locked": { - "lastModified": 1768434960, - "narHash": "sha256-cJbFn17oyg6qAraLr+NVeNJrXsrzJdrudkzI4H2iTcg=", + "lastModified": 1769872935, + "narHash": "sha256-07HMIGQ/WJeAQJooA7Kkg1SDKxhAiV6eodvOwTX6WKI=", "owner": "nix-community", "repo": "home-manager", - "rev": "b4d88c9ac42ae1a745283f6547701da43b6e9f9b", + "rev": "f4ad5068ee8e89e4a7c2e963e10dd35cd77b37b7", "type": "github" }, "original": { @@ -404,11 +404,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1768835187, - "narHash": "sha256-6nY0ixjGjPQCL+/sUC1B1MRiO1LOI3AkRSIywm3i3bE=", + "lastModified": 1769548169, + "narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=", "owner": "nix-community", "repo": "impermanence", - "rev": "0d633a69480bb3a3e2f18c080d34a8fa81da6395", + "rev": "7b1d382faf603b6d264f58627330f9faa5cba149", "type": "github" }, "original": { @@ -462,11 +462,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1768877436, - "narHash": "sha256-ct4qxmFJeJbaJKiOnXOZmRmVmk7TpT+lohuTgTr+kYQ=", + "lastModified": 1770844822, + "narHash": "sha256-QgJZ+W6YE6nAzO/m7ezamAzr9DTflIEXRozMivL0+hc=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "6581f5458309233622c1b73c8902dcaea7be16eb", + "rev": "7634add8bf2dd225d04f535de4bd0ee60982f367", "type": "github" }, "original": { @@ -495,11 +495,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1768678265, - "narHash": "sha256-Ub8eed4DsfIDWyg30xEe+8bSxL/z5Af/gCjmvJ0V/Hs=", + "lastModified": 1770735554, + "narHash": "sha256-8GzUa8bCyQ688jYW2waXrOqetTr7oV8UPTO2He+5Hsg=", "owner": "YaLTeR", "repo": "niri", - "rev": "d7184a04b904e07113f4623610775ae78d32394c", + "rev": "41b5de87692b8262fbdbff7faab93f04ff0be453", "type": "github" }, "original": { @@ -515,11 +515,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1768922080, - "narHash": "sha256-gFoGvnW2YDWsxKD56kdiXbhh9vBPAU3yusssbXF0UMo=", + "lastModified": 1770907059, + "narHash": "sha256-HQXK2CXAhBuTBw99Ip018Vp9MMAPfJVywgRrkwMUgMc=", "owner": "numtide", "repo": "llm-agents.nix", - "rev": "78f3fdc13ef903475aa5bfc0f85eeefaa36af837", + "rev": "266d4d8a55eef6dd23cd0adced301053d8fc23c9", "type": "github" }, "original": { @@ -551,11 +551,11 @@ ] }, "locked": { - "lastModified": 1765267181, - "narHash": "sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws=", + "lastModified": 1770315571, + "narHash": "sha256-hy0gcAgAcxrnSWKGuNO+Ob0x6jQ2xkR6hoaR0qJBHYs=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "82befcf7dc77c909b0f2a09f5da910ec95c5b78f", + "rev": "2684bb8080a6f2ca5f9d494de5ef875bc1c4ecdb", "type": "github" }, "original": { @@ -572,11 +572,11 @@ "optnix": "optnix" }, "locked": { - "lastModified": 1768778579, - "narHash": "sha256-6w1Mhg6+46LlaheCa1O/jIk02ukerZ7DdUf9GlQVGxc=", + "lastModified": 1770862985, + "narHash": "sha256-TFRhwVzPg3ly388J3CYYvjrma/dWjsBVpNE437bWeHk=", "owner": "nix-community", "repo": "nixos-cli", - "rev": "5e79001c7a8b556c3c61d4ef38f0f0fa1187ee90", + "rev": "9a2e97e8832b211df22c5cb21a55ebf1c3eb2be1", "type": "github" }, "original": { @@ -587,11 +587,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1768661221, - "narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=", + "lastModified": 1769330179, + "narHash": "sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv+6jcvA212M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3327b113f2ef698d380df83fbccefad7e83d7769", + "rev": "48698d12cc10555a4f3e3222d9c669b884a49dfe", "type": "github" }, "original": { @@ -603,11 +603,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1765674936, - "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", + "lastModified": 1769909678, + "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", + "rev": "72716169fe93074c333e8d0173151350670b824c", "type": "github" }, "original": { @@ -633,11 +633,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1768773494, - "narHash": "sha256-XsM7GP3jHlephymxhDE+/TKKO1Q16phz/vQiLBGhpF4=", + "lastModified": 1770770419, + "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "77ef7a29d276c6d8303aece3444d61118ef71ac2", + "rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a", "type": "github" }, "original": { @@ -649,11 +649,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1768773494, - "narHash": "sha256-XsM7GP3jHlephymxhDE+/TKKO1Q16phz/vQiLBGhpF4=", + "lastModified": 1770770419, + "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "77ef7a29d276c6d8303aece3444d61118ef71ac2", + "rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a", "type": "github" }, "original": { @@ -681,11 +681,11 @@ }, "nixpkgs_11": { "locked": { - "lastModified": 1768127708, - "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", + "lastModified": 1769461804, + "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38", + "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", "type": "github" }, "original": { @@ -729,11 +729,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1768564909, - "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", + "lastModified": 1770562336, + "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", + "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", "type": "github" }, "original": { @@ -745,11 +745,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1768783163, - "narHash": "sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo+w8KsY4=", + "lastModified": 1770843696, + "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bde09022887110deb780067364a0818e89258968", + "rev": "2343bbb58f99267223bc2aac4fc9ea301a155a16", "type": "github" }, "original": { @@ -793,11 +793,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1768564909, - "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", + "lastModified": 1770562336, + "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", + "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", "type": "github" }, "original": { @@ -830,11 +830,11 @@ ] }, "locked": { - "lastModified": 1768924718, - "narHash": "sha256-T4H/VMjGwBuHEIrPYWfXQ73XV0foCuFGgH7k3SNSJDo=", + "lastModified": 1770922006, + "narHash": "sha256-xg40mnp5KKBepACmvlPzmn5iPyUBxktfv50saSVUn0M=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "1ef5c0eb307e8a4f30dfa6bcc75cf90ae8c6af46", + "rev": "d87364964948b9d691f8363f85a5e23bee154df9", "type": "github" }, "original": { @@ -950,11 +950,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1768744881, - "narHash": "sha256-3+h7OxqfrPIB/tRsiZXWE9sCbTm7NQN5Ie428p+S6BA=", + "lastModified": 1770914701, + "narHash": "sha256-QHFYyngohNhih4w+3IqQty5DV+p1txsx1kkk6XJWar8=", "owner": "danth", "repo": "stylix", - "rev": "06684f00cfbee14da96fd4307b966884de272d3a", + "rev": "db03fed72e5ca02be34e1d24789345a943329738", "type": "github" }, "original": { @@ -1149,11 +1149,11 @@ ] }, "locked": { - "lastModified": 1768158989, - "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=", + "lastModified": 1770228511, + "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca", + "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7", "type": "github" }, "original": { @@ -1168,11 +1168,11 @@ "systems": "systems_5" }, "locked": { - "lastModified": 1768856963, - "narHash": "sha256-u5bWDuwk6oieTnvm1YjNotcYK8iJSddH5+S68+X4TSc=", + "lastModified": 1770912475, + "narHash": "sha256-21lurBRyHgJbVD3E0/i7Fhxi4rBUxyznGfKpdGVtEdc=", "owner": "vicinaehq", "repo": "vicinae", - "rev": "934bc0ad47be6dbd6498a0dac655c4613fd0ab27", + "rev": "0c70267ab7e07d7972012fcf8ae58808a32a2e86", "type": "github" }, "original": { @@ -1201,11 +1201,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1768765571, - "narHash": "sha256-C1JbyJ3ftogmN3vmLNfyPtnJw2wY64TiUTIhFtk1Leg=", + "lastModified": 1770583271, + "narHash": "sha256-Q75S8cEqJoZ92s1y4zArvk2U1ayAy2E4SaF7gbNXkYQ=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "ed1cef792b4def3321ff9ab5479df09609f17a69", + "rev": "86f5bd5d867ad6e120935dfe825f6b903ebbeddd", "type": "github" }, "original": { @@ -1220,11 +1220,11 @@ "nixpkgs": "nixpkgs_11" }, "locked": { - "lastModified": 1768919538, - "narHash": "sha256-w10iy/aqd5LtD78NDWWG+eKGzkb+cGhAAo7PVciLbWE=", + "lastModified": 1770919290, + "narHash": "sha256-iJ9c0ZewfRRYUflaEOj43n5TWaB6Ezygn2UA/ZHGQJA=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "37149a5b77e8fd2b5332e8cec9edf39ca5b8e8bc", + "rev": "0078cf2d5e81eb56a9356d51f2738f7141194de1", "type": "github" }, "original": { From 8f98f7d420f4ee6747d839160b8275d1581c2626 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 12 Feb 2026 18:50:38 -0300 Subject: [PATCH 169/206] nixfmt --- aspects/ai.nix | 20 +- aspects/bluetooth.nix | 13 +- aspects/cli/btop.nix | 23 +- aspects/cli/comma.nix | 16 +- aspects/cli/direnv.nix | 17 +- aspects/cli/helix.nix | 89 +++-- aspects/cli/hm-cli.nix | 19 +- aspects/cli/starship.nix | 77 ++-- aspects/cli/tmux.nix | 23 +- aspects/common/boot.nix | 28 +- aspects/common/console.nix | 12 +- aspects/common/firewall.nix | 12 +- aspects/common/locale.nix | 34 +- aspects/common/nix.nix | 62 +-- aspects/common/openssh.nix | 18 +- aspects/common/services.nix | 14 +- aspects/common/tailscale.nix | 12 +- aspects/constants.nix | 26 +- aspects/desktop/boot.nix | 51 +-- aspects/desktop/desktop.nix | 541 +++++++++++++------------- aspects/desktop/niri.nix | 10 +- aspects/desktop/nix.nix | 25 +- aspects/desktop/services.nix | 27 +- aspects/dev.nix | 37 +- aspects/ephemeral.nix | 23 +- aspects/fwupd.nix | 13 +- aspects/gaming/flatpak.nix | 40 +- aspects/gaming/hardware.nix | 14 +- aspects/gaming/launchers.nix | 16 +- aspects/gaming/mangohud.nix | 72 ++-- aspects/gaming/steam.nix | 22 +- aspects/hosts/_alexandria/unbound.nix | 3 +- aspects/hosts/_trantor/nginx.nix | 4 +- aspects/hosts/alexandria.nix | 1 + aspects/libvirtd.nix | 35 +- aspects/networkmanager.nix | 21 +- aspects/server/boot.nix | 13 +- aspects/server/nix.nix | 25 +- aspects/server/tailscale.nix | 25 +- aspects/shell/bash.nix | 17 +- aspects/shell/fish.nix | 65 ++-- packages/claude-desktop.nix | 3 +- packages/overlays.nix | 19 +- terranix/kernelpanic.space.nix | 9 +- terranix/terminus.nix | 9 +- 45 files changed, 932 insertions(+), 723 deletions(-) diff --git a/aspects/ai.nix b/aspects/ai.nix index 6befeae..f67bbbc 100644 --- a/aspects/ai.nix +++ b/aspects/ai.nix @@ -1,12 +1,14 @@ { ... }: { - flake.modules.nixos.ai = { inputs, pkgs, ... }: { - environment.systemPackages = - (with pkgs; [claude-desktop]) ++ - (with inputs.nix-ai-tools.packages.${pkgs.system}; [ - claude-code - claudebox - opencode - ]); - }; + flake.modules.nixos.ai = + { inputs, pkgs, ... }: + { + environment.systemPackages = + (with pkgs; [ claude-desktop ]) + ++ (with inputs.nix-ai-tools.packages.${pkgs.system}; [ + claude-code + claudebox + opencode + ]); + }; } diff --git a/aspects/bluetooth.nix b/aspects/bluetooth.nix index 222bdf2..2027ac1 100644 --- a/aspects/bluetooth.nix +++ b/aspects/bluetooth.nix @@ -1,6 +1,13 @@ { ... }: { - flake.modules.nixos.bluetooth = { config, lib, pkgs, ... }: { - hardware.bluetooth.enable = true; - }; + flake.modules.nixos.bluetooth = + { + config, + lib, + pkgs, + ... + }: + { + hardware.bluetooth.enable = true; + }; } diff --git a/aspects/cli/btop.nix b/aspects/cli/btop.nix index 09a815e..2b9c3fc 100644 --- a/aspects/cli/btop.nix +++ b/aspects/cli/btop.nix @@ -1,13 +1,20 @@ { ... }: { - flake.modules.homeManager.cli-btop = { config, lib, pkgs, ... }: { - programs.btop = { - enable = true; - settings = { - theme_background = false; - proc_sorting = "cpu direct"; - update_ms = 500; + flake.modules.homeManager.cli-btop = + { + config, + lib, + pkgs, + ... + }: + { + programs.btop = { + enable = true; + settings = { + theme_background = false; + proc_sorting = "cpu direct"; + update_ms = 500; + }; }; }; - }; } diff --git a/aspects/cli/comma.nix b/aspects/cli/comma.nix index b8e6c2a..71ddb9c 100644 --- a/aspects/cli/comma.nix +++ b/aspects/cli/comma.nix @@ -1,8 +1,16 @@ { ... }: { - flake.modules.homeManager.cli-comma = { config, lib, pkgs, inputs, ... }: { - imports = [ inputs.nix-index-database.homeModules.nix-index ]; + flake.modules.homeManager.cli-comma = + { + config, + lib, + pkgs, + inputs, + ... + }: + { + imports = [ inputs.nix-index-database.homeModules.nix-index ]; - programs.nix-index-database.comma.enable = true; - }; + programs.nix-index-database.comma.enable = true; + }; } diff --git a/aspects/cli/direnv.nix b/aspects/cli/direnv.nix index 4399283..60ea7ad 100644 --- a/aspects/cli/direnv.nix +++ b/aspects/cli/direnv.nix @@ -1,9 +1,16 @@ { ... }: { - flake.modules.homeManager.cli-direnv = { config, lib, pkgs, ... }: { - programs.direnv = { - enable = true; - nix-direnv.enable = true; + flake.modules.homeManager.cli-direnv = + { + config, + lib, + pkgs, + ... + }: + { + programs.direnv = { + enable = true; + nix-direnv.enable = true; + }; }; - }; } diff --git a/aspects/cli/helix.nix b/aspects/cli/helix.nix index 1fa2baf..fe0cf74 100644 --- a/aspects/cli/helix.nix +++ b/aspects/cli/helix.nix @@ -1,50 +1,57 @@ { ... }: { - flake.modules.homeManager.cli-helix = { config, lib, pkgs, ... }: { - home.sessionVariables = { - EDITOR = "hx"; - }; + flake.modules.homeManager.cli-helix = + { + config, + lib, + pkgs, + ... + }: + { + home.sessionVariables = { + EDITOR = "hx"; + }; - programs.helix = { - enable = true; - settings = { - editor = { - file-picker.hidden = false; - idle-timeout = 0; - line-number = "relative"; - cursor-shape = { - normal = "underline"; - insert = "bar"; - select = "underline"; + programs.helix = { + enable = true; + settings = { + editor = { + file-picker.hidden = false; + idle-timeout = 0; + line-number = "relative"; + cursor-shape = { + normal = "underline"; + insert = "bar"; + select = "underline"; + }; + soft-wrap.enable = true; + auto-format = true; + indent-guides.render = true; }; - soft-wrap.enable = true; - auto-format = true; - indent-guides.render = true; - }; - keys.normal = { - space = { - o = "file_picker_in_current_buffer_directory"; - esc = [ - "collapse_selection" - "keep_primary_selection" - ]; + keys.normal = { + space = { + o = "file_picker_in_current_buffer_directory"; + esc = [ + "collapse_selection" + "keep_primary_selection" + ]; + }; }; }; - }; - languages = { - language = [ - { - name = "nix"; - auto-format = true; - formatter.command = "nixfmt"; - } - { - name = "typst"; - auto-format = true; - formatter.command = "typstyle -c 1000 -i"; - } - ]; + languages = { + language = [ + { + name = "nix"; + auto-format = true; + formatter.command = "nixfmt"; + } + { + name = "typst"; + auto-format = true; + formatter.command = "typstyle -c 1000 -i"; + } + ]; + }; }; }; - }; } diff --git a/aspects/cli/hm-cli.nix b/aspects/cli/hm-cli.nix index acee59d..7064a3f 100644 --- a/aspects/cli/hm-cli.nix +++ b/aspects/cli/hm-cli.nix @@ -1,11 +1,18 @@ { ... }: { - flake.modules.homeManager.cli-base = { config, lib, pkgs, ... }: { - home = { - packages = with pkgs; [ hm-cli ]; - sessionVariables = { - HM_PATH = "/etc/nixos"; + flake.modules.homeManager.cli-base = + { + config, + lib, + pkgs, + ... + }: + { + home = { + packages = with pkgs; [ hm-cli ]; + sessionVariables = { + HM_PATH = "/etc/nixos"; + }; }; }; - }; } diff --git a/aspects/cli/starship.nix b/aspects/cli/starship.nix index e9884a7..7ba3a54 100644 --- a/aspects/cli/starship.nix +++ b/aspects/cli/starship.nix @@ -1,41 +1,48 @@ { ... }: { - flake.modules.homeManager.cli-starship = { config, lib, pkgs, ... }: { - programs.starship = { - enable = true; - enableBashIntegration = true; - enableFishIntegration = true; - settings = { - add_newline = false; - format = '' - $hostname$directory$git_branch$git_status$nix_shell - [ ❯ ](bold green) - ''; - right_format = "$cmd_duration$character"; - hostname = { - ssh_symbol = "󰖟 "; - }; - character = { - error_symbol = "[](red)"; - success_symbol = "[󱐋](green)"; - }; - cmd_duration = { - format = "[󰄉 $duration ]($style)"; - style = "yellow"; - min_time = 500; - }; - git_branch = { - symbol = " "; - style = "purple"; - }; - git_status.style = "red"; - nix_shell = { - format = "via [$symbol$state]($style)"; - heuristic = true; - style = "blue"; - symbol = "󱄅 "; + flake.modules.homeManager.cli-starship = + { + config, + lib, + pkgs, + ... + }: + { + programs.starship = { + enable = true; + enableBashIntegration = true; + enableFishIntegration = true; + settings = { + add_newline = false; + format = '' + $hostname$directory$git_branch$git_status$nix_shell + [ ❯ ](bold green) + ''; + right_format = "$cmd_duration$character"; + hostname = { + ssh_symbol = "󰖟 "; + }; + character = { + error_symbol = "[](red)"; + success_symbol = "[󱐋](green)"; + }; + cmd_duration = { + format = "[󰄉 $duration ]($style)"; + style = "yellow"; + min_time = 500; + }; + git_branch = { + symbol = " "; + style = "purple"; + }; + git_status.style = "red"; + nix_shell = { + format = "via [$symbol$state]($style)"; + heuristic = true; + style = "blue"; + symbol = "󱄅 "; + }; }; }; }; - }; } diff --git a/aspects/cli/tmux.nix b/aspects/cli/tmux.nix index 078a6aa..1238501 100644 --- a/aspects/cli/tmux.nix +++ b/aspects/cli/tmux.nix @@ -1,12 +1,19 @@ { ... }: { - flake.modules.homeManager.cli-tmux = { config, lib, pkgs, ... }: { - programs.tmux = { - enable = true; - clock24 = true; - terminal = "xterm-256color"; - mouse = true; - keyMode = "vi"; + flake.modules.homeManager.cli-tmux = + { + config, + lib, + pkgs, + ... + }: + { + programs.tmux = { + enable = true; + clock24 = true; + terminal = "xterm-256color"; + mouse = true; + keyMode = "vi"; + }; }; - }; } diff --git a/aspects/common/boot.nix b/aspects/common/boot.nix index 109d6f2..b74b68c 100644 --- a/aspects/common/boot.nix +++ b/aspects/common/boot.nix @@ -1,21 +1,23 @@ { ... }: { - flake.modules.nixos.common-boot = { pkgs, ... }: { - boot = { - loader = { - timeout = 1; - efi.canTouchEfiVariables = true; - systemd-boot = { - enable = true; - editor = false; - consoleMode = "max"; - sortKey = "aa"; - netbootxyz = { + flake.modules.nixos.common-boot = + { pkgs, ... }: + { + boot = { + loader = { + timeout = 1; + efi.canTouchEfiVariables = true; + systemd-boot = { enable = true; - sortKey = "zz"; + editor = false; + consoleMode = "max"; + sortKey = "aa"; + netbootxyz = { + enable = true; + sortKey = "zz"; + }; }; }; }; }; - }; } diff --git a/aspects/common/console.nix b/aspects/common/console.nix index 6f6be9f..128b914 100644 --- a/aspects/common/console.nix +++ b/aspects/common/console.nix @@ -1,9 +1,11 @@ { ... }: { - flake.modules.nixos.common-console = { ... }: { - console = { - useXkbConfig = true; - earlySetup = true; + flake.modules.nixos.common-console = + { ... }: + { + console = { + useXkbConfig = true; + earlySetup = true; + }; }; - }; } diff --git a/aspects/common/firewall.nix b/aspects/common/firewall.nix index af1a8f7..0e5297d 100644 --- a/aspects/common/firewall.nix +++ b/aspects/common/firewall.nix @@ -1,9 +1,11 @@ { ... }: { - flake.modules.nixos.common-firewall = { ... }: { - networking = { - firewall.enable = true; - nftables.enable = true; + flake.modules.nixos.common-firewall = + { ... }: + { + networking = { + firewall.enable = true; + nftables.enable = true; + }; }; - }; } diff --git a/aspects/common/locale.nix b/aspects/common/locale.nix index 2b91759..a6b5754 100644 --- a/aspects/common/locale.nix +++ b/aspects/common/locale.nix @@ -1,22 +1,24 @@ { ... }: { - flake.modules.nixos.common-locale = { ... }: { - time.timeZone = "America/Bahia"; + flake.modules.nixos.common-locale = + { ... }: + { + time.timeZone = "America/Bahia"; - i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocaleSettings = { - LC_ADDRESS = "pt_BR.utf8"; - LC_COLLATE = "pt_BR.utf8"; - LC_IDENTIFICATION = "pt_BR.utf8"; - LC_MEASUREMENT = "pt_BR.utf8"; - LC_MONETARY = "pt_BR.utf8"; - LC_NAME = "pt_BR.utf8"; - LC_NUMERIC = "pt_BR.utf8"; - LC_PAPER = "pt_BR.utf8"; - LC_TELEPHONE = "pt_BR.utf8"; - LC_TIME = "en_IE.utf8"; + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocaleSettings = { + LC_ADDRESS = "pt_BR.utf8"; + LC_COLLATE = "pt_BR.utf8"; + LC_IDENTIFICATION = "pt_BR.utf8"; + LC_MEASUREMENT = "pt_BR.utf8"; + LC_MONETARY = "pt_BR.utf8"; + LC_NAME = "pt_BR.utf8"; + LC_NUMERIC = "pt_BR.utf8"; + LC_PAPER = "pt_BR.utf8"; + LC_TELEPHONE = "pt_BR.utf8"; + LC_TIME = "en_IE.utf8"; + }; }; }; - }; } diff --git a/aspects/common/nix.nix b/aspects/common/nix.nix index 414c315..cd76f62 100644 --- a/aspects/common/nix.nix +++ b/aspects/common/nix.nix @@ -1,39 +1,41 @@ { ... }: { - flake.modules.nixos.common-nix = { inputs, ... }: { - imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; + flake.modules.nixos.common-nix = + { inputs, ... }: + { + imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; - nix = { - settings = { - auto-optimise-store = true; - connect-timeout = 10; - log-lines = 25; - min-free = 128000000; - max-free = 1000000000; - trusted-users = [ "@wheel" ]; + nix = { + settings = { + auto-optimise-store = true; + connect-timeout = 10; + log-lines = 25; + min-free = 128000000; + max-free = 1000000000; + trusted-users = [ "@wheel" ]; + }; + extraOptions = "experimental-features = nix-command flakes"; + gc = { + automatic = true; + options = "--delete-older-than 8d"; + }; }; - extraOptions = "experimental-features = nix-command flakes"; - gc = { - automatic = true; - options = "--delete-older-than 8d"; + + nixpkgs.config = { + allowUnfree = true; + enableParallelBuilding = true; + buildManPages = false; + buildDocs = false; }; - }; - nixpkgs.config = { - allowUnfree = true; - enableParallelBuilding = true; - buildManPages = false; - buildDocs = false; - }; - - services.nixos-cli = { - enable = true; - config = { - use_nvd = true; - ignore_dirty_tree = true; + services.nixos-cli = { + enable = true; + config = { + use_nvd = true; + ignore_dirty_tree = true; + }; }; - }; - system.stateVersion = "22.11"; - }; + system.stateVersion = "22.11"; + }; } diff --git a/aspects/common/openssh.nix b/aspects/common/openssh.nix index c515d81..b8179f2 100644 --- a/aspects/common/openssh.nix +++ b/aspects/common/openssh.nix @@ -1,12 +1,14 @@ { ... }: { - flake.modules.nixos.common-openssh = { ... }: { - services.openssh = { - enable = true; - settings.PermitRootLogin = "no"; - extraConfig = '' - PrintLastLog no - ''; + flake.modules.nixos.common-openssh = + { ... }: + { + services.openssh = { + enable = true; + settings.PermitRootLogin = "no"; + extraConfig = '' + PrintLastLog no + ''; + }; }; - }; } diff --git a/aspects/common/services.nix b/aspects/common/services.nix index befdbb9..e05dcf0 100644 --- a/aspects/common/services.nix +++ b/aspects/common/services.nix @@ -1,10 +1,12 @@ { ... }: { - flake.modules.nixos.common-services = { ... }: { - services = { - dbus.implementation = "broker"; - irqbalance.enable = true; - fstrim.enable = true; + flake.modules.nixos.common-services = + { ... }: + { + services = { + dbus.implementation = "broker"; + irqbalance.enable = true; + fstrim.enable = true; + }; }; - }; } diff --git a/aspects/common/tailscale.nix b/aspects/common/tailscale.nix index 13eb82a..74381ac 100644 --- a/aspects/common/tailscale.nix +++ b/aspects/common/tailscale.nix @@ -1,9 +1,11 @@ { ... }: { - flake.modules.nixos.common-tailscale = { ... }: { - services.tailscale = { - enable = true; - extraUpFlags = [ "--operator=user" ]; + flake.modules.nixos.common-tailscale = + { ... }: + { + services.tailscale = { + enable = true; + extraUpFlags = [ "--operator=user" ]; + }; }; - }; } diff --git a/aspects/constants.nix b/aspects/constants.nix index 2d980e1..7d77098 100644 --- a/aspects/constants.nix +++ b/aspects/constants.nix @@ -54,12 +54,15 @@ let sharedData = import ../data/services.nix; # Enrich services with host IP information - enrichServices = hosts: services: - map (svc: + enrichServices = + hosts: services: + map ( + svc: let - hostInfo = hosts.${svc.host} or {}; + hostInfo = hosts.${svc.host} or { }; in - svc // { + svc + // { lanIP = hostInfo.lanIP or null; tailscaleIP = hostInfo.tailscaleIP or null; } @@ -70,19 +73,19 @@ in options.flake = { hosts = lib.mkOption { type = lib.types.attrsOf hostType; - default = {}; + default = { }; description = "Host definitions with IP addresses"; }; services = lib.mkOption { type = lib.types.listOf serviceType; - default = []; + default = [ ]; description = "Service definitions with enriched host information"; }; lib = lib.mkOption { type = lib.types.attrsOf lib.types.raw; - default = {}; + default = { }; description = "Utility functions for flake configuration"; }; }; @@ -94,9 +97,11 @@ in lib = { # Nginx virtual host utilities - mkNginxVHosts = { domains }: + mkNginxVHosts = + { domains }: let - mkVHostConfig = domain: vhostConfig: + mkVHostConfig = + domain: vhostConfig: lib.recursiveUpdate { useACMEHost = domain; forceSSL = true; @@ -107,7 +112,8 @@ in # Split DNS utilities for unbound # Generates unbound view config from a list of DNS entries - mkSplitDNS = entries: + mkSplitDNS = + entries: let tailscaleData = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') entries; lanData = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') entries; diff --git a/aspects/desktop/boot.nix b/aspects/desktop/boot.nix index 48f879d..cd0fa9c 100644 --- a/aspects/desktop/boot.nix +++ b/aspects/desktop/boot.nix @@ -1,27 +1,34 @@ { ... }: { - flake.modules.nixos.desktop-boot = { config, lib, pkgs, ... }: { - boot = { - plymouth.enable = true; - initrd.systemd.enable = true; - loader.efi.efiSysMountPoint = "/boot/efi"; - kernelPackages = pkgs.linuxPackages_xanmod_latest; - extraModprobeConfig = '' - options bluetooth disable_ertm=1 - ''; - kernel.sysctl = { - "net.ipv4.tcp_mtu_probing" = 1; + flake.modules.nixos.desktop-boot = + { + config, + lib, + pkgs, + ... + }: + { + boot = { + plymouth.enable = true; + initrd.systemd.enable = true; + loader.efi.efiSysMountPoint = "/boot/efi"; + kernelPackages = pkgs.linuxPackages_xanmod_latest; + extraModprobeConfig = '' + options bluetooth disable_ertm=1 + ''; + kernel.sysctl = { + "net.ipv4.tcp_mtu_probing" = 1; + }; + kernelParams = [ + "quiet" + "splash" + "i2c-dev" + "i2c-piix4" + "loglevel=3" + "udev.log_priority=3" + "rd.udev.log_level=3" + "rd.systemd.show_status=false" + ]; }; - kernelParams = [ - "quiet" - "splash" - "i2c-dev" - "i2c-piix4" - "loglevel=3" - "udev.log_priority=3" - "rd.udev.log_level=3" - "rd.systemd.show_status=false" - ]; }; - }; } diff --git a/aspects/desktop/desktop.nix b/aspects/desktop/desktop.nix index f2298e7..fb54f55 100644 --- a/aspects/desktop/desktop.nix +++ b/aspects/desktop/desktop.nix @@ -4,289 +4,304 @@ }: { flake.modules = { - nixos.desktop-desktop = { config, lib, pkgs, ... }: { - imports = [ - inputs.niri-flake.nixosModules.niri - inputs.nix-flatpak.nixosModules.nix-flatpak - ]; - - environment = { - sessionVariables = { - KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir - NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland - }; - systemPackages = with pkgs; [ - ### Web ### - bitwarden-desktop - fragments - nextcloud-client - tor-browser - vesktop - inputs.zen-browser.packages."${system}".default - ### Office & Productivity ### - aspell - aspellDicts.de - aspellDicts.en - aspellDicts.en-computers - aspellDicts.pt_BR - papers - presenterm - rnote - ### Graphics & Design ### - gimp - inkscape - plasticity - ### System Utilities ### - adwaita-icon-theme - ghostty - gnome-disk-utility - junction - libfido2 - mission-center - nautilus - p7zip - rclone - toggleaudiosink - unrar - ### Media ### - decibels - loupe - obs-studio - showtime + nixos.desktop-desktop = + { + config, + lib, + pkgs, + ... + }: + { + imports = [ + inputs.niri-flake.nixosModules.niri + inputs.nix-flatpak.nixosModules.nix-flatpak ]; - }; - services = { - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - wireplumber.enable = true; - }; - greetd = { - enable = true; - settings = { - default_session = { - command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; - user = "greeter"; - }; - } - // lib.optionalAttrs (config.networking.hostName == "io") { - initial_session = { - command = "${config.programs.niri.package}/bin/niri-session"; - user = "user"; - }; + environment = { + sessionVariables = { + KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir + NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland }; - }; - flatpak = { - enable = true; - packages = [ + systemPackages = with pkgs; [ + ### Web ### + bitwarden-desktop + fragments + nextcloud-client + tor-browser + vesktop + inputs.zen-browser.packages."${system}".default ### Office & Productivity ### - "com.collabora.Office" + aspell + aspellDicts.de + aspellDicts.en + aspellDicts.en-computers + aspellDicts.pt_BR + papers + presenterm + rnote ### Graphics & Design ### - "com.boxy_svg.BoxySVG" - rec { - appId = "io.github.softfever.OrcaSlicer"; - sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; - bundle = "${pkgs.fetchurl { - url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; - inherit sha256; - }}"; - } + gimp + inkscape + plasticity ### System Utilities ### - "com.github.tchx84.Flatseal" - "com.rustdesk.RustDesk" - ]; - uninstallUnmanaged = true; - update.auto.enable = true; - }; - gvfs.enable = true; - }; - - security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority - - users = { - users.greeter = { - isSystemUser = true; - group = "greeter"; - }; - groups.greeter = { }; - }; - - programs = { - niri = { - enable = true; - package = inputs.niri.packages.${pkgs.system}.niri; - }; - kdeconnect = { - enable = true; - package = pkgs.valent; - }; - dconf.enable = true; - appimage = { - enable = true; - binfmt = true; - }; - }; - - niri-flake.cache.enable = false; - - fonts = { - fontDir.enable = true; - packages = with pkgs; [ - corefonts - inter - nerd-fonts.fira-code - noto-fonts-cjk-sans - noto-fonts-color-emoji - roboto - ]; - }; - - xdg.portal = { - extraPortals = with pkgs; [ - xdg-desktop-portal-gnome - xdg-desktop-portal-gtk - ]; - config = { - common.default = "*"; - niri.default = [ - "gtk" - "gnome" + adwaita-icon-theme + ghostty + gnome-disk-utility + junction + libfido2 + mission-center + nautilus + p7zip + rclone + toggleaudiosink + unrar + ### Media ### + decibels + loupe + obs-studio + showtime ]; }; - }; - }; - homeManager.desktop-desktop = { config, lib, pkgs, inputs, ... }: { - imports = [ inputs.vicinae.homeManagerModules.default ]; - - fonts.fontconfig.enable = true; - - home.packages = with pkgs; [ xwayland-satellite ]; - - services.vicinae = { - enable = true; - systemd = { - enable = true; - autoStart = true; + services = { + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + wireplumber.enable = true; + }; + greetd = { + enable = true; + settings = { + default_session = { + command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; + user = "greeter"; + }; + } + // lib.optionalAttrs (config.networking.hostName == "io") { + initial_session = { + command = "${config.programs.niri.package}/bin/niri-session"; + user = "user"; + }; + }; + }; + flatpak = { + enable = true; + packages = [ + ### Office & Productivity ### + "com.collabora.Office" + ### Graphics & Design ### + "com.boxy_svg.BoxySVG" + rec { + appId = "io.github.softfever.OrcaSlicer"; + sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; + bundle = "${pkgs.fetchurl { + url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; + inherit sha256; + }}"; + } + ### System Utilities ### + "com.github.tchx84.Flatseal" + "com.rustdesk.RustDesk" + ]; + uninstallUnmanaged = true; + update.auto.enable = true; + }; + gvfs.enable = true; }; - }; - programs = { - ghostty = { - enable = true; - settings = { - cursor-style = "block"; - shell-integration-features = "no-cursor"; - cursor-style-blink = false; - custom-shader = "${builtins.fetchurl { - url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; - sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; - }}"; - bell-features = ""; - gtk-titlebar-style = "tabs"; - keybind = [ "shift+enter=text:\\x1b\\r" ]; + security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority + + users = { + users.greeter = { + isSystemUser = true; + group = "greeter"; + }; + groups.greeter = { }; + }; + + programs = { + niri = { + enable = true; + package = inputs.niri.packages.${pkgs.system}.niri; + }; + kdeconnect = { + enable = true; + package = pkgs.valent; + }; + dconf.enable = true; + appimage = { + enable = true; + binfmt = true; }; }; - password-store = { - enable = true; - package = pkgs.pass-wayland; - }; - }; + niri-flake.cache.enable = false; - xdg = { - enable = true; - userDirs.enable = true; - mimeApps = { - enable = true; - defaultApplications = { - "text/html" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" + fonts = { + fontDir.enable = true; + packages = with pkgs; [ + corefonts + inter + nerd-fonts.fira-code + noto-fonts-cjk-sans + noto-fonts-color-emoji + roboto + ]; + }; + + xdg.portal = { + extraPortals = with pkgs; [ + xdg-desktop-portal-gnome + xdg-desktop-portal-gtk + ]; + config = { + common.default = "*"; + niri.default = [ + "gtk" + "gnome" ]; - "x-scheme-handler/http" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/https" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/about" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/unknown" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "image/jpeg" = "org.gnome.Loupe.desktop"; - "image/png" = "org.gnome.Loupe.desktop"; - "image/gif" = "org.gnome.Loupe.desktop"; - "image/webp" = "org.gnome.Loupe.desktop"; - "image/bmp" = "org.gnome.Loupe.desktop"; - "image/svg+xml" = "org.gnome.Loupe.desktop"; - "image/tiff" = "org.gnome.Loupe.desktop"; - "video/mp4" = "io.bassi.Showtime.desktop"; - "video/x-matroska" = "io.bassi.Showtime.desktop"; - "video/webm" = "io.bassi.Showtime.desktop"; - "video/mpeg" = "io.bassi.Showtime.desktop"; - "video/x-msvideo" = "io.bassi.Showtime.desktop"; - "video/quicktime" = "io.bassi.Showtime.desktop"; - "video/x-flv" = "io.bassi.Showtime.desktop"; - "audio/mpeg" = "io.bassi.Showtime.desktop"; - "audio/flac" = "io.bassi.Showtime.desktop"; - "audio/ogg" = "io.bassi.Showtime.desktop"; - "audio/wav" = "io.bassi.Showtime.desktop"; - "audio/mp4" = "io.bassi.Showtime.desktop"; - "audio/x-opus+ogg" = "io.bassi.Showtime.desktop"; - "application/pdf" = [ - "org.gnome.Papers.desktop" - "zen-browser.desktop" - ]; - "text/plain" = "Helix.desktop"; - "text/markdown" = "Helix.desktop"; - "text/x-log" = "Helix.desktop"; - "application/x-shellscript" = "Helix.desktop"; - "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = - "com.collabora.Office.desktop"; # DOCX - "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = - "com.collabora.Office.desktop"; # XLSX - "application/vnd.openxmlformats-officedocument.presentationml.presentation" = - "com.collabora.Office.desktop"; # PPTX - "application/vnd.oasis.opendocument.text" = "com.collabora.Office.desktop"; # ODT - "application/vnd.oasis.opendocument.spreadsheet" = "com.collabora.Office.desktop"; # ODS - "application/vnd.oasis.opendocument.presentation" = "com.collabora.Office.desktop"; # ODP - "application/msword" = "com.collabora.Office.desktop"; # DOC - "application/vnd.ms-excel" = "com.collabora.Office.desktop"; # XLS - "application/vnd.ms-powerpoint" = "com.collabora.Office.desktop"; # PPT - "application/zip" = "org.gnome.FileRoller.desktop"; - "application/x-tar" = "org.gnome.FileRoller.desktop"; - "application/x-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-bzip-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-xz-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-7z-compressed" = "org.gnome.FileRoller.desktop"; - "application/x-rar" = "org.gnome.FileRoller.desktop"; - "application/gzip" = "org.gnome.FileRoller.desktop"; - "application/x-bzip" = "org.gnome.FileRoller.desktop"; - "inode/directory" = "org.gnome.Nautilus.desktop"; }; }; }; - # Set Ghostty as default terminal - home.sessionVariables = { - TERMINAL = "ghostty"; + homeManager.desktop-desktop = + { + config, + lib, + pkgs, + inputs, + ... + }: + { + imports = [ inputs.vicinae.homeManagerModules.default ]; + + fonts.fontconfig.enable = true; + + home.packages = with pkgs; [ xwayland-satellite ]; + + services.vicinae = { + enable = true; + systemd = { + enable = true; + autoStart = true; + }; + }; + + programs = { + ghostty = { + enable = true; + settings = { + cursor-style = "block"; + shell-integration-features = "no-cursor"; + cursor-style-blink = false; + custom-shader = "${builtins.fetchurl { + url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; + sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; + }}"; + bell-features = ""; + gtk-titlebar-style = "tabs"; + keybind = [ "shift+enter=text:\\x1b\\r" ]; + }; + }; + + password-store = { + enable = true; + package = pkgs.pass-wayland; + }; + }; + + xdg = { + enable = true; + userDirs.enable = true; + mimeApps = { + enable = true; + defaultApplications = { + "text/html" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/http" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/https" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/about" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/unknown" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "image/jpeg" = "org.gnome.Loupe.desktop"; + "image/png" = "org.gnome.Loupe.desktop"; + "image/gif" = "org.gnome.Loupe.desktop"; + "image/webp" = "org.gnome.Loupe.desktop"; + "image/bmp" = "org.gnome.Loupe.desktop"; + "image/svg+xml" = "org.gnome.Loupe.desktop"; + "image/tiff" = "org.gnome.Loupe.desktop"; + "video/mp4" = "io.bassi.Showtime.desktop"; + "video/x-matroska" = "io.bassi.Showtime.desktop"; + "video/webm" = "io.bassi.Showtime.desktop"; + "video/mpeg" = "io.bassi.Showtime.desktop"; + "video/x-msvideo" = "io.bassi.Showtime.desktop"; + "video/quicktime" = "io.bassi.Showtime.desktop"; + "video/x-flv" = "io.bassi.Showtime.desktop"; + "audio/mpeg" = "io.bassi.Showtime.desktop"; + "audio/flac" = "io.bassi.Showtime.desktop"; + "audio/ogg" = "io.bassi.Showtime.desktop"; + "audio/wav" = "io.bassi.Showtime.desktop"; + "audio/mp4" = "io.bassi.Showtime.desktop"; + "audio/x-opus+ogg" = "io.bassi.Showtime.desktop"; + "application/pdf" = [ + "org.gnome.Papers.desktop" + "zen-browser.desktop" + ]; + "text/plain" = "Helix.desktop"; + "text/markdown" = "Helix.desktop"; + "text/x-log" = "Helix.desktop"; + "application/x-shellscript" = "Helix.desktop"; + "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = + "com.collabora.Office.desktop"; # DOCX + "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = + "com.collabora.Office.desktop"; # XLSX + "application/vnd.openxmlformats-officedocument.presentationml.presentation" = + "com.collabora.Office.desktop"; # PPTX + "application/vnd.oasis.opendocument.text" = "com.collabora.Office.desktop"; # ODT + "application/vnd.oasis.opendocument.spreadsheet" = "com.collabora.Office.desktop"; # ODS + "application/vnd.oasis.opendocument.presentation" = "com.collabora.Office.desktop"; # ODP + "application/msword" = "com.collabora.Office.desktop"; # DOC + "application/vnd.ms-excel" = "com.collabora.Office.desktop"; # XLS + "application/vnd.ms-powerpoint" = "com.collabora.Office.desktop"; # PPT + "application/zip" = "org.gnome.FileRoller.desktop"; + "application/x-tar" = "org.gnome.FileRoller.desktop"; + "application/x-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-bzip-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-xz-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-7z-compressed" = "org.gnome.FileRoller.desktop"; + "application/x-rar" = "org.gnome.FileRoller.desktop"; + "application/gzip" = "org.gnome.FileRoller.desktop"; + "application/x-bzip" = "org.gnome.FileRoller.desktop"; + "inode/directory" = "org.gnome.Nautilus.desktop"; + }; + }; + }; + + # Set Ghostty as default terminal + home.sessionVariables = { + TERMINAL = "ghostty"; + }; }; - }; }; } diff --git a/aspects/desktop/niri.nix b/aspects/desktop/niri.nix index 6458ab0..cdd02ac 100644 --- a/aspects/desktop/niri.nix +++ b/aspects/desktop/niri.nix @@ -1,6 +1,14 @@ { ... }: { - flake.modules.homeManager.desktop-niri = { config, lib, pkgs, inputs, hostname ? null, ... }: + flake.modules.homeManager.desktop-niri = + { + config, + lib, + pkgs, + inputs, + hostname ? null, + ... + }: let isRotterdam = hostname == "rotterdam"; in diff --git a/aspects/desktop/nix.nix b/aspects/desktop/nix.nix index a3aa421..3a9e71e 100644 --- a/aspects/desktop/nix.nix +++ b/aspects/desktop/nix.nix @@ -1,14 +1,21 @@ { inputs, ... }: { - flake.modules.nixos.desktop-nix = { config, lib, pkgs, ... }: { - environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; + flake.modules.nixos.desktop-nix = + { + config, + lib, + pkgs, + ... + }: + { + environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; - nix = { - registry.nixpkgs.flake = inputs.nixpkgs; - nixPath = [ - "nixpkgs=${inputs.nixpkgs}" - "/nix/var/nix/profiles/per-user/root/channels" - ]; + nix = { + registry.nixpkgs.flake = inputs.nixpkgs; + nixPath = [ + "nixpkgs=${inputs.nixpkgs}" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; }; - }; } diff --git a/aspects/desktop/services.nix b/aspects/desktop/services.nix index 8ebbb6b..eb9482a 100644 --- a/aspects/desktop/services.nix +++ b/aspects/desktop/services.nix @@ -1,16 +1,23 @@ { ... }: { - flake.modules.nixos.desktop-services = { config, lib, pkgs, ... }: { - services = { - printing.enable = true; - udev.packages = with pkgs; [ yubikey-personalization ]; - keyd = { - enable = true; - keyboards.all = { - ids = [ "*" ]; - settings.main.capslock = "overload(meta, esc)"; + flake.modules.nixos.desktop-services = + { + config, + lib, + pkgs, + ... + }: + { + services = { + printing.enable = true; + udev.packages = with pkgs; [ yubikey-personalization ]; + keyd = { + enable = true; + keyboards.all = { + ids = [ "*" ]; + settings.main.capslock = "overload(meta, esc)"; + }; }; }; }; - }; } diff --git a/aspects/dev.nix b/aspects/dev.nix index cc84646..89a1026 100644 --- a/aspects/dev.nix +++ b/aspects/dev.nix @@ -1,19 +1,26 @@ { ... }: { - flake.modules.nixos.dev = { config, lib, pkgs, ... }: { - environment.systemPackages = with pkgs; [ - android-tools - bat - lazygit - fd - fzf - glow - nixfmt - nix-init - nix-output-monitor - ripgrep - ]; + flake.modules.nixos.dev = + { + config, + lib, + pkgs, + ... + }: + { + environment.systemPackages = with pkgs; [ + android-tools + bat + lazygit + fd + fzf + glow + nixfmt + nix-init + nix-output-monitor + ripgrep + ]; - users.users.user.extraGroups = [ "adbusers" ]; - }; + users.users.user.extraGroups = [ "adbusers" ]; + }; } diff --git a/aspects/ephemeral.nix b/aspects/ephemeral.nix index 724f931..90c03c6 100644 --- a/aspects/ephemeral.nix +++ b/aspects/ephemeral.nix @@ -3,7 +3,8 @@ { inputs, ... }: { # Base module with options (for external flakes or direct use) - flake.modules.nixos.ephemeral = { lib, config, ... }: + flake.modules.nixos.ephemeral = + { lib, config, ... }: let cfg = config.ephemeral; in @@ -89,18 +90,19 @@ # Factory function that generates configured modules flake.factory.ephemeral = - { rootDevice - , rootSubvolume ? "@root" - , retentionDays ? 30 - , persistentStoragePath ? "/persistent" - , persistentFiles ? [ + { + rootDevice, + rootSubvolume ? "@root", + retentionDays ? 30, + persistentStoragePath ? "/persistent", + persistentFiles ? [ "/etc/machine-id" "/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_ed25519_key.pub" "/etc/ssh/ssh_host_rsa_key" "/etc/ssh/ssh_host_rsa_key.pub" - ] - , persistentDirectories ? [ + ], + persistentDirectories ? [ "/etc/NetworkManager/system-connections" "/etc/nixos" "/var/lib/bluetooth" @@ -111,9 +113,10 @@ "/var/lib/systemd/timers" "/var/lib/tailscale" "/var/log" - ] + ], }: - { ... }: { + { ... }: + { imports = [ inputs.impermanence.nixosModules.impermanence inputs.self.modules.nixos.ephemeral diff --git a/aspects/fwupd.nix b/aspects/fwupd.nix index 746f1d0..217f1eb 100644 --- a/aspects/fwupd.nix +++ b/aspects/fwupd.nix @@ -1,6 +1,13 @@ { ... }: { - flake.modules.nixos.fwupd = { config, lib, pkgs, ... }: { - services.fwupd.enable = true; - }; + flake.modules.nixos.fwupd = + { + config, + lib, + pkgs, + ... + }: + { + services.fwupd.enable = true; + }; } diff --git a/aspects/gaming/flatpak.nix b/aspects/gaming/flatpak.nix index ad50c7c..cc4d0ee 100644 --- a/aspects/gaming/flatpak.nix +++ b/aspects/gaming/flatpak.nix @@ -1,23 +1,25 @@ { ... }: { - flake.modules.nixos.gaming-flatpak = { pkgs, ... }: { - services.flatpak.packages = [ - "com.github.k4zmu2a.spacecadetpinball" - "com.steamgriddb.SGDBoop" - "io.github.Foldex.AdwSteamGtk" - "io.itch.itch" - "io.mrarm.mcpelauncher" - "net.retrodeck.retrodeck" - "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08" - rec { - appId = "com.hypixel.HytaleLauncher"; - sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv"; - bundle = "${pkgs.fetchurl { - url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak"; - inherit sha256; - }}"; - } - ]; - }; + flake.modules.nixos.gaming-flatpak = + { pkgs, ... }: + { + services.flatpak.packages = [ + "com.github.k4zmu2a.spacecadetpinball" + "com.steamgriddb.SGDBoop" + "io.github.Foldex.AdwSteamGtk" + "io.itch.itch" + "io.mrarm.mcpelauncher" + "net.retrodeck.retrodeck" + "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08" + rec { + appId = "com.hypixel.HytaleLauncher"; + sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv"; + bundle = "${pkgs.fetchurl { + url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak"; + inherit sha256; + }}"; + } + ]; + }; } diff --git a/aspects/gaming/hardware.nix b/aspects/gaming/hardware.nix index f1bd75b..e3b5c4b 100644 --- a/aspects/gaming/hardware.nix +++ b/aspects/gaming/hardware.nix @@ -1,11 +1,13 @@ { ... }: { - flake.modules.nixos.gaming-hardware = { ... }: { - hardware = { - xpadneo.enable = true; - steam-hardware.enable = true; # Allow steam client to manage controllers - graphics.enable32Bit = true; # For OpenGL games + flake.modules.nixos.gaming-hardware = + { ... }: + { + hardware = { + xpadneo.enable = true; + steam-hardware.enable = true; # Allow steam client to manage controllers + graphics.enable32Bit = true; # For OpenGL games + }; }; - }; } diff --git a/aspects/gaming/launchers.nix b/aspects/gaming/launchers.nix index 5684f9f..1fd3bb4 100644 --- a/aspects/gaming/launchers.nix +++ b/aspects/gaming/launchers.nix @@ -1,11 +1,13 @@ { ... }: { - flake.modules.nixos.gaming-launchers = { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - clonehero - heroic - prismlauncher - ]; - }; + flake.modules.nixos.gaming-launchers = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + clonehero + heroic + prismlauncher + ]; + }; } diff --git a/aspects/gaming/mangohud.nix b/aspects/gaming/mangohud.nix index 7f83644..2856b8f 100644 --- a/aspects/gaming/mangohud.nix +++ b/aspects/gaming/mangohud.nix @@ -2,42 +2,46 @@ { flake.modules = { - nixos.gaming-mangohud = { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - mangohud - ]; - }; + nixos.gaming-mangohud = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + mangohud + ]; + }; - homeManager.gaming-mangohud = { config, ... }: { - programs.mangohud = { - enable = true; - enableSessionWide = true; - settings = { - position = "top-left"; - fps = true; - frametime = false; - frame_timing = false; - gpu_stats = true; - gpu_temp = true; - gpu_power = true; - cpu_stats = true; - cpu_temp = true; - cpu_power = true; - ram = true; - vram = true; - gamemode = false; - vkbasalt = false; - version = false; - engine_version = false; - vulkan_driver = false; - wine = false; - time = false; - fps_sampling_period = 500; - toggle_hud = "Shift_L+F12"; - toggle_logging = "Ctrl_L+F2"; - output_folder = "${config.home.homeDirectory}/.local/share/mangohud"; + homeManager.gaming-mangohud = + { config, ... }: + { + programs.mangohud = { + enable = true; + enableSessionWide = true; + settings = { + position = "top-left"; + fps = true; + frametime = false; + frame_timing = false; + gpu_stats = true; + gpu_temp = true; + gpu_power = true; + cpu_stats = true; + cpu_temp = true; + cpu_power = true; + ram = true; + vram = true; + gamemode = false; + vkbasalt = false; + version = false; + engine_version = false; + vulkan_driver = false; + wine = false; + time = false; + fps_sampling_period = 500; + toggle_hud = "Shift_L+F12"; + toggle_logging = "Ctrl_L+F2"; + output_folder = "${config.home.homeDirectory}/.local/share/mangohud"; + }; }; }; - }; }; } diff --git a/aspects/gaming/steam.nix b/aspects/gaming/steam.nix index e0ab9a8..530c99b 100644 --- a/aspects/gaming/steam.nix +++ b/aspects/gaming/steam.nix @@ -1,17 +1,19 @@ { ... }: { - flake.modules.nixos.gaming-steam = { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - steam-run - ]; + flake.modules.nixos.gaming-steam = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + steam-run + ]; - programs = { - steam = { - enable = true; - extraCompatPackages = [ pkgs.proton-ge-bin ]; + programs = { + steam = { + enable = true; + extraCompatPackages = [ pkgs.proton-ge-bin ]; + }; + gamemode.enable = true; }; - gamemode.enable = true; }; - }; } diff --git a/aspects/hosts/_alexandria/unbound.nix b/aspects/hosts/_alexandria/unbound.nix index 07c8850..8aedc37 100644 --- a/aspects/hosts/_alexandria/unbound.nix +++ b/aspects/hosts/_alexandria/unbound.nix @@ -34,8 +34,7 @@ in # LAN-only DNS records local-zone = ''"baduhai.dev." transparent''; - local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') - (lib.filter (e: e.lanIP != null) services); + local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') (lib.filter (e: e.lanIP != null) services); }; forward-zone = [ diff --git a/aspects/hosts/_trantor/nginx.nix b/aspects/hosts/_trantor/nginx.nix index 5522e24..899666e 100644 --- a/aspects/hosts/_trantor/nginx.nix +++ b/aspects/hosts/_trantor/nginx.nix @@ -9,9 +9,7 @@ let services = inputs.self.services; # Get all unique domains from shared services on trantor (host = "trantor") - localDomains = lib.unique ( - map (s: s.domain) (lib.filter (s: s.host == "trantor") services) - ); + localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "trantor") services)); # Generate ACME cert configs for all local domains acmeCerts = lib.genAttrs localDomains (domain: { diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index 28c333e..aacf3b0 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -1,4 +1,5 @@ { inputs, self, ... }: + { flake.nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { system = "x86_64-linux"; diff --git a/aspects/libvirtd.nix b/aspects/libvirtd.nix index 6487999..1135306 100644 --- a/aspects/libvirtd.nix +++ b/aspects/libvirtd.nix @@ -1,18 +1,25 @@ { ... }: { - flake.modules.nixos.libvirtd = { config, lib, pkgs, ... }: { - virtualisation = { - libvirtd.enable = true; - spiceUSBRedirection.enable = true; + flake.modules.nixos.libvirtd = + { + config, + lib, + pkgs, + ... + }: + { + virtualisation = { + libvirtd.enable = true; + spiceUSBRedirection.enable = true; + }; + + programs.virt-manager.enable = true; + + networking.firewall.trustedInterfaces = [ "virbr0" ]; + + users.users.user.extraGroups = [ + "libvirt" + "libvirtd" + ]; }; - - programs.virt-manager.enable = true; - - networking.firewall.trustedInterfaces = [ "virbr0" ]; - - users.users.user.extraGroups = [ - "libvirt" - "libvirtd" - ]; - }; } diff --git a/aspects/networkmanager.nix b/aspects/networkmanager.nix index 74c9260..8bcb1f2 100644 --- a/aspects/networkmanager.nix +++ b/aspects/networkmanager.nix @@ -1,11 +1,18 @@ { ... }: { - flake.modules.nixos.networkmanager = { config, lib, pkgs, ... }: { - networking.networkmanager = { - enable = true; - wifi.backend = "iwd"; - }; + flake.modules.nixos.networkmanager = + { + config, + lib, + pkgs, + ... + }: + { + networking.networkmanager = { + enable = true; + wifi.backend = "iwd"; + }; - users.users.user.extraGroups = [ "networkmanager" ]; - }; + users.users.user.extraGroups = [ "networkmanager" ]; + }; } diff --git a/aspects/server/boot.nix b/aspects/server/boot.nix index ff5ef25..38634d1 100644 --- a/aspects/server/boot.nix +++ b/aspects/server/boot.nix @@ -1,7 +1,14 @@ # aspects/server/boot.nix { ... }: { - flake.modules.nixos.server-boot = { config, lib, pkgs, ... }: { - boot.kernelPackages = pkgs.linuxPackages_hardened; - }; + flake.modules.nixos.server-boot = + { + config, + lib, + pkgs, + ... + }: + { + boot.kernelPackages = pkgs.linuxPackages_hardened; + }; } diff --git a/aspects/server/nix.nix b/aspects/server/nix.nix index 84bec67..1cb8e8b 100644 --- a/aspects/server/nix.nix +++ b/aspects/server/nix.nix @@ -1,15 +1,22 @@ # aspects/server/nix.nix { inputs, ... }: { - flake.modules.nixos.server-nix = { config, lib, pkgs, ... }: { - environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; + flake.modules.nixos.server-nix = + { + config, + lib, + pkgs, + ... + }: + { + environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; - nix = { - registry.nixpkgs.flake = inputs.nixpkgs-stable; - nixPath = [ - "nixpkgs=/etc/channels/nixpkgs" - "/nix/var/nix/profiles/per-user/root/channels" - ]; + nix = { + registry.nixpkgs.flake = inputs.nixpkgs-stable; + nixPath = [ + "nixpkgs=/etc/channels/nixpkgs" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; }; - }; } diff --git a/aspects/server/tailscale.nix b/aspects/server/tailscale.nix index 5a48799..cf2fa4b 100644 --- a/aspects/server/tailscale.nix +++ b/aspects/server/tailscale.nix @@ -1,15 +1,22 @@ # aspects/server/tailscale.nix { ... }: { - flake.modules.nixos.server-tailscale = { config, lib, pkgs, ... }: { - services.tailscale = { - extraSetFlags = [ "--advertise-exit-node" ]; - useRoutingFeatures = "server"; - }; + flake.modules.nixos.server-tailscale = + { + config, + lib, + pkgs, + ... + }: + { + services.tailscale = { + extraSetFlags = [ "--advertise-exit-node" ]; + useRoutingFeatures = "server"; + }; - boot.kernel.sysctl = { - "net.ipv4.ip_forward" = 1; - "net.ipv6.conf.all.forwarding" = 1; + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + }; }; - }; } diff --git a/aspects/shell/bash.nix b/aspects/shell/bash.nix index 3ec7237..e451148 100644 --- a/aspects/shell/bash.nix +++ b/aspects/shell/bash.nix @@ -1,9 +1,16 @@ { ... }: { - flake.modules.homeManager.shell-bash = { config, lib, pkgs, ... }: { - programs.bash = { - enable = true; - historyFile = "~/.cache/bash_history"; + flake.modules.homeManager.shell-bash = + { + config, + lib, + pkgs, + ... + }: + { + programs.bash = { + enable = true; + historyFile = "~/.cache/bash_history"; + }; }; - }; } diff --git a/aspects/shell/fish.nix b/aspects/shell/fish.nix index e2ae9cf..22c0f5c 100644 --- a/aspects/shell/fish.nix +++ b/aspects/shell/fish.nix @@ -1,33 +1,40 @@ { ... }: { - flake.modules.homeManager.shell-fish = { config, lib, pkgs, ... }: { - programs.fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - ${lib.getExe pkgs.nix-your-shell} fish | source - ''; - loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; - plugins = [ - { - name = "bang-bang"; - src = pkgs.fetchFromGitHub { - owner = "oh-my-fish"; - repo = "plugin-bang-bang"; - rev = "f969c618301163273d0a03d002614d9a81952c1e"; - sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; - }; - } - { - name = "z"; - src = pkgs.fetchFromGitHub { - owner = "jethrokuan"; - repo = "z"; - rev = "067e867debee59aee231e789fc4631f80fa5788e"; - sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU="; - }; - } - ]; + flake.modules.homeManager.shell-fish = + { + config, + lib, + pkgs, + ... + }: + { + programs.fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + ${lib.getExe pkgs.nix-your-shell} fish | source + ''; + loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; + plugins = [ + { + name = "bang-bang"; + src = pkgs.fetchFromGitHub { + owner = "oh-my-fish"; + repo = "plugin-bang-bang"; + rev = "f969c618301163273d0a03d002614d9a81952c1e"; + sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; + }; + } + { + name = "z"; + src = pkgs.fetchFromGitHub { + owner = "jethrokuan"; + repo = "z"; + rev = "067e867debee59aee231e789fc4631f80fa5788e"; + sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU="; + }; + } + ]; + }; }; - }; } diff --git a/packages/claude-desktop.nix b/packages/claude-desktop.nix index e93f3af..c21ec8e 100644 --- a/packages/claude-desktop.nix +++ b/packages/claude-desktop.nix @@ -18,7 +18,8 @@ }; src = - srcs.${pkgs.stdenv.hostPlatform.system} or (throw "Unsupported system: ${pkgs.stdenv.hostPlatform.system}"); + srcs.${pkgs.stdenv.hostPlatform.system} + or (throw "Unsupported system: ${pkgs.stdenv.hostPlatform.system}"); claudeNativeStub = '' // Stub implementation of claude-native using KeyboardKey enum values diff --git a/packages/overlays.nix b/packages/overlays.nix index a36ed60..169a67b 100644 --- a/packages/overlays.nix +++ b/packages/overlays.nix @@ -4,19 +4,20 @@ let packageDir = builtins.readDir ./.; # Filter to .nix files, excluding overlays.nix - isPackageFile = name: - name != "overlays.nix" && builtins.match ".*\\.nix$" name != null; + isPackageFile = name: name != "overlays.nix" && builtins.match ".*\\.nix$" name != null; # Extract package name from filename (e.g., "foo-bar.nix" -> "foo-bar") - toPackageName = filename: - builtins.head (builtins.match "(.+)\\.nix$" filename); + toPackageName = filename: builtins.head (builtins.match "(.+)\\.nix$" filename); packageNames = map toPackageName (builtins.filter isPackageFile (builtins.attrNames packageDir)); in { - flake.overlays.default = final: prev: - builtins.listToAttrs (map (name: { - inherit name; - value = inputs.self.packages.${final.system}.${name}; - }) packageNames); + flake.overlays.default = + final: prev: + builtins.listToAttrs ( + map (name: { + inherit name; + value = inputs.self.packages.${final.system}.${name}; + }) packageNames + ); } diff --git a/terranix/kernelpanic.space.nix b/terranix/kernelpanic.space.nix index 01e5c08..91b615e 100644 --- a/terranix/kernelpanic.space.nix +++ b/terranix/kernelpanic.space.nix @@ -8,9 +8,12 @@ terranix.terranixConfigurations.cloudflare-kernelpanicspace = { terraformWrapper.package = pkgs.opentofu; modules = [ - ({ config, ... }: { - # Terraform config goes here - }) + ( + { config, ... }: + { + # Terraform config goes here + } + ) ]; }; }; diff --git a/terranix/terminus.nix b/terranix/terminus.nix index 7a0fa5b..d7689f9 100644 --- a/terranix/terminus.nix +++ b/terranix/terminus.nix @@ -8,9 +8,12 @@ terranix.terranixConfigurations.oci-terminus = { terraformWrapper.package = pkgs.opentofu; modules = [ - ({ config, ... }: { - # Terraform config goes here - }) + ( + { config, ... }: + { + # Terraform config goes here + } + ) ]; }; }; From c1dcb7e31636ecd730710f1349e825c5bc5d768b Mon Sep 17 00:00:00 2001 From: William Date: Thu, 12 Feb 2026 19:04:34 -0300 Subject: [PATCH 170/206] kanidm upgrade process is a pain I currenty have two other possible oauth providers running: forgejo & nextcloud --- aspects/hosts/_alexandria/kanidm.nix | 82 ---------------------------- aspects/hosts/alexandria.nix | 1 - 2 files changed, 83 deletions(-) delete mode 100644 aspects/hosts/_alexandria/kanidm.nix diff --git a/aspects/hosts/_alexandria/kanidm.nix b/aspects/hosts/_alexandria/kanidm.nix deleted file mode 100644 index 35e08c8..0000000 --- a/aspects/hosts/_alexandria/kanidm.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ - config, - lib, - inputs, - pkgs, - ... -}: - -let - mkNginxVHosts = inputs.self.lib.mkNginxVHosts; - kanidmCertDir = "/var/lib/kanidm/certs"; -in - -{ - services.kanidm = { - enableServer = true; - enableClient = true; - package = pkgs.kanidm; - - serverSettings = { - domain = "auth.baduhai.dev"; - origin = "https://auth.baduhai.dev"; - bindaddress = "127.0.0.1:8443"; - ldapbindaddress = "127.0.0.1:636"; - trust_x_forward_for = true; - # Use self-signed certificates for internal TLS - tls_chain = "${kanidmCertDir}/cert.pem"; - tls_key = "${kanidmCertDir}/key.pem"; - }; - - clientSettings = { - uri = "https://auth.baduhai.dev"; - }; - }; - - services.nginx.virtualHosts = mkNginxVHosts { - domains."auth.baduhai.dev" = { - locations."/" = { - proxyPass = "https://127.0.0.1:8443"; - extraConfig = '' - proxy_ssl_verify off; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $host; - ''; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ 636 ]; - - # Generate self-signed certificates for kanidm's internal TLS - systemd.services.kanidm-generate-certs = { - description = "Generate self-signed TLS certificates for Kanidm"; - wantedBy = [ "multi-user.target" ]; - before = [ "kanidm.service" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - mkdir -p ${kanidmCertDir} - if [ ! -f ${kanidmCertDir}/key.pem ]; then - ${pkgs.openssl}/bin/openssl req -x509 -newkey rsa:4096 \ - -keyout ${kanidmCertDir}/key.pem \ - -out ${kanidmCertDir}/cert.pem \ - -days 3650 -nodes \ - -subj "/CN=localhost" \ - -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" - chown -R kanidm:kanidm ${kanidmCertDir} - chmod 600 ${kanidmCertDir}/key.pem - chmod 644 ${kanidmCertDir}/cert.pem - fi - ''; - }; - - # Ensure certificate generation runs before kanidm starts - systemd.services.kanidm = { - after = [ "kanidm-generate-certs.service" ]; - wants = [ "kanidm-generate-certs.service" ]; - }; -} diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index aacf3b0..03a02b9 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -41,7 +41,6 @@ # Host-specific files (from _alexandria/) ./_alexandria/hardware-configuration.nix ./_alexandria/jellyfin.nix - ./_alexandria/kanidm.nix ./_alexandria/nextcloud.nix ./_alexandria/nginx.nix ./_alexandria/unbound.nix From b2747359901c1a7482035a44b2105f121ea92de6 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 12 Feb 2026 19:22:40 -0300 Subject: [PATCH 171/206] podmand for alexandria --- aspects/hosts/alexandria.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index 03a02b9..7da2c39 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -1,4 +1,4 @@ -{ inputs, self, ... }: +{ inputs, ... }: { flake.nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { @@ -35,8 +35,9 @@ inputs.self.modules.nixos.server-nix inputs.self.modules.nixos.server-tailscale - # Other aspects based on tags + # Other aspects inputs.self.modules.nixos.fwupd + inputs.self.modules.nixos.podman # Host-specific files (from _alexandria/) ./_alexandria/hardware-configuration.nix From 66b72be5b8564c5226ed096b7e2963806994a610 Mon Sep 17 00:00:00 2001 From: William Date: Fri, 13 Feb 2026 16:38:05 -0300 Subject: [PATCH 172/206] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'zen-browser': 'github:0xc000022070/zen-browser-flake/0078cf2d5e81eb56a9356d51f2738f7141194de1?narHash=sha256-iJ9c0ZewfRRYUflaEOj43n5TWaB6Ezygn2UA/ZHGQJA%3D' (2026-02-12) → 'github:0xc000022070/zen-browser-flake/80ce62fd26af1934454f405bcb2510ceeea8d3a2?narHash=sha256-5UDaXr770MaDac9HcFvGlUjsqyOoNbFdHArmjmtHcVk%3D' (2026-02-13) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 806550a..8587eb2 100644 --- a/flake.lock +++ b/flake.lock @@ -1220,11 +1220,11 @@ "nixpkgs": "nixpkgs_11" }, "locked": { - "lastModified": 1770919290, - "narHash": "sha256-iJ9c0ZewfRRYUflaEOj43n5TWaB6Ezygn2UA/ZHGQJA=", + "lastModified": 1771000521, + "narHash": "sha256-5UDaXr770MaDac9HcFvGlUjsqyOoNbFdHArmjmtHcVk=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "0078cf2d5e81eb56a9356d51f2738f7141194de1", + "rev": "80ce62fd26af1934454f405bcb2510ceeea8d3a2", "type": "github" }, "original": { From d184f75f5d393de07ac9549e8b27cfea4b67eff0 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 11:08:21 -0300 Subject: [PATCH 173/206] nixos-cli: retry as root, auto yes --- aspects/common/nix.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/aspects/common/nix.nix b/aspects/common/nix.nix index cd76f62..7fa6e49 100644 --- a/aspects/common/nix.nix +++ b/aspects/common/nix.nix @@ -33,6 +33,8 @@ config = { use_nvd = true; ignore_dirty_tree = true; + apply.reexec_as_root = true; + confirmation.empty = "default-yes"; }; }; From 5f1c05f090bdf4b4034bbbe68a7fe054ec2b9faf Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 11:54:34 -0300 Subject: [PATCH 174/206] ssh: only run fastfetch on initial ssh session --- aspects/common/programs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspects/common/programs.nix b/aspects/common/programs.nix index 7d12f09..b53b293 100644 --- a/aspects/common/programs.nix +++ b/aspects/common/programs.nix @@ -31,7 +31,7 @@ enable = true; interactiveShellInit = '' set fish_greeting - if set -q SSH_CONNECTION + if set -q SSH_CONNECTION; and not set -q IN_NIX_SHELL; or not set -q TMUX export TERM=xterm-256color clear fastfetch From bfa2521ed09c33f32b4f0405c3117e3a0381c2f6 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 12:53:05 -0300 Subject: [PATCH 175/206] re-work cli aspect for nixos and homeModules --- aspects/cli/btop.nix | 38 ++++++++----- aspects/cli/cli.nix | 28 +++++++++ aspects/cli/comma.nix | 2 +- aspects/cli/direnv.nix | 2 +- aspects/cli/helix.nix | 106 +++++++++++++++++++---------------- aspects/cli/hm-cli.nix | 2 +- aspects/cli/starship.nix | 2 +- aspects/cli/tmux.nix | 40 ++++++++----- aspects/common/programs.nix | 3 - aspects/hosts/alexandria.nix | 49 ++++++++-------- aspects/hosts/io.nix | 76 ++++++++++++------------- aspects/hosts/rotterdam.nix | 86 ++++++++++++++-------------- aspects/hosts/trantor.nix | 60 +++++++++----------- 13 files changed, 264 insertions(+), 230 deletions(-) create mode 100644 aspects/cli/cli.nix diff --git a/aspects/cli/btop.nix b/aspects/cli/btop.nix index 2b9c3fc..220a462 100644 --- a/aspects/cli/btop.nix +++ b/aspects/cli/btop.nix @@ -1,20 +1,28 @@ { ... }: { - flake.modules.homeManager.cli-btop = - { - config, - lib, - pkgs, - ... - }: - { - programs.btop = { - enable = true; - settings = { - theme_background = false; - proc_sorting = "cpu direct"; - update_ms = 500; + flake.modules = { + nixos.btop = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ btop ]; + }; + + homeManager.btop = + { + config, + lib, + pkgs, + ... + }: + { + programs.btop = { + enable = true; + settings = { + theme_background = false; + proc_sorting = "cpu direct"; + update_ms = 500; + }; }; }; - }; + }; } diff --git a/aspects/cli/cli.nix b/aspects/cli/cli.nix new file mode 100644 index 0000000..8a11616 --- /dev/null +++ b/aspects/cli/cli.nix @@ -0,0 +1,28 @@ +{ inputs, ... }: + +{ + flake.modules = { + nixos.cli = + { ... }: + { + imports = with inputs.self.modules.nixos; [ + btop + helix + tmux + ]; + }; + homeManager.cli = + { ... }: + { + imports = with inputs.self.modules.nixos; [ + btop + comma + direnv + helix + hm-cli + starship + tmux + ]; + }; + }; +} diff --git a/aspects/cli/comma.nix b/aspects/cli/comma.nix index 71ddb9c..169144f 100644 --- a/aspects/cli/comma.nix +++ b/aspects/cli/comma.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.homeManager.cli-comma = + flake.modules.homeManager.comma = { config, lib, diff --git a/aspects/cli/direnv.nix b/aspects/cli/direnv.nix index 60ea7ad..2cfb2ef 100644 --- a/aspects/cli/direnv.nix +++ b/aspects/cli/direnv.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.homeManager.cli-direnv = + flake.modules.homeManager.direnv = { config, lib, diff --git a/aspects/cli/helix.nix b/aspects/cli/helix.nix index fe0cf74..a21641a 100644 --- a/aspects/cli/helix.nix +++ b/aspects/cli/helix.nix @@ -1,57 +1,67 @@ { ... }: { - flake.modules.homeManager.cli-helix = - { - config, - lib, - pkgs, - ... - }: - { - home.sessionVariables = { - EDITOR = "hx"; + flake.modules = { + nixos.helix = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + helix + ]; }; - programs.helix = { - enable = true; - settings = { - editor = { - file-picker.hidden = false; - idle-timeout = 0; - line-number = "relative"; - cursor-shape = { - normal = "underline"; - insert = "bar"; - select = "underline"; - }; - soft-wrap.enable = true; - auto-format = true; - indent-guides.render = true; - }; - keys.normal = { - space = { - o = "file_picker_in_current_buffer_directory"; - esc = [ - "collapse_selection" - "keep_primary_selection" - ]; - }; - }; + homeManager.helix = + { + config, + lib, + pkgs, + ... + }: + { + home.sessionVariables = { + EDITOR = "hx"; }; - languages = { - language = [ - { - name = "nix"; + + programs.helix = { + enable = true; + settings = { + editor = { + file-picker.hidden = false; + idle-timeout = 0; + line-number = "relative"; + cursor-shape = { + normal = "underline"; + insert = "bar"; + select = "underline"; + }; + soft-wrap.enable = true; auto-format = true; - formatter.command = "nixfmt"; - } - { - name = "typst"; - auto-format = true; - formatter.command = "typstyle -c 1000 -i"; - } - ]; + indent-guides.render = true; + }; + keys.normal = { + space = { + o = "file_picker_in_current_buffer_directory"; + esc = [ + "collapse_selection" + "keep_primary_selection" + ]; + }; + }; + }; + languages = { + language = [ + { + name = "nix"; + auto-format = true; + formatter.command = "nixfmt"; + } + { + name = "typst"; + auto-format = true; + formatter.command = "typstyle -c 1000 -i"; + } + ]; + }; }; }; - }; + }; } diff --git a/aspects/cli/hm-cli.nix b/aspects/cli/hm-cli.nix index 7064a3f..97d79e4 100644 --- a/aspects/cli/hm-cli.nix +++ b/aspects/cli/hm-cli.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.homeManager.cli-base = + flake.modules.homeManager.hm-cli = { config, lib, diff --git a/aspects/cli/starship.nix b/aspects/cli/starship.nix index 7ba3a54..3ac5e4f 100644 --- a/aspects/cli/starship.nix +++ b/aspects/cli/starship.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.homeManager.cli-starship = + flake.modules.homeManager.starship = { config, lib, diff --git a/aspects/cli/tmux.nix b/aspects/cli/tmux.nix index 1238501..4937574 100644 --- a/aspects/cli/tmux.nix +++ b/aspects/cli/tmux.nix @@ -1,19 +1,29 @@ { ... }: { - flake.modules.homeManager.cli-tmux = - { - config, - lib, - pkgs, - ... - }: - { - programs.tmux = { - enable = true; - clock24 = true; - terminal = "xterm-256color"; - mouse = true; - keyMode = "vi"; + flake.modules = { + nixos.tmux = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + tmux + ]; }; - }; + + homeManager.tmux = + { + config, + lib, + pkgs, + ... + }: + { + programs.tmux = { + enable = true; + clock24 = true; + terminal = "xterm-256color"; + mouse = true; + keyMode = "vi"; + }; + }; + }; } diff --git a/aspects/common/programs.nix b/aspects/common/programs.nix index b53b293..ccdf185 100644 --- a/aspects/common/programs.nix +++ b/aspects/common/programs.nix @@ -8,13 +8,10 @@ ### Dev Tools ### git ### System Utilities ### - btop fastfetch - helix nixos-firewall-tool nvd sysz - tmux wget yazi ]; diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index 7da2c39..dedbed9 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -1,4 +1,4 @@ -{ inputs, ... }: +{ inputs, lib, ... }: { flake.nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { @@ -13,39 +13,34 @@ inputs.self.overlays.default ]; } + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_alexandria) + ] + ++ (with inputs.self.modules.nixos; [ + cli # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale + common-boot + common-console + common-firewall + common-locale + common-nix + common-openssh + common-programs + common-security + common-services + common-tailscale # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root + user + root # Server aspects - inputs.self.modules.nixos.server-boot - inputs.self.modules.nixos.server-nix - inputs.self.modules.nixos.server-tailscale + server-boot + server-nix + server-tailscale # Other aspects - inputs.self.modules.nixos.fwupd - inputs.self.modules.nixos.podman - - # Host-specific files (from _alexandria/) - ./_alexandria/hardware-configuration.nix - ./_alexandria/jellyfin.nix - ./_alexandria/nextcloud.nix - ./_alexandria/nginx.nix - ./_alexandria/unbound.nix - ./_alexandria/vaultwarden.nix - ]; + fwupd + ]); }; } diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix index c6c3dbf..ee610fa 100644 --- a/aspects/hosts/io.nix +++ b/aspects/hosts/io.nix @@ -1,4 +1,5 @@ -{ inputs, self, ... }: +{ inputs, lib, ... }: + { flake.nixosConfigurations.io = inputs.nixpkgs.lib.nixosSystem { system = "x86_64-linux"; @@ -12,48 +13,43 @@ inputs.self.overlays.default ]; } - - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale - - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root - - # Desktop aspects - inputs.self.modules.nixos.desktop-boot - inputs.self.modules.nixos.desktop-desktop - inputs.self.modules.nixos.desktop-nix - inputs.self.modules.nixos.desktop-services - - # Other aspects based on tags - inputs.self.modules.nixos.ai - inputs.self.modules.nixos.bluetooth - inputs.self.modules.nixos.dev - inputs.self.modules.nixos.libvirtd - inputs.self.modules.nixos.networkmanager - inputs.self.modules.nixos.podman - - # Factory-generated ephemeral module + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_io) (inputs.self.factory.ephemeral { rootDevice = "/dev/mapper/cryptroot"; }) + ] + ++ (with inputs.self.modules.nixos; [ + cli - # Host-specific files (from _io/) - ./_io/hardware-configuration.nix - ./_io/disko.nix - ./_io/boot.nix - ./_io/programs.nix - ./_io/services.nix - ]; + # Common aspects (always included) + common-boot + common-console + common-firewall + common-locale + common-nix + common-openssh + common-programs + common-security + common-services + common-tailscale + + # User aspects + user + root + + # Desktop aspects + desktop-boot + desktop-desktop + desktop-nix + desktop-services + + # Other aspects + ai + bluetooth + dev + libvirtd + networkmanager + podman + ]); }; } diff --git a/aspects/hosts/rotterdam.nix b/aspects/hosts/rotterdam.nix index 76ffbb0..4a91769 100644 --- a/aspects/hosts/rotterdam.nix +++ b/aspects/hosts/rotterdam.nix @@ -1,4 +1,5 @@ -{ inputs, ... }: +{ inputs, lib, ... }: + { flake.nixosConfigurations.rotterdam = inputs.nixpkgs.lib.nixosSystem { system = "x86_64-linux"; @@ -12,53 +13,48 @@ inputs.self.overlays.default ]; } - - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale - - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root - - # Desktop aspects - inputs.self.modules.nixos.desktop-boot - inputs.self.modules.nixos.desktop-desktop - inputs.self.modules.nixos.desktop-nix - inputs.self.modules.nixos.desktop-services - - # Other aspects based on tags - inputs.self.modules.nixos.ai - inputs.self.modules.nixos.bluetooth - inputs.self.modules.nixos.dev - inputs.self.modules.nixos.fwupd - inputs.self.modules.nixos.gaming-steam - inputs.self.modules.nixos.gaming-hardware - inputs.self.modules.nixos.gaming-flatpak - inputs.self.modules.nixos.gaming-launchers - inputs.self.modules.nixos.libvirtd - inputs.self.modules.nixos.networkmanager - inputs.self.modules.nixos.podman - - # Factory-generated ephemeral module + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_rotterdam) (inputs.self.factory.ephemeral { rootDevice = "/dev/mapper/cryptroot"; }) + ] + ++ (with inputs.self.modules.nixos; [ + cli - # Host-specific files (from _rotterdam/) - ./_rotterdam/hardware-configuration.nix - ./_rotterdam/boot.nix - ./_rotterdam/hardware.nix - ./_rotterdam/programs.nix - ./_rotterdam/services.nix - ]; + # Common aspects (always included) + common-boot + common-console + common-firewall + common-locale + common-nix + common-openssh + common-programs + common-security + common-services + common-tailscale + + # User aspects + user + root + + # Desktop aspects + desktop-boot + desktop-desktop + desktop-nix + desktop-services + + # Other aspects based on tags + ai + bluetooth + dev + fwupd + gaming-steam + gaming-hardware + gaming-flatpak + gaming-launchers + libvirtd + networkmanager + podman + ]); }; } diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix index 3de68a9..4b8b4b2 100644 --- a/aspects/hosts/trantor.nix +++ b/aspects/hosts/trantor.nix @@ -1,4 +1,4 @@ -{ inputs, self, ... }: +{ inputs, lib, ... }: { flake.nixosConfigurations.trantor = inputs.nixpkgs-stable.lib.nixosSystem { system = "aarch64-linux"; @@ -13,42 +13,36 @@ ]; } - # Common aspects (always included) - inputs.self.modules.nixos.common-boot - inputs.self.modules.nixos.common-console - inputs.self.modules.nixos.common-firewall - inputs.self.modules.nixos.common-locale - inputs.self.modules.nixos.common-nix - inputs.self.modules.nixos.common-openssh - inputs.self.modules.nixos.common-programs - inputs.self.modules.nixos.common-security - inputs.self.modules.nixos.common-services - inputs.self.modules.nixos.common-tailscale - - # User aspects - inputs.self.modules.nixos.user - inputs.self.modules.nixos.root - - # Server aspects - inputs.self.modules.nixos.server-boot - inputs.self.modules.nixos.server-nix - inputs.self.modules.nixos.server-tailscale - # Factory-generated ephemeral module (inputs.self.factory.ephemeral { rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; }) - # Host-specific files (from _trantor/) - ./_trantor/hardware-configuration.nix - ./_trantor/disko.nix - ./_trantor/boot.nix - ./_trantor/fail2ban.nix - ./_trantor/forgejo.nix - ./_trantor/networking.nix - ./_trantor/nginx.nix - ./_trantor/openssh.nix - ./_trantor/unbound.nix - ]; + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_trantor) + ] + ++ (with inputs.self.modules.nixos; [ + cli + + # Common aspects (always included) + common-boot + common-console + common-firewall + common-locale + common-nix + common-openssh + common-programs + common-security + common-services + common-tailscale + + # User aspects + user + root + + # Server aspects + server-boot + server-nix + server-tailscale + ]); }; } From 5d1b54c8bfc6bb2a0a82de70b20c5c2c64476f49 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 14:20:57 -0300 Subject: [PATCH 176/206] common aspects reworked into base aspect --- .../{common/programs.nix => base/base.nix} | 34 ++++++++++++------- aspects/{common => base}/boot.nix | 2 +- aspects/{common => base}/console.nix | 2 +- aspects/{common => base}/firewall.nix | 2 +- aspects/{common => base}/locale.nix | 2 +- aspects/{common => base}/nix.nix | 2 +- aspects/{common => base}/security.nix | 2 +- aspects/base/ssh.nix | 32 +++++++++++++++++ aspects/common/openssh.nix | 14 -------- aspects/common/services.nix | 12 ------- aspects/common/tailscale.nix | 11 ------ aspects/hosts/alexandria.nix | 16 ++------- aspects/hosts/io.nix | 16 ++------- aspects/hosts/rotterdam.nix | 16 ++------- aspects/hosts/trantor.nix | 21 +++--------- 15 files changed, 72 insertions(+), 112 deletions(-) rename aspects/{common/programs.nix => base/base.nix} (56%) rename aspects/{common => base}/boot.nix (92%) rename aspects/{common => base}/console.nix (75%) rename aspects/{common => base}/firewall.nix (76%) rename aspects/{common => base}/locale.nix (93%) rename aspects/{common => base}/nix.nix (96%) rename aspects/{common => base}/security.nix (81%) create mode 100644 aspects/base/ssh.nix delete mode 100644 aspects/common/openssh.nix delete mode 100644 aspects/common/services.nix delete mode 100644 aspects/common/tailscale.nix diff --git a/aspects/common/programs.nix b/aspects/base/base.nix similarity index 56% rename from aspects/common/programs.nix rename to aspects/base/base.nix index ccdf185..08841b2 100644 --- a/aspects/common/programs.nix +++ b/aspects/base/base.nix @@ -1,16 +1,22 @@ -{ ... }: +{ inputs, ... }: { - flake.modules.nixos.common-programs = + flake.modules.nixos.base = { lib, pkgs, ... }: { + imports = with inputs.self.modules.nixos; [ + boot + console + firewall + locale + nix + security + ssh + ]; environment = { systemPackages = with pkgs; [ - ### Dev Tools ### git - ### System Utilities ### fastfetch nixos-firewall-tool - nvd sysz wget yazi @@ -26,14 +32,16 @@ command-not-found.enable = false; fish = { enable = true; - interactiveShellInit = '' - set fish_greeting - if set -q SSH_CONNECTION; and not set -q IN_NIX_SHELL; or not set -q TMUX - export TERM=xterm-256color - clear - fastfetch - end - ''; + }; + }; + + services = { + dbus.implementation = "broker"; + irqbalance.enable = true; + fstrim.enable = true; + tailscale = { + enable = true; + extraUpFlags = [ "--operator=user" ]; }; }; }; diff --git a/aspects/common/boot.nix b/aspects/base/boot.nix similarity index 92% rename from aspects/common/boot.nix rename to aspects/base/boot.nix index b74b68c..ec8593d 100644 --- a/aspects/common/boot.nix +++ b/aspects/base/boot.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.nixos.common-boot = + flake.modules.nixos.boot = { pkgs, ... }: { boot = { diff --git a/aspects/common/console.nix b/aspects/base/console.nix similarity index 75% rename from aspects/common/console.nix rename to aspects/base/console.nix index 128b914..6bb7be4 100644 --- a/aspects/common/console.nix +++ b/aspects/base/console.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.nixos.common-console = + flake.modules.nixos.console = { ... }: { console = { diff --git a/aspects/common/firewall.nix b/aspects/base/firewall.nix similarity index 76% rename from aspects/common/firewall.nix rename to aspects/base/firewall.nix index 0e5297d..68ffa6e 100644 --- a/aspects/common/firewall.nix +++ b/aspects/base/firewall.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.nixos.common-firewall = + flake.modules.nixos.firewall = { ... }: { networking = { diff --git a/aspects/common/locale.nix b/aspects/base/locale.nix similarity index 93% rename from aspects/common/locale.nix rename to aspects/base/locale.nix index a6b5754..4d0c716 100644 --- a/aspects/common/locale.nix +++ b/aspects/base/locale.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.nixos.common-locale = + flake.modules.nixos.locale = { ... }: { time.timeZone = "America/Bahia"; diff --git a/aspects/common/nix.nix b/aspects/base/nix.nix similarity index 96% rename from aspects/common/nix.nix rename to aspects/base/nix.nix index 7fa6e49..16397a9 100644 --- a/aspects/common/nix.nix +++ b/aspects/base/nix.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.nixos.common-nix = + flake.modules.nixos.nix = { inputs, ... }: { imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; diff --git a/aspects/common/security.nix b/aspects/base/security.nix similarity index 81% rename from aspects/common/security.nix rename to aspects/base/security.nix index 2ad04a0..310e345 100644 --- a/aspects/common/security.nix +++ b/aspects/base/security.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.nixos.common-security = + flake.modules.nixos.security = { ... }: { security.sudo = { diff --git a/aspects/base/ssh.nix b/aspects/base/ssh.nix new file mode 100644 index 0000000..03fa556 --- /dev/null +++ b/aspects/base/ssh.nix @@ -0,0 +1,32 @@ +{ ... }: + +{ + flake.modules.nixos.ssh = + { ... }: + { + services.openssh = { + enable = true; + settings.PermitRootLogin = "no"; + extraConfig = '' + PrintLastLog no + ''; + }; + programs = { + bash.interactiveShellInit = '' + if { [ -n "$SSH_CONNECTION" ] && [ -z "$IN_NIX_SHELL" ]; } || [ -z "$TMUX" ]; then + export TERM=xterm-256color + clear + fastfetch + fi + ''; + fish.interactiveShellInit = '' + set fish_greeting + if set -q SSH_CONNECTION; and not set -q IN_NIX_SHELL; or not set -q TMUX + export TERM=xterm-256color + clear + fastfetch + end + ''; + }; + }; +} diff --git a/aspects/common/openssh.nix b/aspects/common/openssh.nix deleted file mode 100644 index b8179f2..0000000 --- a/aspects/common/openssh.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ ... }: -{ - flake.modules.nixos.common-openssh = - { ... }: - { - services.openssh = { - enable = true; - settings.PermitRootLogin = "no"; - extraConfig = '' - PrintLastLog no - ''; - }; - }; -} diff --git a/aspects/common/services.nix b/aspects/common/services.nix deleted file mode 100644 index e05dcf0..0000000 --- a/aspects/common/services.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ ... }: -{ - flake.modules.nixos.common-services = - { ... }: - { - services = { - dbus.implementation = "broker"; - irqbalance.enable = true; - fstrim.enable = true; - }; - }; -} diff --git a/aspects/common/tailscale.nix b/aspects/common/tailscale.nix deleted file mode 100644 index 74381ac..0000000 --- a/aspects/common/tailscale.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: -{ - flake.modules.nixos.common-tailscale = - { ... }: - { - services.tailscale = { - enable = true; - extraUpFlags = [ "--operator=user" ]; - }; - }; -} diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index dedbed9..d05639d 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -16,21 +16,11 @@ ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_alexandria) ] ++ (with inputs.self.modules.nixos; [ + # system aspects + base cli - # Common aspects (always included) - common-boot - common-console - common-firewall - common-locale - common-nix - common-openssh - common-programs - common-security - common-services - common-tailscale - - # User aspects + # user aspects user root diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix index ee610fa..6163244 100644 --- a/aspects/hosts/io.nix +++ b/aspects/hosts/io.nix @@ -19,21 +19,11 @@ }) ] ++ (with inputs.self.modules.nixos; [ + # system aspects + base cli - # Common aspects (always included) - common-boot - common-console - common-firewall - common-locale - common-nix - common-openssh - common-programs - common-security - common-services - common-tailscale - - # User aspects + # user aspects user root diff --git a/aspects/hosts/rotterdam.nix b/aspects/hosts/rotterdam.nix index 4a91769..77ffe54 100644 --- a/aspects/hosts/rotterdam.nix +++ b/aspects/hosts/rotterdam.nix @@ -19,21 +19,11 @@ }) ] ++ (with inputs.self.modules.nixos; [ + # system aspects + base cli - # Common aspects (always included) - common-boot - common-console - common-firewall - common-locale - common-nix - common-openssh - common-programs - common-security - common-services - common-tailscale - - # User aspects + # user aspects user root diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix index 4b8b4b2..e7934ab 100644 --- a/aspects/hosts/trantor.nix +++ b/aspects/hosts/trantor.nix @@ -12,30 +12,17 @@ inputs.self.overlays.default ]; } - - # Factory-generated ephemeral module + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_trantor) (inputs.self.factory.ephemeral { rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; }) - - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_trantor) ] ++ (with inputs.self.modules.nixos; [ + # system aspects + base cli - # Common aspects (always included) - common-boot - common-console - common-firewall - common-locale - common-nix - common-openssh - common-programs - common-security - common-services - common-tailscale - - # User aspects + # user aspects user root From 4e78805bdaad9f031287ec07fd525aa0ab79eb17 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 14:58:37 -0300 Subject: [PATCH 177/206] rework desktop and programs aspects --- aspects/cli/cli.nix | 7 +- aspects/desktop/boot.nix | 34 --- aspects/desktop/desktop.nix | 212 +++++----------- aspects/desktop/niri.nix | 445 +++++++++++++++++---------------- aspects/desktop/nix.nix | 21 -- aspects/desktop/services.nix | 23 -- aspects/hosts/io.nix | 8 +- aspects/hosts/rotterdam.nix | 12 +- aspects/programs/graphics.nix | 2 +- aspects/programs/media.nix | 2 +- aspects/programs/office.nix | 2 +- aspects/programs/utilities.nix | 62 ----- aspects/programs/web.nix | 2 +- aspects/users/_user/git.nix | 2 +- 14 files changed, 307 insertions(+), 527 deletions(-) delete mode 100644 aspects/desktop/boot.nix delete mode 100644 aspects/desktop/nix.nix delete mode 100644 aspects/desktop/services.nix delete mode 100644 aspects/programs/utilities.nix diff --git a/aspects/cli/cli.nix b/aspects/cli/cli.nix index 8a11616..1d379e8 100644 --- a/aspects/cli/cli.nix +++ b/aspects/cli/cli.nix @@ -3,13 +3,18 @@ { flake.modules = { nixos.cli = - { ... }: + { pkgs, ... }: { imports = with inputs.self.modules.nixos; [ btop helix tmux ]; + + environment.systemPackages = with pkgs; [ + p7zip + rclone + ]; }; homeManager.cli = { ... }: diff --git a/aspects/desktop/boot.nix b/aspects/desktop/boot.nix deleted file mode 100644 index cd0fa9c..0000000 --- a/aspects/desktop/boot.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ ... }: -{ - flake.modules.nixos.desktop-boot = - { - config, - lib, - pkgs, - ... - }: - { - boot = { - plymouth.enable = true; - initrd.systemd.enable = true; - loader.efi.efiSysMountPoint = "/boot/efi"; - kernelPackages = pkgs.linuxPackages_xanmod_latest; - extraModprobeConfig = '' - options bluetooth disable_ertm=1 - ''; - kernel.sysctl = { - "net.ipv4.tcp_mtu_probing" = 1; - }; - kernelParams = [ - "quiet" - "splash" - "i2c-dev" - "i2c-piix4" - "loglevel=3" - "udev.log_priority=3" - "rd.udev.log_level=3" - "rd.systemd.show_status=false" - ]; - }; - }; -} diff --git a/aspects/desktop/desktop.nix b/aspects/desktop/desktop.nix index fb54f55..39fd0e0 100644 --- a/aspects/desktop/desktop.nix +++ b/aspects/desktop/desktop.nix @@ -4,7 +4,7 @@ }: { flake.modules = { - nixos.desktop-desktop = + nixos.desktop = { config, lib, @@ -13,37 +13,53 @@ }: { imports = [ - inputs.niri-flake.nixosModules.niri inputs.nix-flatpak.nixosModules.nix-flatpak - ]; + ] + ++ (with inputs.self.modules.nixos; [ + graphics + media + office + web + ]); + + boot = { + plymouth.enable = true; + initrd.systemd.enable = true; + loader.efi.efiSysMountPoint = "/boot/efi"; + kernelPackages = pkgs.linuxPackages_xanmod_latest; + extraModprobeConfig = '' + options bluetooth disable_ertm=1 + ''; + kernel.sysctl = { + "net.ipv4.tcp_mtu_probing" = 1; + }; + kernelParams = [ + "quiet" + "splash" + "i2c-dev" + "i2c-piix4" + "loglevel=3" + "udev.log_priority=3" + "rd.udev.log_level=3" + "rd.systemd.show_status=false" + ]; + }; + + nix = { + registry.nixpkgs.flake = inputs.nixpkgs; + nixPath = [ + "nixpkgs=${inputs.nixpkgs}" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; environment = { + etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; sessionVariables = { KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland }; systemPackages = with pkgs; [ - ### Web ### - bitwarden-desktop - fragments - nextcloud-client - tor-browser - vesktop - inputs.zen-browser.packages."${system}".default - ### Office & Productivity ### - aspell - aspellDicts.de - aspellDicts.en - aspellDicts.en-computers - aspellDicts.pt_BR - papers - presenterm - rnote - ### Graphics & Design ### - gimp - inkscape - plasticity - ### System Utilities ### adwaita-icon-theme ghostty gnome-disk-utility @@ -51,19 +67,21 @@ libfido2 mission-center nautilus - p7zip - rclone toggleaudiosink unrar - ### Media ### - decibels - loupe - obs-studio - showtime ]; }; services = { + printing.enable = true; + udev.packages = with pkgs; [ yubikey-personalization ]; + keyd = { + enable = true; + keyboards.all = { + ids = [ "*" ]; + settings.main.capslock = "overload(meta, esc)"; + }; + }; pipewire = { enable = true; alsa.enable = true; @@ -74,35 +92,11 @@ }; greetd = { enable = true; - settings = { - default_session = { - command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; - user = "greeter"; - }; - } - // lib.optionalAttrs (config.networking.hostName == "io") { - initial_session = { - command = "${config.programs.niri.package}/bin/niri-session"; - user = "user"; - }; - }; + settings.default_session.user = "greeter"; }; flatpak = { enable = true; packages = [ - ### Office & Productivity ### - "com.collabora.Office" - ### Graphics & Design ### - "com.boxy_svg.BoxySVG" - rec { - appId = "io.github.softfever.OrcaSlicer"; - sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; - bundle = "${pkgs.fetchurl { - url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; - inherit sha256; - }}"; - } - ### System Utilities ### "com.github.tchx84.Flatseal" "com.rustdesk.RustDesk" ]; @@ -123,10 +117,6 @@ }; programs = { - niri = { - enable = true; - package = inputs.niri.packages.${pkgs.system}.niri; - }; kdeconnect = { enable = true; package = pkgs.valent; @@ -138,8 +128,6 @@ }; }; - niri-flake.cache.enable = false; - fonts = { fontDir.enable = true; packages = with pkgs; [ @@ -157,17 +145,11 @@ xdg-desktop-portal-gnome xdg-desktop-portal-gtk ]; - config = { - common.default = "*"; - niri.default = [ - "gtk" - "gnome" - ]; - }; + config.common.default = "*"; }; }; - homeManager.desktop-desktop = + homeManager.desktop = { config, lib, @@ -180,7 +162,10 @@ fonts.fontconfig.enable = true; - home.packages = with pkgs; [ xwayland-satellite ]; + home = { + packages = with pkgs; [ xwayland-satellite ]; + sessionVariables.TERMINAL = "ghostty"; + }; services.vicinae = { enable = true; @@ -216,91 +201,6 @@ xdg = { enable = true; userDirs.enable = true; - mimeApps = { - enable = true; - defaultApplications = { - "text/html" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/http" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/https" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/about" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/unknown" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "image/jpeg" = "org.gnome.Loupe.desktop"; - "image/png" = "org.gnome.Loupe.desktop"; - "image/gif" = "org.gnome.Loupe.desktop"; - "image/webp" = "org.gnome.Loupe.desktop"; - "image/bmp" = "org.gnome.Loupe.desktop"; - "image/svg+xml" = "org.gnome.Loupe.desktop"; - "image/tiff" = "org.gnome.Loupe.desktop"; - "video/mp4" = "io.bassi.Showtime.desktop"; - "video/x-matroska" = "io.bassi.Showtime.desktop"; - "video/webm" = "io.bassi.Showtime.desktop"; - "video/mpeg" = "io.bassi.Showtime.desktop"; - "video/x-msvideo" = "io.bassi.Showtime.desktop"; - "video/quicktime" = "io.bassi.Showtime.desktop"; - "video/x-flv" = "io.bassi.Showtime.desktop"; - "audio/mpeg" = "io.bassi.Showtime.desktop"; - "audio/flac" = "io.bassi.Showtime.desktop"; - "audio/ogg" = "io.bassi.Showtime.desktop"; - "audio/wav" = "io.bassi.Showtime.desktop"; - "audio/mp4" = "io.bassi.Showtime.desktop"; - "audio/x-opus+ogg" = "io.bassi.Showtime.desktop"; - "application/pdf" = [ - "org.gnome.Papers.desktop" - "zen-browser.desktop" - ]; - "text/plain" = "Helix.desktop"; - "text/markdown" = "Helix.desktop"; - "text/x-log" = "Helix.desktop"; - "application/x-shellscript" = "Helix.desktop"; - "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = - "com.collabora.Office.desktop"; # DOCX - "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = - "com.collabora.Office.desktop"; # XLSX - "application/vnd.openxmlformats-officedocument.presentationml.presentation" = - "com.collabora.Office.desktop"; # PPTX - "application/vnd.oasis.opendocument.text" = "com.collabora.Office.desktop"; # ODT - "application/vnd.oasis.opendocument.spreadsheet" = "com.collabora.Office.desktop"; # ODS - "application/vnd.oasis.opendocument.presentation" = "com.collabora.Office.desktop"; # ODP - "application/msword" = "com.collabora.Office.desktop"; # DOC - "application/vnd.ms-excel" = "com.collabora.Office.desktop"; # XLS - "application/vnd.ms-powerpoint" = "com.collabora.Office.desktop"; # PPT - "application/zip" = "org.gnome.FileRoller.desktop"; - "application/x-tar" = "org.gnome.FileRoller.desktop"; - "application/x-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-bzip-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-xz-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-7z-compressed" = "org.gnome.FileRoller.desktop"; - "application/x-rar" = "org.gnome.FileRoller.desktop"; - "application/gzip" = "org.gnome.FileRoller.desktop"; - "application/x-bzip" = "org.gnome.FileRoller.desktop"; - "inode/directory" = "org.gnome.Nautilus.desktop"; - }; - }; - }; - - # Set Ghostty as default terminal - home.sessionVariables = { - TERMINAL = "ghostty"; }; }; }; diff --git a/aspects/desktop/niri.nix b/aspects/desktop/niri.nix index cdd02ac..adb3f80 100644 --- a/aspects/desktop/niri.nix +++ b/aspects/desktop/niri.nix @@ -1,228 +1,251 @@ -{ ... }: +{ inputs, ... }: { - flake.modules.homeManager.desktop-niri = - { - config, - lib, - pkgs, - inputs, - hostname ? null, - ... - }: - let - isRotterdam = hostname == "rotterdam"; - in - { - imports = [ inputs.noctalia.homeModules.default ]; + flake.modules = { + nixos.niri = + { + config, + lib, + pkgs, + ... + }: + { + imports = [ inputs.niri-flake.nixosModules.niri ]; - services.kanshi = { - enable = true; - settings = [ - { - profile.name = "default"; - profile.outputs = [ - { - criteria = "*"; - scale = 1.0; + services.greetd.settings = { + default_session.command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; + }; + + programs.niri.enable = true; + + xdg.portal.config.niri.default = [ + "gtk" + "gnome" + ]; + }; + homeManager.niri = + { + config, + lib, + pkgs, + inputs, + hostname ? null, + ... + }: + let + isRotterdam = hostname == "rotterdam"; + in + { + imports = [ inputs.noctalia.homeModules.default ]; + + services.kanshi = { + enable = true; + settings = [ + { + profile.name = "default"; + profile.outputs = [ + { + criteria = "*"; + scale = 1.0; + } + ]; + } + ]; + }; + + home = { + packages = with pkgs; [ + xwayland-satellite + inputs.noctalia.packages.${pkgs.system}.default + ]; + sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; + }; + + xdg.configFile."niri/config.kdl".text = '' + input { + keyboard { + xkb { + layout "us" + variant "altgr-intl" } - ]; + } + touchpad { + tap + dwt + drag true + drag-lock + natural-scroll + accel-speed 0.2 + accel-profile "flat" + scroll-method "two-finger" + middle-emulation + } + mouse { + natural-scroll + accel-speed 0.2 + accel-profile "flat" + } + warp-mouse-to-focus mode="center-xy" + focus-follows-mouse } - ]; - }; - home = { - packages = with pkgs; [ - xwayland-satellite - inputs.noctalia.packages.${pkgs.system}.default - ]; - sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; - }; - - xdg.configFile."niri/config.kdl".text = '' - input { - keyboard { - xkb { - layout "us" - variant "altgr-intl" + layout { + gaps 8 + center-focused-column "never" + auto-center-when-space-available + preset-column-widths { + ${ + if isRotterdam then + '' + proportion 0.33333 + proportion 0.5 + proportion 0.66667 + '' + else + '' + proportion 0.5 + proportion 1.0 + '' + } + } + default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } + focus-ring { + off + } + border { + width 4 + active-color "#ffc87f" + inactive-color "#505050" + urgent-color "#9b0000" + } + tab-indicator { + width 4 + gap 4 + place-within-column } } - touchpad { - tap - dwt - drag true - drag-lock - natural-scroll - accel-speed 0.2 - accel-profile "flat" - scroll-method "two-finger" - middle-emulation + + overview { + zoom 0.65 } - mouse { - natural-scroll - accel-speed 0.2 - accel-profile "flat" + + spawn-at-startup "noctalia-shell" "-d" + layer-rule { + match namespace="^noctalia-overview*" + place-within-backdrop true } - warp-mouse-to-focus mode="center-xy" - focus-follows-mouse - } - layout { - gaps 8 - center-focused-column "never" - auto-center-when-space-available - preset-column-widths { - ${ - if isRotterdam then - '' - proportion 0.33333 - proportion 0.5 - proportion 0.66667 - '' - else - '' - proportion 0.5 - proportion 1.0 - '' - } + hotkey-overlay { + skip-at-startup } - default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } - focus-ring { - off + + prefer-no-csd + screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" + + animations { + slowdown 0.3 } - border { - width 4 - active-color "#ffc87f" - inactive-color "#505050" - urgent-color "#9b0000" + + window-rule { + match app-id="zen" + default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; } } - tab-indicator { - width 4 - gap 4 - place-within-column + + window-rule { + geometry-corner-radius 12 + clip-to-geometry true } - } - overview { - zoom 0.65 - } + config-notification { + disable-failed + } - spawn-at-startup "noctalia-shell" "-d" - layer-rule { - match namespace="^noctalia-overview*" - place-within-backdrop true - } - - hotkey-overlay { - skip-at-startup - } - - prefer-no-csd - screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" - - animations { - slowdown 0.3 - } - - window-rule { - match app-id="zen" - default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; } - } - - window-rule { - geometry-corner-radius 12 - clip-to-geometry true - } - - config-notification { - disable-failed - } - - binds { - Alt+Space repeat=false { spawn "vicinae" "toggle"; } - XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; } - XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; } - XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; } - XF86MonBrightnessUp allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "increase"; } - XF86MonBrightnessDown allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "decrease"; } - XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; } - XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } - XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } - XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } - Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; } - Mod+Shift+L repeat=false { spawn "noctalia-shell" "ipc" "call" "lockScreen" "lock"; } - Mod+Return { spawn "ghostty"; } - Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } - Mod+W repeat=false { toggle-overview; } - Mod+Q { close-window; } - Alt+Shift+Q { close-window;} - Mod+Shift+Q { close-window; } - Alt+F4 { close-window; } - Mod+Left { focus-column-left; } - Mod+Down { focus-window-or-workspace-down; } - Mod+Up { focus-window-or-workspace-up; } - Mod+Right { focus-column-right; } - Mod+H { focus-column-left; } - Mod+L { focus-column-right; } - Mod+J { focus-window-or-workspace-down; } - Mod+K { focus-window-or-workspace-up; } - Mod+Ctrl+Left { move-column-left; } - Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } - Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } - Mod+Ctrl+Right { move-column-right; } - Mod+Ctrl+H { move-column-left; } - Mod+Ctrl+J { move-window-down-or-to-workspace-down; } - Mod+Ctrl+K { move-window-up-or-to-workspace-up; } - Mod+Ctrl+L { move-column-right; } - Mod+Home { focus-column-first; } - Mod+End { focus-column-last; } - Mod+Ctrl+Home { move-column-to-first; } - Mod+Ctrl+End { move-column-to-last; } - Mod+Alt+Left { focus-monitor-left; } - Mod+Alt+Down { focus-monitor-down; } - Mod+Alt+Up { focus-monitor-up; } - Mod+Alt+Right { focus-monitor-right; } - Mod+Alt+H { focus-monitor-left; } - Mod+Alt+J { focus-monitor-down; } - Mod+Alt+K { focus-monitor-up; } - Mod+Alt+L { focus-monitor-right; } - Mod+Alt+Ctrl+Left { move-column-to-monitor-left; } - Mod+Alt+Ctrl+Down { move-column-to-monitor-down; } - Mod+Alt+Ctrl+Up { move-column-to-monitor-up; } - Mod+Alt+Ctrl+Right { move-column-to-monitor-right; } - Mod+Alt+Ctrl+H { move-column-to-monitor-left; } - Mod+Alt+Ctrl+J { move-column-to-monitor-down; } - Mod+Alt+Ctrl+K { move-column-to-monitor-up; } - Mod+Alt+Ctrl+L { move-column-to-monitor-right; } - Mod+Ctrl+U { move-workspace-down; } - Mod+Ctrl+I { move-workspace-up; } - Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; } - Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; } - Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; } - Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; } - Mod+Shift+WheelScrollDown { focus-column-right; } - Mod+Shift+WheelScrollUp { focus-column-left; } - Mod+Ctrl+Shift+WheelScrollDown { move-column-right; } - Mod+Ctrl+Shift+WheelScrollUp { move-column-left; } - Mod+BracketLeft { consume-or-expel-window-left; } - Mod+BracketRight { consume-or-expel-window-right; } - Mod+Comma { consume-window-into-column; } - Mod+Period { expel-window-from-column; } - Mod+R { switch-preset-column-width; } - Mod+F { maximize-column; } - Mod+Ctrl+F { fullscreen-window; } - Mod+C { center-visible-columns; } - Mod+Ctrl+C { center-column; } - Mod+Space { toggle-window-floating; } - Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; } - Mod+T { toggle-column-tabbed-display; } - Print { screenshot-screen; } - Mod+Print { screenshot; } - Ctrl+Print { screenshot-window; } - Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } - Mod+Alt+E { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } - Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } - Mod+Ctrl+P { power-off-monitors; } - } - ''; - }; + binds { + Alt+Space repeat=false { spawn "vicinae" "toggle"; } + XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; } + XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; } + XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; } + XF86MonBrightnessUp allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "increase"; } + XF86MonBrightnessDown allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "decrease"; } + XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; } + XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } + XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } + XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } + Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; } + Mod+Shift+L repeat=false { spawn "noctalia-shell" "ipc" "call" "lockScreen" "lock"; } + Mod+Return { spawn "ghostty"; } + Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } + Mod+W repeat=false { toggle-overview; } + Mod+Q { close-window; } + Alt+Shift+Q { close-window;} + Mod+Shift+Q { close-window; } + Alt+F4 { close-window; } + Mod+Left { focus-column-left; } + Mod+Down { focus-window-or-workspace-down; } + Mod+Up { focus-window-or-workspace-up; } + Mod+Right { focus-column-right; } + Mod+H { focus-column-left; } + Mod+L { focus-column-right; } + Mod+J { focus-window-or-workspace-down; } + Mod+K { focus-window-or-workspace-up; } + Mod+Ctrl+Left { move-column-left; } + Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } + Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } + Mod+Ctrl+Right { move-column-right; } + Mod+Ctrl+H { move-column-left; } + Mod+Ctrl+J { move-window-down-or-to-workspace-down; } + Mod+Ctrl+K { move-window-up-or-to-workspace-up; } + Mod+Ctrl+L { move-column-right; } + Mod+Home { focus-column-first; } + Mod+End { focus-column-last; } + Mod+Ctrl+Home { move-column-to-first; } + Mod+Ctrl+End { move-column-to-last; } + Mod+Alt+Left { focus-monitor-left; } + Mod+Alt+Down { focus-monitor-down; } + Mod+Alt+Up { focus-monitor-up; } + Mod+Alt+Right { focus-monitor-right; } + Mod+Alt+H { focus-monitor-left; } + Mod+Alt+J { focus-monitor-down; } + Mod+Alt+K { focus-monitor-up; } + Mod+Alt+L { focus-monitor-right; } + Mod+Alt+Ctrl+Left { move-column-to-monitor-left; } + Mod+Alt+Ctrl+Down { move-column-to-monitor-down; } + Mod+Alt+Ctrl+Up { move-column-to-monitor-up; } + Mod+Alt+Ctrl+Right { move-column-to-monitor-right; } + Mod+Alt+Ctrl+H { move-column-to-monitor-left; } + Mod+Alt+Ctrl+J { move-column-to-monitor-down; } + Mod+Alt+Ctrl+K { move-column-to-monitor-up; } + Mod+Alt+Ctrl+L { move-column-to-monitor-right; } + Mod+Ctrl+U { move-workspace-down; } + Mod+Ctrl+I { move-workspace-up; } + Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; } + Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; } + Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; } + Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; } + Mod+Shift+WheelScrollDown { focus-column-right; } + Mod+Shift+WheelScrollUp { focus-column-left; } + Mod+Ctrl+Shift+WheelScrollDown { move-column-right; } + Mod+Ctrl+Shift+WheelScrollUp { move-column-left; } + Mod+BracketLeft { consume-or-expel-window-left; } + Mod+BracketRight { consume-or-expel-window-right; } + Mod+Comma { consume-window-into-column; } + Mod+Period { expel-window-from-column; } + Mod+R { switch-preset-column-width; } + Mod+F { maximize-column; } + Mod+Ctrl+F { fullscreen-window; } + Mod+C { center-visible-columns; } + Mod+Ctrl+C { center-column; } + Mod+Space { toggle-window-floating; } + Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; } + Mod+T { toggle-column-tabbed-display; } + Print { screenshot-screen; } + Mod+Print { screenshot; } + Ctrl+Print { screenshot-window; } + Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } + Mod+Alt+E { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } + Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } + Mod+Ctrl+P { power-off-monitors; } + } + ''; + }; + }; } diff --git a/aspects/desktop/nix.nix b/aspects/desktop/nix.nix deleted file mode 100644 index 3a9e71e..0000000 --- a/aspects/desktop/nix.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ inputs, ... }: -{ - flake.modules.nixos.desktop-nix = - { - config, - lib, - pkgs, - ... - }: - { - environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; - - nix = { - registry.nixpkgs.flake = inputs.nixpkgs; - nixPath = [ - "nixpkgs=${inputs.nixpkgs}" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - }; - }; -} diff --git a/aspects/desktop/services.nix b/aspects/desktop/services.nix deleted file mode 100644 index eb9482a..0000000 --- a/aspects/desktop/services.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ ... }: -{ - flake.modules.nixos.desktop-services = - { - config, - lib, - pkgs, - ... - }: - { - services = { - printing.enable = true; - udev.packages = with pkgs; [ yubikey-personalization ]; - keyd = { - enable = true; - keyboards.all = { - ids = [ "*" ]; - settings.main.capslock = "overload(meta, esc)"; - }; - }; - }; - }; -} diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix index 6163244..6944555 100644 --- a/aspects/hosts/io.nix +++ b/aspects/hosts/io.nix @@ -22,23 +22,19 @@ # system aspects base cli + desktop # user aspects user root - # Desktop aspects - desktop-boot - desktop-desktop - desktop-nix - desktop-services - # Other aspects ai bluetooth dev libvirtd networkmanager + niri podman ]); }; diff --git a/aspects/hosts/rotterdam.nix b/aspects/hosts/rotterdam.nix index 77ffe54..ad4192e 100644 --- a/aspects/hosts/rotterdam.nix +++ b/aspects/hosts/rotterdam.nix @@ -22,28 +22,24 @@ # system aspects base cli + desktop # user aspects user root - # Desktop aspects - desktop-boot - desktop-desktop - desktop-nix - desktop-services - # Other aspects based on tags ai bluetooth dev fwupd - gaming-steam - gaming-hardware gaming-flatpak + gaming-hardware gaming-launchers + gaming-steam libvirtd networkmanager + niri podman ]); }; diff --git a/aspects/programs/graphics.nix b/aspects/programs/graphics.nix index 4b7a16b..7d1ed6d 100644 --- a/aspects/programs/graphics.nix +++ b/aspects/programs/graphics.nix @@ -1,7 +1,7 @@ { ... }: { - flake.modules.nixos.programs-graphics = + flake.modules.nixos.graphics = { pkgs, ... }: { environment.systemPackages = with pkgs; [ diff --git a/aspects/programs/media.nix b/aspects/programs/media.nix index 7daaa87..ed6a767 100644 --- a/aspects/programs/media.nix +++ b/aspects/programs/media.nix @@ -2,7 +2,7 @@ { flake.modules = { - nixos.programs-media = + nixos.media = { pkgs, ... }: { environment.systemPackages = with pkgs; [ diff --git a/aspects/programs/office.nix b/aspects/programs/office.nix index c3349f3..fe41d1d 100644 --- a/aspects/programs/office.nix +++ b/aspects/programs/office.nix @@ -1,7 +1,7 @@ { ... }: { - flake.modules.nixos.programs-office = + flake.modules.nixos.office = { pkgs, ... }: { environment.systemPackages = with pkgs; [ diff --git a/aspects/programs/utilities.nix b/aspects/programs/utilities.nix deleted file mode 100644 index 4a207af..0000000 --- a/aspects/programs/utilities.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ ... }: - -{ - flake.modules = { - nixos.programs-utilities = - { pkgs, ... }: - { - environment.systemPackages = with pkgs; [ - ghostty - gnome-disk-utility - mission-center - nautilus - p7zip - rclone - unrar - # Desktop Integration - adwaita-icon-theme - junction - libfido2 - toggleaudiosink - # Xwayland Support - xwayland-satellite - ]; - - services.flatpak.packages = [ - "com.github.tchx84.Flatseal" - "com.rustdesk.RustDesk" - ]; - }; - - homeManager.programs-utilities = - { pkgs, ... }: - { - programs = { - ghostty = { - enable = true; - settings = { - cursor-style = "block"; - shell-integration-features = "no-cursor"; - cursor-style-blink = false; - custom-shader = "${builtins.fetchurl { - url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; - sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; - }}"; - bell-features = ""; - gtk-titlebar-style = "tabs"; - keybind = [ "shift+enter=text:\\x1b\\r" ]; - }; - }; - - password-store = { - enable = true; - package = pkgs.pass-wayland; - }; - }; - - home.sessionVariables = { - TERMINAL = "ghostty"; - }; - }; - }; -} diff --git a/aspects/programs/web.nix b/aspects/programs/web.nix index a11ca57..f661218 100644 --- a/aspects/programs/web.nix +++ b/aspects/programs/web.nix @@ -1,7 +1,7 @@ { ... }: { - flake.modules.nixos.programs-web = + flake.modules.nixos.web = { inputs, pkgs, diff --git a/aspects/users/_user/git.nix b/aspects/users/_user/git.nix index 9c1fb20..40a5714 100644 --- a/aspects/users/_user/git.nix +++ b/aspects/users/_user/git.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ ... }: { programs = { From 7815017528fca3e0addb848dbf64d8858f4ed0cb Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 16:36:06 -0300 Subject: [PATCH 178/206] rework system, programs, desktop, cli and base aspects --- aspects/{shell => base}/bash.nix | 2 +- aspects/base/fish.nix | 47 +++++++++++++++++++ aspects/{programs => desktop}/graphics.nix | 0 aspects/{programs => desktop}/media.nix | 0 aspects/{programs => desktop}/office.nix | 0 aspects/{programs => desktop}/web.nix | 0 aspects/server/boot.nix | 14 ------ aspects/server/tailscale.nix | 22 --------- aspects/shell/fish.nix | 40 ---------------- aspects/{base => systems}/base.nix | 8 +--- aspects/{cli => systems}/cli.nix | 0 aspects/{desktop => systems}/desktop.nix | 0 .../{server/nix.nix => systems/server.nix} | 18 ++++++- 13 files changed, 66 insertions(+), 85 deletions(-) rename aspects/{shell => base}/bash.nix (82%) create mode 100644 aspects/base/fish.nix rename aspects/{programs => desktop}/graphics.nix (100%) rename aspects/{programs => desktop}/media.nix (100%) rename aspects/{programs => desktop}/office.nix (100%) rename aspects/{programs => desktop}/web.nix (100%) delete mode 100644 aspects/server/boot.nix delete mode 100644 aspects/server/tailscale.nix delete mode 100644 aspects/shell/fish.nix rename aspects/{base => systems}/base.nix (87%) rename aspects/{cli => systems}/cli.nix (100%) rename aspects/{desktop => systems}/desktop.nix (100%) rename aspects/{server/nix.nix => systems/server.nix} (51%) diff --git a/aspects/shell/bash.nix b/aspects/base/bash.nix similarity index 82% rename from aspects/shell/bash.nix rename to aspects/base/bash.nix index e451148..6ba97ef 100644 --- a/aspects/shell/bash.nix +++ b/aspects/base/bash.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.homeManager.shell-bash = + flake.modules.homeManager.bash = { config, lib, diff --git a/aspects/base/fish.nix b/aspects/base/fish.nix new file mode 100644 index 0000000..8ed326a --- /dev/null +++ b/aspects/base/fish.nix @@ -0,0 +1,47 @@ +{ ... }: +{ + flake.modules = { + nixos.fish = + { ... }: + { + programs.fish.enable = true; + }; + homeManager.fish = + { + config, + lib, + pkgs, + ... + }: + { + programs.fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + ${lib.getExe pkgs.nix-your-shell} fish | source + ''; + loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; + plugins = [ + { + name = "bang-bang"; + src = pkgs.fetchFromGitHub { + owner = "oh-my-fish"; + repo = "plugin-bang-bang"; + rev = "f969c618301163273d0a03d002614d9a81952c1e"; + sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; + }; + } + { + name = "z"; + src = pkgs.fetchFromGitHub { + owner = "jethrokuan"; + repo = "z"; + rev = "067e867debee59aee231e789fc4631f80fa5788e"; + sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU="; + }; + } + ]; + }; + }; + }; +} diff --git a/aspects/programs/graphics.nix b/aspects/desktop/graphics.nix similarity index 100% rename from aspects/programs/graphics.nix rename to aspects/desktop/graphics.nix diff --git a/aspects/programs/media.nix b/aspects/desktop/media.nix similarity index 100% rename from aspects/programs/media.nix rename to aspects/desktop/media.nix diff --git a/aspects/programs/office.nix b/aspects/desktop/office.nix similarity index 100% rename from aspects/programs/office.nix rename to aspects/desktop/office.nix diff --git a/aspects/programs/web.nix b/aspects/desktop/web.nix similarity index 100% rename from aspects/programs/web.nix rename to aspects/desktop/web.nix diff --git a/aspects/server/boot.nix b/aspects/server/boot.nix deleted file mode 100644 index 38634d1..0000000 --- a/aspects/server/boot.nix +++ /dev/null @@ -1,14 +0,0 @@ -# aspects/server/boot.nix -{ ... }: -{ - flake.modules.nixos.server-boot = - { - config, - lib, - pkgs, - ... - }: - { - boot.kernelPackages = pkgs.linuxPackages_hardened; - }; -} diff --git a/aspects/server/tailscale.nix b/aspects/server/tailscale.nix deleted file mode 100644 index cf2fa4b..0000000 --- a/aspects/server/tailscale.nix +++ /dev/null @@ -1,22 +0,0 @@ -# aspects/server/tailscale.nix -{ ... }: -{ - flake.modules.nixos.server-tailscale = - { - config, - lib, - pkgs, - ... - }: - { - services.tailscale = { - extraSetFlags = [ "--advertise-exit-node" ]; - useRoutingFeatures = "server"; - }; - - boot.kernel.sysctl = { - "net.ipv4.ip_forward" = 1; - "net.ipv6.conf.all.forwarding" = 1; - }; - }; -} diff --git a/aspects/shell/fish.nix b/aspects/shell/fish.nix deleted file mode 100644 index 22c0f5c..0000000 --- a/aspects/shell/fish.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ ... }: -{ - flake.modules.homeManager.shell-fish = - { - config, - lib, - pkgs, - ... - }: - { - programs.fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - ${lib.getExe pkgs.nix-your-shell} fish | source - ''; - loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; - plugins = [ - { - name = "bang-bang"; - src = pkgs.fetchFromGitHub { - owner = "oh-my-fish"; - repo = "plugin-bang-bang"; - rev = "f969c618301163273d0a03d002614d9a81952c1e"; - sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; - }; - } - { - name = "z"; - src = pkgs.fetchFromGitHub { - owner = "jethrokuan"; - repo = "z"; - rev = "067e867debee59aee231e789fc4631f80fa5788e"; - sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU="; - }; - } - ]; - }; - }; -} diff --git a/aspects/base/base.nix b/aspects/systems/base.nix similarity index 87% rename from aspects/base/base.nix rename to aspects/systems/base.nix index 08841b2..5fef6b9 100644 --- a/aspects/base/base.nix +++ b/aspects/systems/base.nix @@ -7,6 +7,7 @@ boot console firewall + fish locale nix security @@ -28,12 +29,7 @@ }; }; - programs = { - command-not-found.enable = false; - fish = { - enable = true; - }; - }; + programs.command-not-found.enable = false; services = { dbus.implementation = "broker"; diff --git a/aspects/cli/cli.nix b/aspects/systems/cli.nix similarity index 100% rename from aspects/cli/cli.nix rename to aspects/systems/cli.nix diff --git a/aspects/desktop/desktop.nix b/aspects/systems/desktop.nix similarity index 100% rename from aspects/desktop/desktop.nix rename to aspects/systems/desktop.nix diff --git a/aspects/server/nix.nix b/aspects/systems/server.nix similarity index 51% rename from aspects/server/nix.nix rename to aspects/systems/server.nix index 1cb8e8b..c3c24f0 100644 --- a/aspects/server/nix.nix +++ b/aspects/systems/server.nix @@ -1,7 +1,7 @@ -# aspects/server/nix.nix { inputs, ... }: + { - flake.modules.nixos.server-nix = + flake.modules.nixos.server = { config, lib, @@ -9,6 +9,14 @@ ... }: { + boot = { + kernelPackages = pkgs.linuxPackages_hardened; + kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + }; + }; + environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; nix = { @@ -18,5 +26,11 @@ "/nix/var/nix/profiles/per-user/root/channels" ]; }; + + services.tailscale = { + extraSetFlags = [ "--advertise-exit-node" ]; + useRoutingFeatures = "server"; + }; + }; } From 755937cb56f26b90e4a551de9b20e26ec72f948d Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 16:45:33 -0300 Subject: [PATCH 179/206] rework user aspect --- aspects/users/user.nix | 82 ++++++++++++------------------------------ 1 file changed, 23 insertions(+), 59 deletions(-) diff --git a/aspects/users/user.nix b/aspects/users/user.nix index ad1b8ca..ca74e8d 100644 --- a/aspects/users/user.nix +++ b/aspects/users/user.nix @@ -1,4 +1,4 @@ -{ inputs, self, ... }: +{ inputs, lib, ... }: { flake = { @@ -30,37 +30,6 @@ }; modules = [ { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - - # CLI aspects (common module included) - inputs.self.modules.homeManager.cli-base - inputs.self.modules.homeManager.cli-btop - inputs.self.modules.homeManager.cli-comma - inputs.self.modules.homeManager.cli-direnv - inputs.self.modules.homeManager.cli-helix - inputs.self.modules.homeManager.cli-starship - inputs.self.modules.homeManager.cli-tmux - - # Shell - inputs.self.modules.homeManager.shell-fish - inputs.self.modules.homeManager.shell-bash - - # Desktop - inputs.self.modules.homeManager.desktop-desktop - inputs.self.modules.homeManager.desktop-niri - - # Gaming - inputs.self.modules.homeManager.gaming-mangohud - - # Programs - inputs.self.modules.homeManager.programs-media # for obs-studio - - # Stylix - inputs.self.modules.homeManager.stylix - - # User-specific (from _user/) - ./_user/git.nix - - # Home configuration { home = { username = "user"; @@ -68,7 +37,17 @@ stateVersion = "22.05"; }; } - ]; + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) + ] + ++ (with inputs.self.modules.homeManager; [ + base # base aspect + cli # cli aspect + desktop # desktop aspect + + # other aspect + stylix + niri + ]); }; "user@io" = inputs.home-manager.lib.homeManagerConfiguration { @@ -79,31 +58,6 @@ }; modules = [ { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - - # CLI aspects (common module included) - inputs.self.modules.homeManager.cli-base - inputs.self.modules.homeManager.cli-btop - inputs.self.modules.homeManager.cli-comma - inputs.self.modules.homeManager.cli-direnv - inputs.self.modules.homeManager.cli-helix - inputs.self.modules.homeManager.cli-starship - inputs.self.modules.homeManager.cli-tmux - - # Shell - inputs.self.modules.homeManager.shell-fish - inputs.self.modules.homeManager.shell-bash - - # Desktop - inputs.self.modules.homeManager.desktop-desktop - inputs.self.modules.homeManager.desktop-niri - - # Stylix - inputs.self.modules.homeManager.stylix - - # User-specific (from _user/) - ./_user/git.nix - - # Home configuration { home = { username = "user"; @@ -111,7 +65,17 @@ stateVersion = "22.05"; }; } - ]; + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) + ] + ++ (with inputs.self.modules.homeManager; [ + base # base aspect + cli # cli aspect + desktop # desktop aspect + + # other aspect + stylix + niri + ]); }; }; }; From 0ce2d3b9479f496ba014ad12d6b8c2e8043b1319 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 17:02:56 -0300 Subject: [PATCH 180/206] reworked other aspects --- aspects/ai.nix | 2 +- aspects/bluetooth.nix | 5 ++++- aspects/desktop/office.nix | 1 + aspects/dev.nix | 3 --- aspects/stylix.nix | 15 ++------------- 5 files changed, 8 insertions(+), 18 deletions(-) diff --git a/aspects/ai.nix b/aspects/ai.nix index f67bbbc..3431ddd 100644 --- a/aspects/ai.nix +++ b/aspects/ai.nix @@ -4,7 +4,7 @@ { inputs, pkgs, ... }: { environment.systemPackages = - (with pkgs; [ claude-desktop ]) + (with pkgs; [ ]) ++ (with inputs.nix-ai-tools.packages.${pkgs.system}; [ claude-code claudebox diff --git a/aspects/bluetooth.nix b/aspects/bluetooth.nix index 2027ac1..6c7b2d8 100644 --- a/aspects/bluetooth.nix +++ b/aspects/bluetooth.nix @@ -8,6 +8,9 @@ ... }: { - hardware.bluetooth.enable = true; + hardware.bluetooth = { + enable = true; + powerOnBoot = false; + }; }; } diff --git a/aspects/desktop/office.nix b/aspects/desktop/office.nix index fe41d1d..68d958a 100644 --- a/aspects/desktop/office.nix +++ b/aspects/desktop/office.nix @@ -10,6 +10,7 @@ aspellDicts.en aspellDicts.en-computers aspellDicts.pt_BR + glow papers presenterm rnote diff --git a/aspects/dev.nix b/aspects/dev.nix index 89a1026..afe9edc 100644 --- a/aspects/dev.nix +++ b/aspects/dev.nix @@ -10,14 +10,11 @@ { environment.systemPackages = with pkgs; [ android-tools - bat lazygit fd fzf - glow nixfmt nix-init - nix-output-monitor ripgrep ]; diff --git a/aspects/stylix.nix b/aspects/stylix.nix index ec3fd42..f7eb9fa 100644 --- a/aspects/stylix.nix +++ b/aspects/stylix.nix @@ -1,4 +1,5 @@ { ... }: + { flake.modules = { nixos.stylix = @@ -15,10 +16,7 @@ ... }: { - imports = [ - inputs.stylix.homeModules.stylix - inputs.zen-browser.homeModules.beta - ]; + imports = [ inputs.stylix.homeModules.stylix ]; stylix = { enable = true; @@ -65,15 +63,6 @@ terminal = 12; }; }; - targets.zen-browser = { - enable = true; - profileNames = [ "william" ]; - }; - }; - - programs.zen-browser = { - enable = true; - profiles.william = { }; }; }; }; From 1075c256f85a5ad19bf443aad8a9f3001ebe3c95 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 17:17:29 -0300 Subject: [PATCH 181/206] rework gaming aspect --- aspects/gaming/flatpak.nix | 25 ------------------- aspects/gaming/hardware.nix | 13 ---------- aspects/gaming/launchers.nix | 13 ---------- aspects/gaming/mangohud.nix | 4 +-- aspects/gaming/steam.nix | 7 +++++- aspects/hosts/alexandria.nix | 8 ++---- aspects/hosts/rotterdam.nix | 7 ++---- aspects/hosts/trantor.nix | 6 +---- aspects/systems/cli.nix | 2 +- aspects/systems/gaming.nix | 48 ++++++++++++++++++++++++++++++++++++ aspects/users/user.nix | 17 +++++++------ 11 files changed, 72 insertions(+), 78 deletions(-) delete mode 100644 aspects/gaming/flatpak.nix delete mode 100644 aspects/gaming/hardware.nix delete mode 100644 aspects/gaming/launchers.nix create mode 100644 aspects/systems/gaming.nix diff --git a/aspects/gaming/flatpak.nix b/aspects/gaming/flatpak.nix deleted file mode 100644 index cc4d0ee..0000000 --- a/aspects/gaming/flatpak.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ ... }: - -{ - flake.modules.nixos.gaming-flatpak = - { pkgs, ... }: - { - services.flatpak.packages = [ - "com.github.k4zmu2a.spacecadetpinball" - "com.steamgriddb.SGDBoop" - "io.github.Foldex.AdwSteamGtk" - "io.itch.itch" - "io.mrarm.mcpelauncher" - "net.retrodeck.retrodeck" - "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08" - rec { - appId = "com.hypixel.HytaleLauncher"; - sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv"; - bundle = "${pkgs.fetchurl { - url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak"; - inherit sha256; - }}"; - } - ]; - }; -} diff --git a/aspects/gaming/hardware.nix b/aspects/gaming/hardware.nix deleted file mode 100644 index e3b5c4b..0000000 --- a/aspects/gaming/hardware.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: - -{ - flake.modules.nixos.gaming-hardware = - { ... }: - { - hardware = { - xpadneo.enable = true; - steam-hardware.enable = true; # Allow steam client to manage controllers - graphics.enable32Bit = true; # For OpenGL games - }; - }; -} diff --git a/aspects/gaming/launchers.nix b/aspects/gaming/launchers.nix deleted file mode 100644 index 1fd3bb4..0000000 --- a/aspects/gaming/launchers.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: - -{ - flake.modules.nixos.gaming-launchers = - { pkgs, ... }: - { - environment.systemPackages = with pkgs; [ - clonehero - heroic - prismlauncher - ]; - }; -} diff --git a/aspects/gaming/mangohud.nix b/aspects/gaming/mangohud.nix index 2856b8f..14a3df6 100644 --- a/aspects/gaming/mangohud.nix +++ b/aspects/gaming/mangohud.nix @@ -2,7 +2,7 @@ { flake.modules = { - nixos.gaming-mangohud = + nixos.mangohud = { pkgs, ... }: { environment.systemPackages = with pkgs; [ @@ -10,7 +10,7 @@ ]; }; - homeManager.gaming-mangohud = + homeManager.mangohud = { config, ... }: { programs.mangohud = { diff --git a/aspects/gaming/steam.nix b/aspects/gaming/steam.nix index 530c99b..a10d0e4 100644 --- a/aspects/gaming/steam.nix +++ b/aspects/gaming/steam.nix @@ -1,7 +1,7 @@ { ... }: { - flake.modules.nixos.gaming-steam = + flake.modules.nixos.steam = { pkgs, ... }: { environment.systemPackages = with pkgs; [ @@ -15,5 +15,10 @@ }; gamemode.enable = true; }; + + services.flatpak.packages = [ + "com.steamgriddb.SGDBoop" + "io.github.Foldex.AdwSteamGtk" + ]; }; } diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index d05639d..57fdf5f 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -19,17 +19,13 @@ # system aspects base cli + server # user aspects user root - # Server aspects - server-boot - server-nix - server-tailscale - - # Other aspects + # other aspects fwupd ]); }; diff --git a/aspects/hosts/rotterdam.nix b/aspects/hosts/rotterdam.nix index ad4192e..1c177e4 100644 --- a/aspects/hosts/rotterdam.nix +++ b/aspects/hosts/rotterdam.nix @@ -23,20 +23,17 @@ base cli desktop + gaming # user aspects user root - # Other aspects based on tags + # other aspects ai bluetooth dev fwupd - gaming-flatpak - gaming-hardware - gaming-launchers - gaming-steam libvirtd networkmanager niri diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix index e7934ab..076672c 100644 --- a/aspects/hosts/trantor.nix +++ b/aspects/hosts/trantor.nix @@ -21,15 +21,11 @@ # system aspects base cli + server # user aspects user root - - # Server aspects - server-boot - server-nix - server-tailscale ]); }; } diff --git a/aspects/systems/cli.nix b/aspects/systems/cli.nix index 1d379e8..2b95f0e 100644 --- a/aspects/systems/cli.nix +++ b/aspects/systems/cli.nix @@ -19,7 +19,7 @@ homeManager.cli = { ... }: { - imports = with inputs.self.modules.nixos; [ + imports = with inputs.self.modules.homeManager; [ btop comma direnv diff --git a/aspects/systems/gaming.nix b/aspects/systems/gaming.nix new file mode 100644 index 0000000..e73a6fe --- /dev/null +++ b/aspects/systems/gaming.nix @@ -0,0 +1,48 @@ +{ inputs, ... }: + +{ + flake.modules = { + nixos.gaming = + { pkgs, ... }: + { + imports = with inputs.self.modules.nixos; [ + mangohud + steam + ]; + hardware = { + xpadneo.enable = true; + steam-hardware.enable = true; # Allow steam client to manage controllers + graphics.enable32Bit = true; # For OpenGL games + }; + + services.flatpak.packages = [ + "com.github.k4zmu2a.spacecadetpinball" + "io.itch.itch" + "io.mrarm.mcpelauncher" + "net.retrodeck.retrodeck" + "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08" + rec { + appId = "com.hypixel.HytaleLauncher"; + sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv"; + bundle = "${pkgs.fetchurl { + url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak"; + inherit sha256; + }}"; + } + ]; + + environment.systemPackages = with pkgs; [ + clonehero + heroic + prismlauncher + ]; + }; + homeManager.gaming = + { ... }: + { + imports = with inputs.self.modules.homeManager; [ + mangohud + ]; + }; + }; +} diff --git a/aspects/users/user.nix b/aspects/users/user.nix index ca74e8d..e37c038 100644 --- a/aspects/users/user.nix +++ b/aspects/users/user.nix @@ -40,11 +40,13 @@ ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) ] ++ (with inputs.self.modules.homeManager; [ - base # base aspect - cli # cli aspect - desktop # desktop aspect + # system aspects + base + cli + desktop + gaming - # other aspect + # other aspects stylix niri ]); @@ -68,9 +70,10 @@ ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) ] ++ (with inputs.self.modules.homeManager; [ - base # base aspect - cli # cli aspect - desktop # desktop aspect + # system aspects + base + cli + desktop # other aspect stylix From 472aabee2a655f3ab3e69a753fd19a8401398a0f Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 17:32:03 -0300 Subject: [PATCH 182/206] finalise dendritic migration --- aspects/desktop/media.nix | 2 +- aspects/systems/base.nix | 83 +++++++++++++++++++++---------------- aspects/systems/desktop.nix | 5 ++- 3 files changed, 52 insertions(+), 38 deletions(-) diff --git a/aspects/desktop/media.nix b/aspects/desktop/media.nix index ed6a767..7543c0a 100644 --- a/aspects/desktop/media.nix +++ b/aspects/desktop/media.nix @@ -13,7 +13,7 @@ ]; }; - homeManager.programs-media = + homeManager.media = { pkgs, ... }: { programs.obs-studio = { diff --git a/aspects/systems/base.nix b/aspects/systems/base.nix index 5fef6b9..fdfc525 100644 --- a/aspects/systems/base.nix +++ b/aspects/systems/base.nix @@ -1,44 +1,55 @@ { inputs, ... }: { - flake.modules.nixos.base = - { lib, pkgs, ... }: - { - imports = with inputs.self.modules.nixos; [ - boot - console - firewall - fish - locale - nix - security - ssh - ]; - environment = { - systemPackages = with pkgs; [ - git - fastfetch - nixos-firewall-tool - sysz - wget - yazi + flake.modules = { + nixos.base = + { lib, pkgs, ... }: + { + imports = with inputs.self.modules.nixos; [ + boot + console + firewall + fish + locale + nix + security + ssh ]; - shellAliases = { - cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; - ls = "${lib.getExe pkgs.eza} --git --icons --group-directories-first"; - tree = "ls --tree"; + environment = { + systemPackages = with pkgs; [ + git + fastfetch + nixos-firewall-tool + sysz + wget + yazi + ]; + shellAliases = { + cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; + ls = "${lib.getExe pkgs.eza} --git --icons --group-directories-first"; + tree = "ls --tree"; + }; + }; + + programs.command-not-found.enable = false; + + services = { + dbus.implementation = "broker"; + irqbalance.enable = true; + fstrim.enable = true; + tailscale = { + enable = true; + extraUpFlags = [ "--operator=user" ]; + }; }; }; - programs.command-not-found.enable = false; - - services = { - dbus.implementation = "broker"; - irqbalance.enable = true; - fstrim.enable = true; - tailscale = { - enable = true; - extraUpFlags = [ "--operator=user" ]; - }; + homeManager.base = + { ... }: + { + imports = with inputs.self.modules.homeManager; [ + bash + fish + ]; }; - }; + }; } diff --git a/aspects/systems/desktop.nix b/aspects/systems/desktop.nix index 39fd0e0..fb3aa1b 100644 --- a/aspects/systems/desktop.nix +++ b/aspects/systems/desktop.nix @@ -158,7 +158,10 @@ ... }: { - imports = [ inputs.vicinae.homeManagerModules.default ]; + imports = [ + inputs.vicinae.homeManagerModules.default + ] + ++ (with inputs.self.modules.homeManager; [ media ]); fonts.fontconfig.enable = true; From 8b3ab52435811d954744695fcfd1b7dd4dabfda1 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 17:36:28 -0300 Subject: [PATCH 183/206] moved home manager user configuration to dedicated files --- aspects/users/user.nix | 97 ++++++-------------------------- aspects/users/user_io.nix | 32 +++++++++++ aspects/users/user_rotterdam.nix | 35 ++++++++++++ 3 files changed, 84 insertions(+), 80 deletions(-) create mode 100644 aspects/users/user_io.nix create mode 100644 aspects/users/user_rotterdam.nix diff --git a/aspects/users/user.nix b/aspects/users/user.nix index e37c038..e3f8530 100644 --- a/aspects/users/user.nix +++ b/aspects/users/user.nix @@ -1,85 +1,22 @@ -{ inputs, lib, ... }: +{ ... }: { - flake = { - modules.nixos.user = - { pkgs, ... }: - { - users.users.user = { - isNormalUser = true; - shell = pkgs.fish; - extraGroups = [ - "networkmanager" - "wheel" - ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" - ]; - hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; - }; - }; - - homeConfigurations = { - "user@rotterdam" = inputs.home-manager.lib.homeManagerConfiguration { - pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = { - inherit inputs; - hostname = "rotterdam"; - }; - modules = [ - { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - { - home = { - username = "user"; - homeDirectory = "/home/user"; - stateVersion = "22.05"; - }; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) - ] - ++ (with inputs.self.modules.homeManager; [ - # system aspects - base - cli - desktop - gaming - - # other aspects - stylix - niri - ]); - }; - - "user@io" = inputs.home-manager.lib.homeManagerConfiguration { - pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = { - inherit inputs; - hostname = "io"; - }; - modules = [ - { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - { - home = { - username = "user"; - homeDirectory = "/home/user"; - stateVersion = "22.05"; - }; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) - ] - ++ (with inputs.self.modules.homeManager; [ - # system aspects - base - cli - desktop - - # other aspect - stylix - niri - ]); + flake.modules.nixos.user = + { pkgs, ... }: + { + users.users.user = { + isNormalUser = true; + shell = pkgs.fish; + extraGroups = [ + "networkmanager" + "wheel" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + ]; + hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; }; }; - }; } diff --git a/aspects/users/user_io.nix b/aspects/users/user_io.nix new file mode 100644 index 0000000..c956b1c --- /dev/null +++ b/aspects/users/user_io.nix @@ -0,0 +1,32 @@ +{ inputs, lib, ... }: + +{ + flake."user@io" = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { + inherit inputs; + hostname = "io"; + }; + modules = [ + { nixpkgs.overlays = [ inputs.self.overlays.default ]; } + { + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + }; + } + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) + ] + ++ (with inputs.self.modules.homeManager; [ + # system aspects + base + cli + desktop + + # other aspect + stylix + niri + ]); + }; +} diff --git a/aspects/users/user_rotterdam.nix b/aspects/users/user_rotterdam.nix new file mode 100644 index 0000000..56b2dc1 --- /dev/null +++ b/aspects/users/user_rotterdam.nix @@ -0,0 +1,35 @@ +{ inputs, lib, ... }: + +{ + flake.homeConfigurations = { + "user@rotterdam" = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { + inherit inputs; + hostname = "rotterdam"; + }; + modules = [ + { nixpkgs.overlays = [ inputs.self.overlays.default ]; } + { + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + }; + } + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) + ] + ++ (with inputs.self.modules.homeManager; [ + # system aspects + base + cli + desktop + gaming + + # other aspects + stylix + niri + ]); + }; + }; +} From 8ab3f6e2c82974f0842362c85dc2dc40f9fb3f70 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 18:11:28 -0300 Subject: [PATCH 184/206] no more niri-flake --- aspects/base/nix.nix | 5 +- aspects/desktop/niri.nix | 40 +++--- aspects/desktop/web.nix | 3 +- flake.lock | 268 +++++++-------------------------------- flake.nix | 4 - 5 files changed, 66 insertions(+), 254 deletions(-) diff --git a/aspects/base/nix.nix b/aspects/base/nix.nix index 16397a9..8d44d54 100644 --- a/aspects/base/nix.nix +++ b/aspects/base/nix.nix @@ -33,7 +33,10 @@ config = { use_nvd = true; ignore_dirty_tree = true; - apply.reexec_as_root = true; + apply = { + reexec_as_root = true; + use_nom = true; + }; confirmation.empty = "default-yes"; }; }; diff --git a/aspects/desktop/niri.nix b/aspects/desktop/niri.nix index adb3f80..9c87723 100644 --- a/aspects/desktop/niri.nix +++ b/aspects/desktop/niri.nix @@ -1,4 +1,4 @@ -{ inputs, ... }: +{ ... }: { flake.modules = { nixos.niri = @@ -9,18 +9,11 @@ ... }: { - imports = [ inputs.niri-flake.nixosModules.niri ]; - services.greetd.settings = { default_session.command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; }; programs.niri.enable = true; - - xdg.portal.config.niri.default = [ - "gtk" - "gnome" - ]; }; homeManager.niri = { @@ -88,26 +81,27 @@ focus-follows-mouse } + output "LG Electronics LG ULTRAWIDE 206AZFM5E459" { + layout { + preset-column-widths { + proportion 0.33333 + proportion 0.5 + proportion 0.66667 + } + default-column-width { proportion 0.33333; } + } + } + layout { gaps 8 center-focused-column "never" - auto-center-when-space-available + always-center-single-column + empty-workspace-above-first preset-column-widths { - ${ - if isRotterdam then - '' - proportion 0.33333 - proportion 0.5 - proportion 0.66667 - '' - else - '' - proportion 0.5 - proportion 1.0 - '' - } + proportion 0.5 + proportion 1.0 } - default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } + default-column-width { proportion 0.5; } focus-ring { off } diff --git a/aspects/desktop/web.nix b/aspects/desktop/web.nix index f661218..1e4ed1c 100644 --- a/aspects/desktop/web.nix +++ b/aspects/desktop/web.nix @@ -5,12 +5,11 @@ { inputs, pkgs, - system, ... }: { environment.systemPackages = with pkgs; [ - inputs.zen-browser.packages."${system}".default + inputs.zen-browser.packages."${pkgs.system}".default bitwarden-desktop fragments nextcloud-client diff --git a/flake.lock b/flake.lock index 8587eb2..20de064 100644 --- a/flake.lock +++ b/flake.lock @@ -432,86 +432,10 @@ "type": "github" } }, - "niri": { - "inputs": { - "nixpkgs": "nixpkgs_3", - "rust-overlay": "rust-overlay" - }, - "locked": { - "lastModified": 1760963745, - "narHash": "sha256-FVf9YFw2wQnMAxvMxEk+vFakXhPQUSapDpGmlLzAxjg=", - "owner": "baduhai", - "repo": "niri", - "rev": "dd3e3d1009991ecd87ab7253c9e7696acf2bc943", - "type": "github" - }, - "original": { - "owner": "baduhai", - "ref": "auto-center-when-space-available", - "repo": "niri", - "type": "github" - } - }, - "niri-flake": { - "inputs": { - "niri-stable": "niri-stable", - "niri-unstable": "niri-unstable", - "nixpkgs": "nixpkgs_4", - "nixpkgs-stable": "nixpkgs-stable", - "xwayland-satellite-stable": "xwayland-satellite-stable", - "xwayland-satellite-unstable": "xwayland-satellite-unstable" - }, - "locked": { - "lastModified": 1770844822, - "narHash": "sha256-QgJZ+W6YE6nAzO/m7ezamAzr9DTflIEXRozMivL0+hc=", - "owner": "sodiboo", - "repo": "niri-flake", - "rev": "7634add8bf2dd225d04f535de4bd0ee60982f367", - "type": "github" - }, - "original": { - "owner": "sodiboo", - "repo": "niri-flake", - "type": "github" - } - }, - "niri-stable": { - "flake": false, - "locked": { - "lastModified": 1756556321, - "narHash": "sha256-RLD89dfjN0RVO86C/Mot0T7aduCygPGaYbog566F0Qo=", - "owner": "YaLTeR", - "repo": "niri", - "rev": "01be0e65f4eb91a9cd624ac0b76aaeab765c7294", - "type": "github" - }, - "original": { - "owner": "YaLTeR", - "ref": "v25.08", - "repo": "niri", - "type": "github" - } - }, - "niri-unstable": { - "flake": false, - "locked": { - "lastModified": 1770735554, - "narHash": "sha256-8GzUa8bCyQ688jYW2waXrOqetTr7oV8UPTO2He+5Hsg=", - "owner": "YaLTeR", - "repo": "niri", - "rev": "41b5de87692b8262fbdbff7faab93f04ff0be453", - "type": "github" - }, - "original": { - "owner": "YaLTeR", - "repo": "niri", - "type": "github" - } - }, "nix-ai-tools": { "inputs": { "blueprint": "blueprint", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_3", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -568,7 +492,7 @@ "inputs": { "flake-compat": "flake-compat", "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_4", "optnix": "optnix" }, "locked": { @@ -632,22 +556,6 @@ } }, "nixpkgs-stable": { - "locked": { - "lastModified": 1770770419, - "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_2": { "locked": { "lastModified": 1770770419, "narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=", @@ -663,38 +571,6 @@ "type": "github" } }, - "nixpkgs_10": { - "locked": { - "lastModified": 1762111121, - "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { - "locked": { - "lastModified": 1769461804, - "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1768564909, @@ -712,38 +588,6 @@ } }, "nixpkgs_3": { - "locked": { - "lastModified": 1757967192, - "narHash": "sha256-/aA9A/OBmnuOMgwfzdsXRusqzUpd8rQnQY8jtrHK+To=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "0d7c15863b251a7a50265e57c1dca1a7add2e291", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1770562336, - "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { "locked": { "lastModified": 1770843696, "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=", @@ -759,7 +603,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_4": { "locked": { "lastModified": 1767151656, "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", @@ -775,7 +619,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_5": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -791,7 +635,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_6": { "locked": { "lastModified": 1770562336, "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", @@ -807,7 +651,7 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_7": { "locked": { "lastModified": 1767767207, "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", @@ -823,6 +667,38 @@ "type": "github" } }, + "nixpkgs_8": { + "locked": { + "lastModified": 1762111121, + "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_9": { + "locked": { + "lastModified": 1769461804, + "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "noctalia": { "inputs": { "nixpkgs": [ @@ -871,7 +747,7 @@ "optnix": { "inputs": { "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1765418479, @@ -895,14 +771,12 @@ "home-manager": "home-manager_2", "impermanence": "impermanence", "import-tree": "import-tree", - "niri": "niri", - "niri-flake": "niri-flake", "nix-ai-tools": "nix-ai-tools", "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_8", - "nixpkgs-stable": "nixpkgs-stable_2", + "nixpkgs": "nixpkgs_6", + "nixpkgs-stable": "nixpkgs-stable", "noctalia": "noctalia", "stylix": "stylix", "terranix": "terranix", @@ -910,27 +784,6 @@ "zen-browser": "zen-browser" } }, - "rust-overlay": { - "inputs": { - "nixpkgs": [ - "niri", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1757989933, - "narHash": "sha256-9cpKYWWPCFhgwQTww8S94rTXgg8Q8ydFv9fXM6I8xQM=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "8249aa3442fb9b45e615a35f39eca2fe5510d7c3", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, "stylix": { "inputs": { "base16": "base16", @@ -940,7 +793,7 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_3", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_7", "nur": "nur", "systems": "systems_3", "tinted-foot": "tinted-foot", @@ -1164,7 +1017,7 @@ }, "vicinae": { "inputs": { - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_8", "systems": "systems_5" }, "locked": { @@ -1181,43 +1034,10 @@ "type": "github" } }, - "xwayland-satellite-stable": { - "flake": false, - "locked": { - "lastModified": 1755491097, - "narHash": "sha256-m+9tUfsmBeF2Gn4HWa6vSITZ4Gz1eA1F5Kh62B0N4oE=", - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "rev": "388d291e82ffbc73be18169d39470f340707edaa", - "type": "github" - }, - "original": { - "owner": "Supreeeme", - "ref": "v0.7", - "repo": "xwayland-satellite", - "type": "github" - } - }, - "xwayland-satellite-unstable": { - "flake": false, - "locked": { - "lastModified": 1770583271, - "narHash": "sha256-Q75S8cEqJoZ92s1y4zArvk2U1ayAy2E4SaF7gbNXkYQ=", - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "rev": "86f5bd5d867ad6e120935dfe825f6b903ebbeddd", - "type": "github" - }, - "original": { - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "type": "github" - } - }, "zen-browser": { "inputs": { "home-manager": "home-manager_4", - "nixpkgs": "nixpkgs_11" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1771000521, diff --git a/flake.nix b/flake.nix index 6026fa3..2036828 100644 --- a/flake.nix +++ b/flake.nix @@ -26,7 +26,6 @@ stylix.url = "github:danth/stylix"; # nixos/hm program modules - niri-flake.url = "github:sodiboo/niri-flake"; nix-ai-tools.url = "github:numtide/llm-agents.nix"; nix-index-database = { url = "github:nix-community/nix-index-database"; @@ -44,9 +43,6 @@ url = "github:terranix/terranix"; inputs.nixpkgs.follows = "nixpkgs"; }; - - # others - niri.url = "github:baduhai/niri/auto-center-when-space-available"; }; outputs = From 71ec638573f13f6cbadd3d6e1e4d49d31fda92eb Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 20:05:34 -0300 Subject: [PATCH 185/206] fix ssh motd; add nvd and nom --- aspects/base/nix.nix | 7 ++++++- aspects/base/ssh.nix | 4 ++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/aspects/base/nix.nix b/aspects/base/nix.nix index 8d44d54..2442024 100644 --- a/aspects/base/nix.nix +++ b/aspects/base/nix.nix @@ -1,7 +1,7 @@ { ... }: { flake.modules.nixos.nix = - { inputs, ... }: + { inputs, pkgs, ... }: { imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; @@ -41,6 +41,11 @@ }; }; + environment.systemPackages = with pkgs; [ + nix-output-monitor + nvd + ]; + system.stateVersion = "22.11"; }; } diff --git a/aspects/base/ssh.nix b/aspects/base/ssh.nix index 03fa556..6569bf0 100644 --- a/aspects/base/ssh.nix +++ b/aspects/base/ssh.nix @@ -13,7 +13,7 @@ }; programs = { bash.interactiveShellInit = '' - if { [ -n "$SSH_CONNECTION" ] && [ -z "$IN_NIX_SHELL" ]; } || [ -z "$TMUX" ]; then + if [ -n "$SSH_CONNECTION" ] && [ -z "$IN_NIX_SHELL" ] && [ -z "$TMUX" ]; then export TERM=xterm-256color clear fastfetch @@ -21,7 +21,7 @@ ''; fish.interactiveShellInit = '' set fish_greeting - if set -q SSH_CONNECTION; and not set -q IN_NIX_SHELL; or not set -q TMUX + if set -q SSH_CONNECTION; and not set -q IN_NIX_SHELL; and not set -q TMUX export TERM=xterm-256color clear fastfetch From 91f37f90230a9a958d31781652944ce2d7e9414d Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 21:05:59 -0300 Subject: [PATCH 186/206] remove claude-desktop pkg --- packages/claude-desktop.nix | 216 ------------------------------------ 1 file changed, 216 deletions(-) delete mode 100644 packages/claude-desktop.nix diff --git a/packages/claude-desktop.nix b/packages/claude-desktop.nix deleted file mode 100644 index c21ec8e..0000000 --- a/packages/claude-desktop.nix +++ /dev/null @@ -1,216 +0,0 @@ -{ inputs, ... }: - -{ - perSystem = - { system, ... }: - let - pkgs = import inputs.nixpkgs { - inherit system; - config.allowUnfree = true; - }; - - pname = "claude-desktop"; - version = "1.0.1768"; - - srcs.x86_64-linux = pkgs.fetchurl { - url = "https://downloads.claude.ai/releases/win32/x64/1.0.1768/Claude-67d01376d0e9d08b328455f6db9e63b0d603506a.exe"; - hash = "sha256-x76Qav38ya3ObpWIq3dDowo79LgvVquMfaZeH8M1LUk=;"; - }; - - src = - srcs.${pkgs.stdenv.hostPlatform.system} - or (throw "Unsupported system: ${pkgs.stdenv.hostPlatform.system}"); - - claudeNativeStub = '' - // Stub implementation of claude-native using KeyboardKey enum values - const KeyboardKey = { - Backspace: 43, Tab: 280, Enter: 261, Shift: 272, Control: 61, Alt: 40, - CapsLock: 56, Escape: 85, Space: 276, PageUp: 251, PageDown: 250, - End: 83, Home: 154, LeftArrow: 175, UpArrow: 282, RightArrow: 262, - DownArrow: 81, Delete: 79, Meta: 187 - }; - Object.freeze(KeyboardKey); - module.exports = { - getWindowsVersion: () => "10.0.0", - setWindowEffect: () => {}, - removeWindowEffect: () => {}, - getIsMaximized: () => false, - flashFrame: () => {}, - clearFlashFrame: () => {}, - showNotification: () => {}, - setProgressBar: () => {}, - clearProgressBar: () => {}, - setOverlayIcon: () => {}, - clearOverlayIcon: () => {}, - KeyboardKey - }; - ''; - in - { - packages.claude-desktop = pkgs.stdenv.mkDerivation rec { - inherit pname version src; - - nativeBuildInputs = with pkgs; [ - makeWrapper - copyDesktopItems - p7zip - unzip - nodejs - graphicsmagick - ]; - - buildInputs = [ pkgs.electron ]; - - desktopItems = [ - (pkgs.makeDesktopItem { - name = "claude-desktop"; - desktopName = "Claude"; - comment = "AI assistant from Anthropic"; - exec = "claude-desktop %u"; - icon = "claude-desktop"; - categories = [ - "Network" - "Chat" - "Office" - ]; - mimeTypes = [ "x-scheme-handler/claude" ]; - startupNotify = true; - startupWMClass = "Claude"; - }) - ]; - - unpackPhase = '' - runHook preUnpack - - # Extract the Windows installer - use -y to auto-overwrite - 7z x -y $src -o./extracted - - # The installer contains a NuGet package - if [ -f ./extracted/AnthropicClaude-*-full.nupkg ]; then - echo "Found NuGet package, extracting..." - # NuGet packages are just zip files - unzip -q ./extracted/AnthropicClaude-*-full.nupkg -d ./nupkg - - # Extract app.asar to modify it - if [ -f ./nupkg/lib/net45/resources/app.asar ]; then - echo "Extracting app.asar..." - ${pkgs.asar}/bin/asar extract ./nupkg/lib/net45/resources/app.asar ./app - - # Also copy the unpacked resources - if [ -d ./nupkg/lib/net45/resources/app.asar.unpacked ]; then - cp -r ./nupkg/lib/net45/resources/app.asar.unpacked/* ./app/ - fi - - # Copy additional resources - mkdir -p ./app/resources - mkdir -p ./app/resources/i18n - cp ./nupkg/lib/net45/resources/Tray* ./app/resources/ || true - cp ./nupkg/lib/net45/resources/*-*.json ./app/resources/i18n/ || true - fi - else - echo "NuGet package not found" - ls -la ./extracted/ - exit 1 - fi - - runHook postUnpack - ''; - - buildPhase = '' - runHook preBuild - - # Replace the Windows-specific claude-native module with a stub - if [ -d ./app/node_modules/claude-native ]; then - echo "Replacing claude-native module with Linux stub..." - rm -rf ./app/node_modules/claude-native/*.node - cat > ./app/node_modules/claude-native/index.js << 'EOF' - ${claudeNativeStub} - EOF - fi - - # Fix the title bar detection (from aaddrick script) - echo "Fixing title bar detection..." - SEARCH_BASE="./app/.vite/renderer/main_window/assets" - if [ -d "$SEARCH_BASE" ]; then - TARGET_FILE=$(find "$SEARCH_BASE" -type f -name "MainWindowPage-*.js" | head -1) - if [ -n "$TARGET_FILE" ]; then - echo "Found target file: $TARGET_FILE" - # Replace patterns like 'if(!VAR1 && VAR2)' with 'if(VAR1 && VAR2)' - sed -i -E 's/if\(!([a-zA-Z]+)[[:space:]]*&&[[:space:]]*([a-zA-Z]+)\)/if(\1 \&\& \2)/g' "$TARGET_FILE" - echo "Title bar fix applied" - fi - fi - - runHook postBuild - ''; - - installPhase = '' - runHook preInstall - - mkdir -p $out/lib/claude-desktop - - # Repack the modified app as app.asar - cd ./app - ${pkgs.asar}/bin/asar pack . ../app.asar - cd .. - - # Copy resources - mkdir -p $out/lib/claude-desktop/resources - cp ./app.asar $out/lib/claude-desktop/resources/ - - # Create app.asar.unpacked directory with the stub - mkdir -p $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native - cat > $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native/index.js << 'EOF' - ${claudeNativeStub} - EOF - - # Copy other resources - if [ -d ./nupkg/lib/net45/resources ]; then - cp ./nupkg/lib/net45/resources/*.png $out/lib/claude-desktop/resources/ 2>/dev/null || true - cp ./nupkg/lib/net45/resources/*.ico $out/lib/claude-desktop/resources/ 2>/dev/null || true - cp ./nupkg/lib/net45/resources/*.json $out/lib/claude-desktop/resources/ 2>/dev/null || true - fi - - # Create wrapper script - makeWrapper ${pkgs.electron}/bin/electron $out/bin/claude-desktop \ - --add-flags "$out/lib/claude-desktop/resources/app.asar" \ - --set DISABLE_AUTOUPDATER 1 \ - --set NODE_ENV production - - # Extract and install icons in multiple sizes - if [ -f ./extracted/setupIcon.ico ]; then - echo "Converting and installing icons..." - # Count frames in the ICO file and extract each one - frame_count=$(gm identify ./extracted/setupIcon.ico | wc -l) - for i in $(seq 0 $((frame_count - 1))); do - gm convert "./extracted/setupIcon.ico[$i]" "./extracted/setupIcon-$i.png" 2>/dev/null || true - done - - # Loop through converted icons and install them by size - for img in ./extracted/setupIcon-*.png; do - if [ -f "$img" ]; then - size=$(gm identify -format "%wx%h" "$img") - # Skip smallest icons (16x16 and 32x32) as they're too low quality - if [ "$size" != "16x16" ] && [ "$size" != "32x32" ]; then - mkdir -p "$out/share/icons/hicolor/$size/apps" - cp "$img" "$out/share/icons/hicolor/$size/apps/claude-desktop.png" - fi - fi - done - fi - - runHook postInstall - ''; - - meta = with pkgs.lib; { - description = "Claude Desktop - AI assistant from Anthropic"; - homepage = "https://claude.ai"; - license = licenses.unfree; - sourceProvenance = with sourceTypes; [ binaryNativeCode ]; - maintainers = [ ]; - platforms = [ "x86_64-linux" ]; - mainProgram = "claude-desktop"; - }; - }; - }; -} From 10f823a3a6821f8de4f37b030e4af05a4e5349ac Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 22:21:33 -0300 Subject: [PATCH 187/206] lxc support for alexandria --- aspects/hosts/alexandria.nix | 1 + aspects/lxc.nix | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 aspects/lxc.nix diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index 57fdf5f..c0c9f32 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -27,6 +27,7 @@ # other aspects fwupd + lxc ]); }; } diff --git a/aspects/lxc.nix b/aspects/lxc.nix new file mode 100644 index 0000000..15da310 --- /dev/null +++ b/aspects/lxc.nix @@ -0,0 +1,17 @@ +{ ... }: + +{ + flake.modules.nixos.lxc = + { + config, + lib, + pkgs, + ... + }: + { + virtualisation.lxc = { + enable = true; + unprivilegedContainers = true; + }; + }; +} From fe460c9151c87b46c9ebcca327c09fb883fef8d9 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 15 Feb 2026 23:01:25 -0300 Subject: [PATCH 188/206] fix secrets locations --- aspects/hosts/_alexandria/nextcloud.nix | 7 +++---- aspects/hosts/_alexandria/nginx.nix | 2 +- aspects/hosts/_trantor/nginx.nix | 2 +- aspects/hosts/alexandria.nix | 2 +- 4 files changed, 6 insertions(+), 7 deletions(-) diff --git a/aspects/hosts/_alexandria/nextcloud.nix b/aspects/hosts/_alexandria/nextcloud.nix index c4a9669..cb9f2ac 100644 --- a/aspects/hosts/_alexandria/nextcloud.nix +++ b/aspects/hosts/_alexandria/nextcloud.nix @@ -1,8 +1,7 @@ { - lib, config, - pkgs, inputs, + pkgs, ... }: @@ -83,12 +82,12 @@ in age.secrets = { "nextcloud-secrets.json" = { - file = ../../../secrets/nextcloud-secrets.json.age; + file = "${inputs.self}/secrets/nextcloud-secrets.json.age"; owner = "nextcloud"; group = "nextcloud"; }; nextcloud-adminpass = { - file = ../../../secrets/nextcloud-adminpass.age; + file = "${inputs.self}/secrets/nextcloud-adminpass.age"; owner = "nextcloud"; group = "nextcloud"; }; diff --git a/aspects/hosts/_alexandria/nginx.nix b/aspects/hosts/_alexandria/nginx.nix index 26a7ba1..087faf4 100644 --- a/aspects/hosts/_alexandria/nginx.nix +++ b/aspects/hosts/_alexandria/nginx.nix @@ -51,7 +51,7 @@ in ]; age.secrets.cloudflare = { - file = ../../../secrets/cloudflare.age; + file = "${inputs.self}/secrets/cloudflare.age"; owner = "nginx"; group = "nginx"; }; diff --git a/aspects/hosts/_trantor/nginx.nix b/aspects/hosts/_trantor/nginx.nix index 899666e..eccfb12 100644 --- a/aspects/hosts/_trantor/nginx.nix +++ b/aspects/hosts/_trantor/nginx.nix @@ -51,7 +51,7 @@ in ]; age.secrets.cloudflare = { - file = ../../../secrets/cloudflare.age; + file = "${inputs.self}/secrets/cloudflare.age"; owner = "nginx"; group = "nginx"; }; diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index c0c9f32..f10dfe7 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -27,7 +27,7 @@ # other aspects fwupd - lxc + podman ]); }; } From 657e1e4697c22f4f82985844b3d8ad2535e6ec49 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 16 Feb 2026 00:07:36 -0300 Subject: [PATCH 189/206] fix forgejo on trantor --- aspects/hosts/_trantor/forgejo.nix | 7 ++++++- aspects/hosts/_trantor/nginx.nix | 2 -- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/aspects/hosts/_trantor/forgejo.nix b/aspects/hosts/_trantor/forgejo.nix index 1112622..6d702e2 100644 --- a/aspects/hosts/_trantor/forgejo.nix +++ b/aspects/hosts/_trantor/forgejo.nix @@ -21,6 +21,8 @@ in ROOT_URL = "https://git.baduhai.dev"; OFFLINE_MODE = true; # disable use of CDNs SSH_DOMAIN = "git.baduhai.dev"; + SSH_USER = "forgejo"; + SSH_PORT = lib.head config.services.openssh.ports; }; log.LEVEL = "Warn"; mailer.ENABLED = false; @@ -67,5 +69,8 @@ in }; # Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories - systemd.services.forgejo.serviceConfig.PrivateMounts = lib.mkForce false; + systemd.services.forgejo.serviceConfig = { + PrivateMounts = lib.mkForce false; + ProtectSystem = lib.mkForce false; + }; } diff --git a/aspects/hosts/_trantor/nginx.nix b/aspects/hosts/_trantor/nginx.nix index eccfb12..24f96c3 100644 --- a/aspects/hosts/_trantor/nginx.nix +++ b/aspects/hosts/_trantor/nginx.nix @@ -8,10 +8,8 @@ let services = inputs.self.services; - # Get all unique domains from shared services on trantor (host = "trantor") localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "trantor") services)); - # Generate ACME cert configs for all local domains acmeCerts = lib.genAttrs localDomains (domain: { group = "nginx"; }); From bea47712721aa49dd0fc27c5f3640f812db30dea Mon Sep 17 00:00:00 2001 From: William Date: Mon, 16 Feb 2026 01:05:30 -0300 Subject: [PATCH 190/206] lxc on alexandria again --- aspects/hosts/alexandria.nix | 2 +- aspects/lxc.nix | 11 ++++++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index f10dfe7..c0c9f32 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -27,7 +27,7 @@ # other aspects fwupd - podman + lxc ]); }; } diff --git a/aspects/lxc.nix b/aspects/lxc.nix index 15da310..4225e0c 100644 --- a/aspects/lxc.nix +++ b/aspects/lxc.nix @@ -9,9 +9,14 @@ ... }: { - virtualisation.lxc = { - enable = true; - unprivilegedContainers = true; + virtualisation = { + lxc = { + enable = true; + unprivilegedContainers = true; + }; + incus.enable = true; }; + + users.users.user.extraGroups = [ "incus-admin" ]; }; } From 19ecca4ea808e845e1db52d79ac3cbbbddfe647e Mon Sep 17 00:00:00 2001 From: William Date: Mon, 16 Feb 2026 11:59:32 -0300 Subject: [PATCH 191/206] add niri-auto-centre script --- aspects/desktop/niri.nix | 1 + packages/hm-cli.nix | 2 -- packages/niri-auto-centre.nix | 32 ++++++++++++++++++++++++++++++++ 3 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 packages/niri-auto-centre.nix diff --git a/aspects/desktop/niri.nix b/aspects/desktop/niri.nix index 9c87723..bc99482 100644 --- a/aspects/desktop/niri.nix +++ b/aspects/desktop/niri.nix @@ -123,6 +123,7 @@ } spawn-at-startup "noctalia-shell" "-d" + spawn-at-startup "${lib.getExe pkgs.niri-auto-centre}" layer-rule { match namespace="^noctalia-overview*" place-within-backdrop true diff --git a/packages/hm-cli.nix b/packages/hm-cli.nix index 94dae66..59f4b4f 100644 --- a/packages/hm-cli.nix +++ b/packages/hm-cli.nix @@ -5,8 +5,6 @@ { pkgs, ... }: { packages.hm-cli = pkgs.writeShellScriptBin "hm" '' - set -e - HM="${pkgs.lib.getExe pkgs.home-manager}" FLAKE_PATH="''${HM_PATH:-$HOME/.config/home-manager}" FLAKE_OUTPUT="''${HM_USER:-$(whoami)@$(hostname)}" diff --git a/packages/niri-auto-centre.nix b/packages/niri-auto-centre.nix new file mode 100644 index 0000000..dd7b04c --- /dev/null +++ b/packages/niri-auto-centre.nix @@ -0,0 +1,32 @@ +{ ... }: + +{ + perSystem = + { pkgs, ... }: + { + packages.niri-auto-centre = pkgs.writeShellApplication { + name = "niri-auto-centre"; + runtimeInputs = [ pkgs.jq ]; + text = '' + while true; do + ACTIVE_WORKSPACE=$(niri msg --json workspaces | jq -r '.[] | select(.is_active == true)') + WORKSPACE_ID=$(echo "$ACTIVE_WORKSPACE" | jq -r '.id') + OUTPUT_NAME=$(echo "$ACTIVE_WORKSPACE" | jq -r '.output') + + MONITOR_WIDTH=$(niri msg --json outputs | jq -r ".\"$OUTPUT_NAME\".logical.width") + + SUMMED_TILE_WIDTH=$(niri msg --json windows | jq --argjson wid "$WORKSPACE_ID" -r ' + [.[] | select(.workspace_id == $wid) | {col: .layout.pos_in_scrolling_layout[0], width: .layout.tile_size[0]}] + | group_by(.col) | map(first.width) | add + ') + + if awk "BEGIN {exit !($SUMMED_TILE_WIDTH < $MONITOR_WIDTH)}"; then + niri msg action center-visible-columns + fi + + sleep 0.1 + done + ''; + }; + }; +} From cd16985ddc763de89bc3eda4aeb9445b6cb059ee Mon Sep 17 00:00:00 2001 From: William Date: Tue, 17 Feb 2026 13:53:57 -0300 Subject: [PATCH 192/206] use determinate nix --- aspects/base/nix.nix | 31 +-- flake.lock | 444 +++++++++++++++++++++++++++++++------------ flake.nix | 1 + 3 files changed, 340 insertions(+), 136 deletions(-) diff --git a/aspects/base/nix.nix b/aspects/base/nix.nix index 2442024..29feff8 100644 --- a/aspects/base/nix.nix +++ b/aspects/base/nix.nix @@ -3,24 +3,25 @@ flake.modules.nixos.nix = { inputs, pkgs, ... }: { - imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; + imports = [ + inputs.nixos-cli.nixosModules.nixos-cli + inputs.determinate.nixosModules.default + ]; - nix = { - settings = { - auto-optimise-store = true; - connect-timeout = 10; - log-lines = 25; - min-free = 128000000; - max-free = 1000000000; - trusted-users = [ "@wheel" ]; - }; - extraOptions = "experimental-features = nix-command flakes"; - gc = { - automatic = true; - options = "--delete-older-than 8d"; - }; + nix.gc = { + automatic = true; + options = "--delete-older-than 8d"; }; + environment.etc."nix/nix.custom.conf".text = '' + auto-optimise-store = true + connect-timeout = 10 + log-lines = 25 + min-free = 128000000 + max-free = 1000000000 + trusted-users = @wheel + ''; + nixpkgs.config = { allowUnfree = true; enableParallelBuilding = true; diff --git a/flake.lock b/flake.lock index 20de064..8b17f1e 100644 --- a/flake.lock +++ b/flake.lock @@ -135,9 +135,66 @@ "type": "github" } }, + "determinate": { + "inputs": { + "determinate-nixd-aarch64-darwin": "determinate-nixd-aarch64-darwin", + "determinate-nixd-aarch64-linux": "determinate-nixd-aarch64-linux", + "determinate-nixd-x86_64-linux": "determinate-nixd-x86_64-linux", + "nix": "nix", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1771014593, + "narHash": "sha256-NrCFwn20ewJwy/SZoREs+XylerizPCYP54n9qkr31/E=", + "rev": "69b4ff80ae2bbdd1e3f02ccd76a5f2988b118ed2", + "revCount": 397, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.16.0/019c58b5-64dc-77f9-b913-8738b7d338cc/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/DeterminateSystems/determinate/%2A" + } + }, + "determinate-nixd-aarch64-darwin": { + "flake": false, + "locked": { + "narHash": "sha256-PUo0u1iNMB8eTlBNFMCW8/UAn1sGKGqsIYlXaDRhx00=", + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/macOS" + }, + "original": { + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/macOS" + } + }, + "determinate-nixd-aarch64-linux": { + "flake": false, + "locked": { + "narHash": "sha256-jiIWiM88xkEpBQeohSxhl83fn2xoZY0nFkrW6CUAIAI=", + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/aarch64-linux" + }, + "original": { + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/aarch64-linux" + } + }, + "determinate-nixd-x86_64-linux": { + "flake": false, + "locked": { + "narHash": "sha256-qF/NNdHwh3tAHrKIOz2FRq5Q8GcSMzJeEY/PFvGf5vo=", + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/x86_64-linux" + }, + "original": { + "type": "file", + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/x86_64-linux" + } + }, "disko": { "inputs": { - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1769524058, @@ -170,6 +227,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1767039857, @@ -185,7 +258,7 @@ "type": "github" } }, - "flake-compat_2": { + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1747046372, @@ -202,6 +275,27 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "determinate", + "nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748821116, + "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=", + "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1", + "revCount": 377, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/hercules-ci/flake-parts/0.1.377%2Brev-49f0870db23e8c1ca0b5259734a02cd9e1e371a1/01972f28-554a-73f8-91f4-d488cc502f08/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/hercules-ci/flake-parts/0.1" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, @@ -219,7 +313,7 @@ "type": "github" } }, - "flake-parts_2": { + "flake-parts_3": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_2" }, @@ -237,7 +331,7 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -258,7 +352,7 @@ "type": "github" } }, - "flake-parts_4": { + "flake-parts_5": { "inputs": { "nixpkgs-lib": [ "terranix", @@ -295,6 +389,32 @@ "type": "github" } }, + "git-hooks-nix": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": [ + "determinate", + "nix" + ], + "nixpkgs": [ + "determinate", + "nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1747372754, + "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", + "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", + "revCount": 1026, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/cachix/git-hooks.nix/0.1.1026%2Brev-80479b6ec16fefd9c1db3ea13aeb038c60530f46/0196d79a-1b35-7b8e-a021-c894fb62163d/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/cachix/git-hooks.nix/0.1.941" + } + }, "gnome-shell": { "flake": false, "locked": { @@ -401,7 +521,7 @@ "impermanence": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1769548169, @@ -432,10 +552,31 @@ "type": "github" } }, + "nix": { + "inputs": { + "flake-parts": "flake-parts", + "git-hooks-nix": "git-hooks-nix", + "nixpkgs": "nixpkgs", + "nixpkgs-23-11": "nixpkgs-23-11", + "nixpkgs-regression": "nixpkgs-regression" + }, + "locked": { + "lastModified": 1771010067, + "narHash": "sha256-Itk88UC3CxjGjjAb20KI6KrM9tRoGEpbv996fXwAWGo=", + "rev": "5c670e37e884c43e1da0405075c9b9c83d316a6c", + "revCount": 24629, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.16.0/019c589d-45e9-7337-9ff0-a8d78fecf63f/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/DeterminateSystems/nix-src/%2A" + } + }, "nix-ai-tools": { "inputs": { "blueprint": "blueprint", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_5", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -490,9 +631,9 @@ }, "nixos-cli": { "inputs": { - "flake-compat": "flake-compat", - "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_4", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts_3", + "nixpkgs": "nixpkgs_6", "optnix": "optnix" }, "locked": { @@ -511,17 +652,31 @@ }, "nixpkgs": { "locked": { - "lastModified": 1769330179, - "narHash": "sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv+6jcvA212M=", + "lastModified": 1761597516, + "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", + "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55", + "revCount": 811874, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.811874%2Brev-daf6dc47aa4b44791372d6139ab7b25269184d55/019a3494-3498-707e-9086-1fb81badc7fe/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/NixOS/nixpkgs/0.2505" + } + }, + "nixpkgs-23-11": { + "locked": { + "lastModified": 1717159533, + "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "48698d12cc10555a4f3e3222d9c669b884a49dfe", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", "repo": "nixpkgs", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", "type": "github" } }, @@ -555,6 +710,22 @@ "type": "github" } }, + "nixpkgs-regression": { + "locked": { + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1770770419, @@ -571,103 +742,7 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1768564909, - "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1770843696, - "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2343bbb58f99267223bc2aac4fc9ea301a155a16", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1767151656, - "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f665af0cdb70ed27e1bd8f9fdfecaf451260fc55", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { - "locked": { - "lastModified": 1759070547, - "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "647e5c14cbd5067f44ac86b74f014962df460840", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { - "locked": { - "lastModified": 1770562336, - "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_7": { - "locked": { - "lastModified": 1767767207, - "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_8": { + "nixpkgs_10": { "locked": { "lastModified": 1762111121, "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", @@ -683,7 +758,7 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_11": { "locked": { "lastModified": 1769461804, "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", @@ -699,6 +774,132 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1770537093, + "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", + "rev": "fef9403a3e4d31b0a23f0bacebbec52c248fbb51", + "revCount": 942631, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nixpkgs-weekly/0.1.942631%2Brev-fef9403a3e4d31b0a23f0bacebbec52c248fbb51/019c4621-ce4f-799f-82f6-b3b29f099b09/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/DeterminateSystems/nixpkgs-weekly/0.1" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1769330179, + "narHash": "sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv+6jcvA212M=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "48698d12cc10555a4f3e3222d9c669b884a49dfe", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1768564909, + "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1770843696, + "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2343bbb58f99267223bc2aac4fc9ea301a155a16", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1767151656, + "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f665af0cdb70ed27e1bd8f9fdfecaf451260fc55", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_7": { + "locked": { + "lastModified": 1759070547, + "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "647e5c14cbd5067f44ac86b74f014962df460840", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { + "locked": { + "lastModified": 1770562336, + "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_9": { + "locked": { + "lastModified": 1767767207, + "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "noctalia": { "inputs": { "nixpkgs": [ @@ -746,8 +947,8 @@ }, "optnix": { "inputs": { - "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs_5" + "flake-compat": "flake-compat_3", + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1765418479, @@ -766,8 +967,9 @@ "root": { "inputs": { "agenix": "agenix", + "determinate": "determinate", "disko": "disko", - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "home-manager": "home-manager_2", "impermanence": "impermanence", "import-tree": "import-tree", @@ -775,7 +977,7 @@ "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_8", "nixpkgs-stable": "nixpkgs-stable", "noctalia": "noctalia", "stylix": "stylix", @@ -791,9 +993,9 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_4", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_9", "nur": "nur", "systems": "systems_3", "tinted-foot": "tinted-foot", @@ -893,7 +1095,7 @@ }, "terranix": { "inputs": { - "flake-parts": "flake-parts_4", + "flake-parts": "flake-parts_5", "nixpkgs": [ "nixpkgs" ], @@ -1017,7 +1219,7 @@ }, "vicinae": { "inputs": { - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_10", "systems": "systems_5" }, "locked": { @@ -1037,7 +1239,7 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_4", - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_11" }, "locked": { "lastModified": 1771000521, diff --git a/flake.nix b/flake.nix index 2036828..c2f801c 100644 --- a/flake.nix +++ b/flake.nix @@ -5,6 +5,7 @@ # nix tools flake-parts.url = "github:hercules-ci/flake-parts"; import-tree.url = "github:vic/import-tree"; + determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*"; # nixos/hm nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; From 385586a376cdb9a78c0fb96a93d60f93b3957b69 Mon Sep 17 00:00:00 2001 From: William Date: Tue, 17 Feb 2026 14:03:58 -0300 Subject: [PATCH 193/206] add vagrant to libvirtd aspect; add libvirtd aspect to alexandria --- aspects/hosts/alexandria.nix | 2 +- aspects/libvirtd.nix | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index c0c9f32..55867fa 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -27,7 +27,7 @@ # other aspects fwupd - lxc + libvirtd ]); }; } diff --git a/aspects/libvirtd.nix b/aspects/libvirtd.nix index 1135306..a21a23d 100644 --- a/aspects/libvirtd.nix +++ b/aspects/libvirtd.nix @@ -15,6 +15,8 @@ programs.virt-manager.enable = true; + environment.systemPackages = with pkgs; [ vagrant ]; + networking.firewall.trustedInterfaces = [ "virbr0" ]; users.users.user.extraGroups = [ From 79a6bd53bfa9e849bfbd0aa1e6b8340bed1171fc Mon Sep 17 00:00:00 2001 From: William Date: Tue, 17 Feb 2026 14:56:42 -0300 Subject: [PATCH 194/206] lima instead of vagrant --- aspects/libvirtd.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspects/libvirtd.nix b/aspects/libvirtd.nix index a21a23d..360743d 100644 --- a/aspects/libvirtd.nix +++ b/aspects/libvirtd.nix @@ -15,7 +15,7 @@ programs.virt-manager.enable = true; - environment.systemPackages = with pkgs; [ vagrant ]; + environment.systemPackages = with pkgs; [ lima ]; networking.firewall.trustedInterfaces = [ "virbr0" ]; From 561fdf5ef45d835c8948f6a9d644e165d92660b5 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 18 Feb 2026 16:08:53 -0300 Subject: [PATCH 195/206] 'system' has been renamed to/replaced by 'stdenv.hostPlatform.system' --- aspects/ai.nix | 2 +- aspects/desktop/niri.nix | 2 +- aspects/desktop/web.nix | 2 +- shells/default.nix | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/aspects/ai.nix b/aspects/ai.nix index 3431ddd..e3016e6 100644 --- a/aspects/ai.nix +++ b/aspects/ai.nix @@ -5,7 +5,7 @@ { environment.systemPackages = (with pkgs; [ ]) - ++ (with inputs.nix-ai-tools.packages.${pkgs.system}; [ + ++ (with inputs.nix-ai-tools.packages.${pkgs.stdenv.hostPlatform.system}; [ claude-code claudebox opencode diff --git a/aspects/desktop/niri.nix b/aspects/desktop/niri.nix index bc99482..9408097 100644 --- a/aspects/desktop/niri.nix +++ b/aspects/desktop/niri.nix @@ -48,7 +48,7 @@ home = { packages = with pkgs; [ xwayland-satellite - inputs.noctalia.packages.${pkgs.system}.default + inputs.noctalia.packages.${pkgs.stdenv.hostPlatform.system}.default ]; sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; }; diff --git a/aspects/desktop/web.nix b/aspects/desktop/web.nix index 1e4ed1c..8fb960a 100644 --- a/aspects/desktop/web.nix +++ b/aspects/desktop/web.nix @@ -9,7 +9,7 @@ }: { environment.systemPackages = with pkgs; [ - inputs.zen-browser.packages."${pkgs.system}".default + inputs.zen-browser.packages."${pkgs.stdenv.hostPlatform.system}".default bitwarden-desktop fragments nextcloud-client diff --git a/shells/default.nix b/shells/default.nix index a7cda20..d9eb50b 100644 --- a/shells/default.nix +++ b/shells/default.nix @@ -6,7 +6,7 @@ { devShells.default = pkgs.mkShell { packages = with pkgs; [ - inputs.agenix.packages.${system}.default + inputs.agenix.packages.${stdenv.hostPlatform.system}.default nil nixfmt ]; From 80b1246ad87b6a0f48f4629158bbb4c312faa0a7 Mon Sep 17 00:00:00 2001 From: William Date: Wed, 18 Feb 2026 16:18:07 -0300 Subject: [PATCH 196/206] new readme --- readme.md | 130 ++++++++++++++++++++++++------------------------------ 1 file changed, 58 insertions(+), 72 deletions(-) diff --git a/readme.md b/readme.md index a2b815f..554c5bc 100644 --- a/readme.md +++ b/readme.md @@ -1,87 +1,73 @@ -# Nix Configuration +# NixOS Flake Configuration -My personal Nix configuration for multiple NixOS hosts, home-manager users, miscellaneous resources... too many things to list. If I could put my life in a flake I would. +Modular NixOS configuration using flake-parts with the [dendritic](https://github.com/gytis-ivaskevicius/dendritic) pattern. + +## Structure + +``` +. +├── aspects/ # Reusable NixOS/home-manager modules (dendritic) +│ ├── base/ # Base system configuration +│ ├── hosts/ # Host-specific configurations +│ │ ├── _alexandria/ +│ │ ├── _io/ +│ │ ├── _rotterdam/ +│ │ └── _trantor/ +│ ├── systems/ # System type modules (desktop, server, cli, gaming) +│ └── users/ # User account configurations +├── data/ # Shared host/service definitions +├── packages/ # Custom packages and overlays +├── shells/ # Shell configurations +└── terranix/ # Terraform configurations for cloud resources +``` ## Hosts -### Desktop Systems -- **rotterdam** - Main desktop workstation (x86_64) - - Features: Desktop, AI tools, Bluetooth, Dev environment, Gaming, Virtualization (libvirtd), Podman - - Storage: Ephemeral root with LUKS encryption - -- **io** - Laptop workstation (x86_64) - - Features: Desktop, AI tools, Bluetooth, Dev environment, Podman - - Storage: Ephemeral root with LUKS encryption - -### Servers -- **alexandria** - Home server (x86_64) - - Hosts: Nextcloud, Vaultwarden, Jellyfin, Kanidm - -- **trantor** - Cloud server (aarch64) - - Hosts: Forgejo - - Cloud provider: Oracle Cloud Infrastructure - - Storage: Ephemeral root with btrfs - -## Home Manager Configurations - -- **user@rotterdam** - Full desktop setup with gaming, OBS, and complete development environment -- **user@io** - Lightweight desktop setup - -Both configurations include: -- btop, direnv, helix, starship, tmux -- Stylix theme management -- Fish shell with custom configurations - -## Terranix Configurations - -Infrastructure as code using Terranix (NixOS + Terraform/OpenTofu): - -- **oci-trantor** - Oracle Cloud Infrastructure provisioning for Trantor server -- **cloudflare-baduhaidev** - DNS and CDN configuration for baduhai.dev domain -- **tailscale-tailnet** - Tailscale network ACL and device management +| Host | Architecture | Type | Description | +|------|--------------|------|-------------| +| trantor | aarch64-linux | server | ARM server running Forgejo | +| alexandria | x86_64-linux | server | x86 server (Kanidm, Vaultwarden, Nextcloud, Jellyfin) | +| rotterdam | x86_64-linux | desktop | Gaming desktop with GPU passthrough | +| io | x86_64-linux | desktop | Workstation | ## Services -All services are accessible via custom domains under baduhai.dev: +- **git.baduhai.dev** (Forgejo) - Publicly accessible on trantor -- **Kanidm** (auth.baduhai.dev) - Identity and access management -- **Vaultwarden** (pass.baduhai.dev) - Password manager -- **Forgejo** (git.baduhai.dev) - Git forge (publicly accessible) -- **Nextcloud** (cloud.baduhai.dev) - File sync and collaboration -- **Jellyfin** (jellyfin.baduhai.dev) - Media server +Other services (LAN/Tailscale only): Kanidm, Vaultwarden, Nextcloud, Jellyfin -Services are accessible via: -- LAN for alexandria-hosted services -- Tailscale VPN for all services -- Public internet for Forgejo only +## Features -## Notable Features +- **Ephemeral root**: Automatic btrfs subvolume rollover with impermanence +- **Secrets**: Managed via agenix with age encryption +- **Disk management**: disko for declarative disk partitioning +- **Modular architecture**: Each aspect is a separate module imported via import-tree +- **Dendritic pattern**: Aspects are imported as a unified flake module -### Ephemeral Root -Rotterdam, io, and trantor use an ephemeral root filesystem that resets on every boot: -- Root filesystem is automatically rolled back using btrfs snapshots -- Old snapshots retained for 30 days -- Persistent data stored in dedicated subvolumes -- Implements truly stateless systems +## Building -### Custom DNS Architecture -- Unbound DNS servers on both alexandria and trantor -- Service routing based on visibility flags (public/LAN/Tailscale) -- Split-horizon DNS for optimal access paths +```bash +# Build specific host +nix build .#nixosConfigurations.trantor.config.system.build.toplevel -### Security -- LUKS full-disk encryption on desktop systems -- Fail2ban on public-facing servers -- agenix for secrets management -- Tailscale for secure remote access +# Rebuild host (if using nixos-cli on the host) +sudo nixos apply +``` -### Desktop Environment -- Custom Niri window manager (Wayland compositor) -- Using forked version with auto-centering feature -- Stylix for consistent theming +## Terranix -### Development Setup -- Nix flakes for reproducible builds -- deploy-rs for automated deployments -- Podman for containerization -- Complete AI tooling integration +Terraform configurations for cloud infrastructure managed via terranix: + +- baduhai.dev DNS +- Cloudflare tunnel endpoints +- Tailscale subnet routers + +## Key Dependencies + +- nixpkgs (nixos-unstable for workstations, nixos for servers) +- home-manager +- agenix +- disko +- impermanence +- nix-flatpak +- nixos-cli From 1f9812fea0450f3bbf232bc20fb568094e71cc12 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 19 Feb 2026 07:05:48 -0300 Subject: [PATCH 197/206] improve homeConfigurations files --- aspects/users/user_io.nix | 4 +-- aspects/users/user_rotterdam.nix | 56 +++++++++++++++----------------- 2 files changed, 29 insertions(+), 31 deletions(-) diff --git a/aspects/users/user_io.nix b/aspects/users/user_io.nix index c956b1c..a8fa675 100644 --- a/aspects/users/user_io.nix +++ b/aspects/users/user_io.nix @@ -1,7 +1,7 @@ { inputs, lib, ... }: { - flake."user@io" = inputs.home-manager.lib.homeManagerConfiguration { + flake.homeConfigurations."user@io" = { pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; extraSpecialArgs = { inherit inputs; @@ -24,7 +24,7 @@ cli desktop - # other aspect + # other aspects stylix niri ]); diff --git a/aspects/users/user_rotterdam.nix b/aspects/users/user_rotterdam.nix index 56b2dc1..36f512d 100644 --- a/aspects/users/user_rotterdam.nix +++ b/aspects/users/user_rotterdam.nix @@ -1,35 +1,33 @@ { inputs, lib, ... }: { - flake.homeConfigurations = { - "user@rotterdam" = inputs.home-manager.lib.homeManagerConfiguration { - pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = { - inherit inputs; - hostname = "rotterdam"; - }; - modules = [ - { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - { - home = { - username = "user"; - homeDirectory = "/home/user"; - stateVersion = "22.05"; - }; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) - ] - ++ (with inputs.self.modules.homeManager; [ - # system aspects - base - cli - desktop - gaming - - # other aspects - stylix - niri - ]); + flake.homeConfigurations."user@rotterdam" = { + pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { + inherit inputs; + hostname = "rotterdam"; }; + modules = [ + { nixpkgs.overlays = [ inputs.self.overlays.default ]; } + { + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + }; + } + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) + ] + ++ (with inputs.self.modules.homeManager; [ + # system aspects + base + cli + desktop + gaming + + # other aspects + stylix + niri + ]); }; } From d51f6f14db38b6780f2b4b9f11ad406aae8e6644 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 19 Feb 2026 08:08:27 -0300 Subject: [PATCH 198/206] created mkHost and mkHomeConfiguration --- aspects/constants.nix | 82 +++++++++++++++++++++++++++++++- aspects/hosts/alexandria.nix | 36 +++++--------- aspects/hosts/io.nix | 41 +++++----------- aspects/hosts/rotterdam.nix | 39 +++++---------- aspects/hosts/trantor.nix | 43 ++++++----------- aspects/users/user.nix | 63 ++++++++++++++++++------ aspects/users/user_io.nix | 32 ------------- aspects/users/user_rotterdam.nix | 33 ------------- 8 files changed, 178 insertions(+), 191 deletions(-) delete mode 100644 aspects/users/user_io.nix delete mode 100644 aspects/users/user_rotterdam.nix diff --git a/aspects/constants.nix b/aspects/constants.nix index 7d77098..5a82660 100644 --- a/aspects/constants.nix +++ b/aspects/constants.nix @@ -1,4 +1,9 @@ -{ lib, config, ... }: +{ + inputs, + lib, + config, + ... +}: let # Host submodule type @@ -132,6 +137,81 @@ in local-data = lanData; } ]; + # Generates flake.homeConfigurations + mkHomeConfiguration = + { + user, + hostname, + system ? "x86_64-linux", + stateVersion ? "22.05", + nixpkgs ? inputs.nixpkgs, # override with e.g. inputs.nixpkgs-stable + userModules ? [ ], + overlays ? [ inputs.self.overlays.default ], + homeManagerModules ? with inputs.self.modules.homeManager; [ + base + cli + ], + userDirectory ? "/home/${user}", + }: + inputs.home-manager.lib.homeManagerConfiguration { + pkgs = nixpkgs.legacyPackages.${system}; + + extraSpecialArgs = { + inherit inputs hostname; + }; + + modules = [ + { nixpkgs.overlays = overlays; } + { + home = { + username = user; + homeDirectory = userDirectory; + inherit stateVersion; + }; + } + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) + "/${inputs.self}/aspects/users/_${user}" + ) + ] + ++ homeManagerModules + ++ userModules; + }; + # Generates flake.nixosConfigurations + mkHost = + { + hostname, + system ? "x86_64-linux", + nixpkgs ? inputs.nixpkgs, + overlays ? [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ], + ephemeralRootDev ? null, # pass rootDevice string to enable, e.g. ephemeralephemeralRootDev = "/dev/mapper/cryptroot" + nixosModules ? with inputs.self.modules.nixos; [ + base + cli + user + root + ], + extraModules ? [ ], + }: + nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = hostname; } + { nixpkgs.overlays = overlays; } + ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) + "${inputs.self}/aspects/hosts/_${hostname}" + ) + ] + ++ (lib.optional (ephemeralRootDev != null) ( + inputs.self.factory.ephemeral { rootDevice = ephemeralRootDev; } + )) + ++ nixosModules + ++ extraModules; + }; }; }; } diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index 55867fa..be5027e 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -1,33 +1,19 @@ -{ inputs, lib, ... }: +{ inputs, ... }: + +let + mkHost = inputs.self.lib.mkHost; +in { - flake.nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "alexandria"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_alexandria) - ] - ++ (with inputs.self.modules.nixos; [ - # system aspects - base - cli + flake.nixosConfigurations.alexandria = mkHost { + hostname = "alexandria"; + nixpkgs = inputs.nixpkgs-stable; + extraModules = with inputs.self.modules.nixos; [ + # base aspects server - - # user aspects - user - root - # other aspects fwupd libvirtd - ]); + ]; }; } diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix index 6944555..cf5ecec 100644 --- a/aspects/hosts/io.nix +++ b/aspects/hosts/io.nix @@ -1,34 +1,17 @@ -{ inputs, lib, ... }: +{ inputs, ... }: + +let + mkHost = inputs.self.lib.mkHost; +in { - flake.nixosConfigurations.io = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "io"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_io) - (inputs.self.factory.ephemeral { - rootDevice = "/dev/mapper/cryptroot"; - }) - ] - ++ (with inputs.self.modules.nixos; [ - # system aspects - base - cli + flake.nixosConfigurations.io = mkHost { + hostname = "io"; + ephemeralRootDev = "/dev/mapper/cryptroot"; + extraModules = with inputs.self.modules.nixos; [ + # base aspects desktop - - # user aspects - user - root - - # Other aspects + # other aspects ai bluetooth dev @@ -36,6 +19,6 @@ networkmanager niri podman - ]); + ]; }; } diff --git a/aspects/hosts/rotterdam.nix b/aspects/hosts/rotterdam.nix index 1c177e4..f3b6fca 100644 --- a/aspects/hosts/rotterdam.nix +++ b/aspects/hosts/rotterdam.nix @@ -1,34 +1,17 @@ -{ inputs, lib, ... }: +{ inputs, ... }: + +let + mkHost = inputs.self.lib.mkHost; +in { - flake.nixosConfigurations.rotterdam = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "rotterdam"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_rotterdam) - (inputs.self.factory.ephemeral { - rootDevice = "/dev/mapper/cryptroot"; - }) - ] - ++ (with inputs.self.modules.nixos; [ - # system aspects - base - cli + flake.nixosConfigurations.rotterdam = mkHost { + hostname = "rotterdam"; + ephemeralRootDev = "/dev/mapper/cryptroot"; + extraModules = with inputs.self.modules.nixos; [ + # base aspects desktop gaming - - # user aspects - user - root - # other aspects ai bluetooth @@ -38,6 +21,6 @@ networkmanager niri podman - ]); + ]; }; } diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix index 076672c..14f9dd7 100644 --- a/aspects/hosts/trantor.nix +++ b/aspects/hosts/trantor.nix @@ -1,31 +1,18 @@ -{ inputs, lib, ... }: -{ - flake.nixosConfigurations.trantor = inputs.nixpkgs-stable.lib.nixosSystem { - system = "aarch64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = "trantor"; } - { - nixpkgs.overlays = [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ]; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_trantor) - (inputs.self.factory.ephemeral { - rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; - }) - ] - ++ (with inputs.self.modules.nixos; [ - # system aspects - base - cli - server +{ inputs, ... }: - # user aspects - user - root - ]); +let + mkHost = inputs.self.lib.mkHost; +in + +{ + flake.nixosConfigurations.trantor = mkHost { + hostname = "trantor"; + system = "aarch64-linux"; + nixpkgs = inputs.nixpkgs-stable; + ephemeralRootDev = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; + extraModules = with inputs.self.modules.nixos; [ + # base aspects + server + ]; }; } diff --git a/aspects/users/user.nix b/aspects/users/user.nix index e3f8530..86bcddb 100644 --- a/aspects/users/user.nix +++ b/aspects/users/user.nix @@ -1,22 +1,55 @@ -{ ... }: +{ inputs, ... }: + +let + mkHomeConfiguration = inputs.self.lib.mkHomeConfiguration; +in { - flake.modules.nixos.user = - { pkgs, ... }: - { - users.users.user = { - isNormalUser = true; - shell = pkgs.fish; - extraGroups = [ - "networkmanager" - "wheel" + flake = { + modules.nixos.user = + { pkgs, ... }: + { + users.users.user = { + isNormalUser = true; + shell = pkgs.fish; + extraGroups = [ + "networkmanager" + "wheel" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + ]; + hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; + }; + }; + homeConfigurations = { + "user@rotterdam" = mkHomeConfiguration { + user = "user"; + hostname = "rotterdam"; + userModules = with inputs.self.modules.homeManager; [ + # system aspects + desktop + gaming + + # other aspects + stylix + niri ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + }; + "user@io" = mkHomeConfiguration { + user = "user"; + hostname = "io"; + userModules = with inputs.self.modules.homeManager; [ + # system aspects + desktop + + # other aspects + stylix + niri ]; - hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; }; }; + }; } diff --git a/aspects/users/user_io.nix b/aspects/users/user_io.nix deleted file mode 100644 index a8fa675..0000000 --- a/aspects/users/user_io.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ inputs, lib, ... }: - -{ - flake.homeConfigurations."user@io" = { - pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = { - inherit inputs; - hostname = "io"; - }; - modules = [ - { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - { - home = { - username = "user"; - homeDirectory = "/home/user"; - stateVersion = "22.05"; - }; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) - ] - ++ (with inputs.self.modules.homeManager; [ - # system aspects - base - cli - desktop - - # other aspects - stylix - niri - ]); - }; -} diff --git a/aspects/users/user_rotterdam.nix b/aspects/users/user_rotterdam.nix deleted file mode 100644 index 36f512d..0000000 --- a/aspects/users/user_rotterdam.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ inputs, lib, ... }: - -{ - flake.homeConfigurations."user@rotterdam" = { - pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = { - inherit inputs; - hostname = "rotterdam"; - }; - modules = [ - { nixpkgs.overlays = [ inputs.self.overlays.default ]; } - { - home = { - username = "user"; - homeDirectory = "/home/user"; - stateVersion = "22.05"; - }; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) ./_user) - ] - ++ (with inputs.self.modules.homeManager; [ - # system aspects - base - cli - desktop - gaming - - # other aspects - stylix - niri - ]); - }; -} From be4553046c151c048cc4bac3bf45f310b32ee5c3 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 19 Feb 2026 09:02:16 -0300 Subject: [PATCH 199/206] nix-ai-tools not that up to date --- aspects/ai.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/aspects/ai.nix b/aspects/ai.nix index e3016e6..99efd60 100644 --- a/aspects/ai.nix +++ b/aspects/ai.nix @@ -4,11 +4,8 @@ { inputs, pkgs, ... }: { environment.systemPackages = - (with pkgs; [ ]) + (with pkgs; [ opencode ]) ++ (with inputs.nix-ai-tools.packages.${pkgs.stdenv.hostPlatform.system}; [ - claude-code - claudebox - opencode ]); }; } From 09b0e64708e2f936e5eed33992cf4ffbb9f48f29 Mon Sep 17 00:00:00 2001 From: William Date: Thu, 19 Feb 2026 09:10:44 -0300 Subject: [PATCH 200/206] determinate nix breaks my systems --- aspects/base/nix.nix | 31 ++--- flake.lock | 322 ++++++++----------------------------------- flake.nix | 1 - 3 files changed, 75 insertions(+), 279 deletions(-) diff --git a/aspects/base/nix.nix b/aspects/base/nix.nix index 29feff8..2442024 100644 --- a/aspects/base/nix.nix +++ b/aspects/base/nix.nix @@ -3,25 +3,24 @@ flake.modules.nixos.nix = { inputs, pkgs, ... }: { - imports = [ - inputs.nixos-cli.nixosModules.nixos-cli - inputs.determinate.nixosModules.default - ]; + imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; - nix.gc = { - automatic = true; - options = "--delete-older-than 8d"; + nix = { + settings = { + auto-optimise-store = true; + connect-timeout = 10; + log-lines = 25; + min-free = 128000000; + max-free = 1000000000; + trusted-users = [ "@wheel" ]; + }; + extraOptions = "experimental-features = nix-command flakes"; + gc = { + automatic = true; + options = "--delete-older-than 8d"; + }; }; - environment.etc."nix/nix.custom.conf".text = '' - auto-optimise-store = true - connect-timeout = 10 - log-lines = 25 - min-free = 128000000 - max-free = 1000000000 - trusted-users = @wheel - ''; - nixpkgs.config = { allowUnfree = true; enableParallelBuilding = true; diff --git a/flake.lock b/flake.lock index 8b17f1e..20de064 100644 --- a/flake.lock +++ b/flake.lock @@ -135,66 +135,9 @@ "type": "github" } }, - "determinate": { - "inputs": { - "determinate-nixd-aarch64-darwin": "determinate-nixd-aarch64-darwin", - "determinate-nixd-aarch64-linux": "determinate-nixd-aarch64-linux", - "determinate-nixd-x86_64-linux": "determinate-nixd-x86_64-linux", - "nix": "nix", - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1771014593, - "narHash": "sha256-NrCFwn20ewJwy/SZoREs+XylerizPCYP54n9qkr31/E=", - "rev": "69b4ff80ae2bbdd1e3f02ccd76a5f2988b118ed2", - "revCount": 397, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.16.0/019c58b5-64dc-77f9-b913-8738b7d338cc/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/DeterminateSystems/determinate/%2A" - } - }, - "determinate-nixd-aarch64-darwin": { - "flake": false, - "locked": { - "narHash": "sha256-PUo0u1iNMB8eTlBNFMCW8/UAn1sGKGqsIYlXaDRhx00=", - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/macOS" - }, - "original": { - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/macOS" - } - }, - "determinate-nixd-aarch64-linux": { - "flake": false, - "locked": { - "narHash": "sha256-jiIWiM88xkEpBQeohSxhl83fn2xoZY0nFkrW6CUAIAI=", - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/aarch64-linux" - }, - "original": { - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/aarch64-linux" - } - }, - "determinate-nixd-x86_64-linux": { - "flake": false, - "locked": { - "narHash": "sha256-qF/NNdHwh3tAHrKIOz2FRq5Q8GcSMzJeEY/PFvGf5vo=", - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/x86_64-linux" - }, - "original": { - "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.16.0/x86_64-linux" - } - }, "disko": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs" }, "locked": { "lastModified": 1769524058, @@ -227,22 +170,6 @@ } }, "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { "flake": false, "locked": { "lastModified": 1767039857, @@ -258,7 +185,7 @@ "type": "github" } }, - "flake-compat_3": { + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1747046372, @@ -275,27 +202,6 @@ } }, "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "determinate", - "nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1748821116, - "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=", - "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1", - "revCount": 377, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/hercules-ci/flake-parts/0.1.377%2Brev-49f0870db23e8c1ca0b5259734a02cd9e1e371a1/01972f28-554a-73f8-91f4-d488cc502f08/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/hercules-ci/flake-parts/0.1" - } - }, - "flake-parts_2": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, @@ -313,7 +219,7 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_2": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_2" }, @@ -331,7 +237,7 @@ "type": "github" } }, - "flake-parts_4": { + "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -352,7 +258,7 @@ "type": "github" } }, - "flake-parts_5": { + "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "terranix", @@ -389,32 +295,6 @@ "type": "github" } }, - "git-hooks-nix": { - "inputs": { - "flake-compat": "flake-compat", - "gitignore": [ - "determinate", - "nix" - ], - "nixpkgs": [ - "determinate", - "nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1747372754, - "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", - "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", - "revCount": 1026, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/cachix/git-hooks.nix/0.1.1026%2Brev-80479b6ec16fefd9c1db3ea13aeb038c60530f46/0196d79a-1b35-7b8e-a021-c894fb62163d/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/cachix/git-hooks.nix/0.1.941" - } - }, "gnome-shell": { "flake": false, "locked": { @@ -521,7 +401,7 @@ "impermanence": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1769548169, @@ -552,31 +432,10 @@ "type": "github" } }, - "nix": { - "inputs": { - "flake-parts": "flake-parts", - "git-hooks-nix": "git-hooks-nix", - "nixpkgs": "nixpkgs", - "nixpkgs-23-11": "nixpkgs-23-11", - "nixpkgs-regression": "nixpkgs-regression" - }, - "locked": { - "lastModified": 1771010067, - "narHash": "sha256-Itk88UC3CxjGjjAb20KI6KrM9tRoGEpbv996fXwAWGo=", - "rev": "5c670e37e884c43e1da0405075c9b9c83d316a6c", - "revCount": 24629, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.16.0/019c589d-45e9-7337-9ff0-a8d78fecf63f/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/DeterminateSystems/nix-src/%2A" - } - }, "nix-ai-tools": { "inputs": { "blueprint": "blueprint", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_3", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -631,9 +490,9 @@ }, "nixos-cli": { "inputs": { - "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_6", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts_2", + "nixpkgs": "nixpkgs_4", "optnix": "optnix" }, "locked": { @@ -652,31 +511,17 @@ }, "nixpkgs": { "locked": { - "lastModified": 1761597516, - "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", - "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55", - "revCount": 811874, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.811874%2Brev-daf6dc47aa4b44791372d6139ab7b25269184d55/019a3494-3498-707e-9086-1fb81badc7fe/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/NixOS/nixpkgs/0.2505" - } - }, - "nixpkgs-23-11": { - "locked": { - "lastModified": 1717159533, - "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=", + "lastModified": 1769330179, + "narHash": "sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv+6jcvA212M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", + "rev": "48698d12cc10555a4f3e3222d9c669b884a49dfe", "type": "github" }, "original": { "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", - "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", "type": "github" } }, @@ -710,22 +555,6 @@ "type": "github" } }, - "nixpkgs-regression": { - "locked": { - "lastModified": 1643052045, - "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - } - }, "nixpkgs-stable": { "locked": { "lastModified": 1770770419, @@ -742,69 +571,7 @@ "type": "github" } }, - "nixpkgs_10": { - "locked": { - "lastModified": 1762111121, - "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { - "locked": { - "lastModified": 1769461804, - "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { - "locked": { - "lastModified": 1770537093, - "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", - "rev": "fef9403a3e4d31b0a23f0bacebbec52c248fbb51", - "revCount": 942631, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nixpkgs-weekly/0.1.942631%2Brev-fef9403a3e4d31b0a23f0bacebbec52c248fbb51/019c4621-ce4f-799f-82f6-b3b29f099b09/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/DeterminateSystems/nixpkgs-weekly/0.1" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1769330179, - "narHash": "sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv+6jcvA212M=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "48698d12cc10555a4f3e3222d9c669b884a49dfe", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { "locked": { "lastModified": 1768564909, "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", @@ -820,7 +587,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_3": { "locked": { "lastModified": 1770843696, "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=", @@ -836,7 +603,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_4": { "locked": { "lastModified": 1767151656, "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", @@ -852,7 +619,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_5": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -868,7 +635,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_6": { "locked": { "lastModified": 1770562336, "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", @@ -884,7 +651,7 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_7": { "locked": { "lastModified": 1767767207, "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", @@ -900,6 +667,38 @@ "type": "github" } }, + "nixpkgs_8": { + "locked": { + "lastModified": 1762111121, + "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_9": { + "locked": { + "lastModified": 1769461804, + "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "noctalia": { "inputs": { "nixpkgs": [ @@ -947,8 +746,8 @@ }, "optnix": { "inputs": { - "flake-compat": "flake-compat_3", - "nixpkgs": "nixpkgs_7" + "flake-compat": "flake-compat_2", + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1765418479, @@ -967,9 +766,8 @@ "root": { "inputs": { "agenix": "agenix", - "determinate": "determinate", "disko": "disko", - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts", "home-manager": "home-manager_2", "impermanence": "impermanence", "import-tree": "import-tree", @@ -977,7 +775,7 @@ "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_6", "nixpkgs-stable": "nixpkgs-stable", "noctalia": "noctalia", "stylix": "stylix", @@ -993,9 +791,9 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_4", + "flake-parts": "flake-parts_3", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_7", "nur": "nur", "systems": "systems_3", "tinted-foot": "tinted-foot", @@ -1095,7 +893,7 @@ }, "terranix": { "inputs": { - "flake-parts": "flake-parts_5", + "flake-parts": "flake-parts_4", "nixpkgs": [ "nixpkgs" ], @@ -1219,7 +1017,7 @@ }, "vicinae": { "inputs": { - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_8", "systems": "systems_5" }, "locked": { @@ -1239,7 +1037,7 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_4", - "nixpkgs": "nixpkgs_11" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1771000521, diff --git a/flake.nix b/flake.nix index c2f801c..2036828 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,6 @@ # nix tools flake-parts.url = "github:hercules-ci/flake-parts"; import-tree.url = "github:vic/import-tree"; - determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*"; # nixos/hm nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; From e9c17f10a5f3c999b46b7941b21db46a5cec68ef Mon Sep 17 00:00:00 2001 From: baduhai Date: Thu, 19 Feb 2026 18:29:03 -0300 Subject: [PATCH 201/206] Update readme.md --- readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/readme.md b/readme.md index 554c5bc..52f8af1 100644 --- a/readme.md +++ b/readme.md @@ -27,14 +27,14 @@ Modular NixOS configuration using flake-parts with the [dendritic](https://githu |------|--------------|------|-------------| | trantor | aarch64-linux | server | ARM server running Forgejo | | alexandria | x86_64-linux | server | x86 server (Kanidm, Vaultwarden, Nextcloud, Jellyfin) | -| rotterdam | x86_64-linux | desktop | Gaming desktop with GPU passthrough | +| rotterdam | x86_64-linux | desktop | Main workstation setup for gaming | | io | x86_64-linux | desktop | Workstation | ## Services - **git.baduhai.dev** (Forgejo) - Publicly accessible on trantor -Other services (LAN/Tailscale only): Kanidm, Vaultwarden, Nextcloud, Jellyfin +Other services (LAN/Tailscale only): Vaultwarden, Nextcloud, Jellyfin ## Features From b16821ef741129fb9053f75325c8831a9e27fab7 Mon Sep 17 00:00:00 2001 From: baduhai Date: Thu, 19 Feb 2026 18:32:43 -0300 Subject: [PATCH 202/206] Update readme.md --- readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/readme.md b/readme.md index 52f8af1..e36ccec 100644 --- a/readme.md +++ b/readme.md @@ -58,8 +58,8 @@ sudo nixos apply Terraform configurations for cloud infrastructure managed via terranix: -- baduhai.dev DNS -- Cloudflare tunnel endpoints +- baduhai.dev DNS on CloudFlare +- VPS provisioning on OCI - Tailscale subnet routers ## Key Dependencies From 87d75380bb7a1661394f86cc58f00f89a45f47ad Mon Sep 17 00:00:00 2001 From: William Date: Fri, 20 Feb 2026 11:14:31 -0300 Subject: [PATCH 203/206] add beeper to web packages --- aspects/desktop/web.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/aspects/desktop/web.nix b/aspects/desktop/web.nix index 8fb960a..4e4fe5b 100644 --- a/aspects/desktop/web.nix +++ b/aspects/desktop/web.nix @@ -10,6 +10,7 @@ { environment.systemPackages = with pkgs; [ inputs.zen-browser.packages."${pkgs.stdenv.hostPlatform.system}".default + beeper bitwarden-desktop fragments nextcloud-client From 834d4d516090f96e44c58dfa8eb409849acc95ea Mon Sep 17 00:00:00 2001 From: William Date: Sun, 22 Feb 2026 16:08:52 -0300 Subject: [PATCH 204/206] add ungoogled-chromium to web aspect --- aspects/desktop/web.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/aspects/desktop/web.nix b/aspects/desktop/web.nix index 4e4fe5b..9d6494f 100644 --- a/aspects/desktop/web.nix +++ b/aspects/desktop/web.nix @@ -15,6 +15,7 @@ fragments nextcloud-client tor-browser + ungoogled-chromium vesktop ]; }; From 84e7f6c51041f3a0dda2f254881f8b0b630e3b44 Mon Sep 17 00:00:00 2001 From: William Date: Mon, 23 Feb 2026 08:31:38 -0300 Subject: [PATCH 205/206] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nix-ai-tools': 'github:numtide/llm-agents.nix/266d4d8a55eef6dd23cd0adced301053d8fc23c9?narHash=sha256-HQXK2CXAhBuTBw99Ip018Vp9MMAPfJVywgRrkwMUgMc%3D' (2026-02-12) → 'github:numtide/llm-agents.nix/db94a329058a1a37b49d3209af85708b3338559a?narHash=sha256-q5Wsb1573qDfIPJctG9CBZP0NMniejoB7SmBLZIVAHg%3D' (2026-02-23) • Updated input 'nix-ai-tools/blueprint': 'github:numtide/blueprint/c7da5c70ad1c9b60b6f5d4f674fbe205d48d8f6c?narHash=sha256-zI%2B7cbMI4wMIR57jMjDSEsVb3grapTnURDxxJPYFIW0%3D' (2026-01-25) → 'github:numtide/blueprint/06ee7190dc2620ea98af9eb225aa9627b68b0e33?narHash=sha256-bLqwib%2BrtyBRRVBWhMuBXPCL/OThfokA%2Bj6%2BuH7jDGU%3D' (2026-02-18) • Updated input 'nix-ai-tools/nixpkgs': 'github:NixOS/nixpkgs/2343bbb58f99267223bc2aac4fc9ea301a155a16?narHash=sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8%3D' (2026-02-11) → 'github:NixOS/nixpkgs/d1c15b7d5806069da59e819999d70e1cec0760bf?narHash=sha256-b9uG8yN50DRQ6A7JdZBfzq718ryYrlmGgqkRm9OOwCE%3D' (2026-02-16) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 20de064..a99cac7 100644 --- a/flake.lock +++ b/flake.lock @@ -100,11 +100,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1769353768, - "narHash": "sha256-zI+7cbMI4wMIR57jMjDSEsVb3grapTnURDxxJPYFIW0=", + "lastModified": 1771437256, + "narHash": "sha256-bLqwib+rtyBRRVBWhMuBXPCL/OThfokA+j6+uH7jDGU=", "owner": "numtide", "repo": "blueprint", - "rev": "c7da5c70ad1c9b60b6f5d4f674fbe205d48d8f6c", + "rev": "06ee7190dc2620ea98af9eb225aa9627b68b0e33", "type": "github" }, "original": { @@ -439,11 +439,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1770907059, - "narHash": "sha256-HQXK2CXAhBuTBw99Ip018Vp9MMAPfJVywgRrkwMUgMc=", + "lastModified": 1771816560, + "narHash": "sha256-q5Wsb1573qDfIPJctG9CBZP0NMniejoB7SmBLZIVAHg=", "owner": "numtide", "repo": "llm-agents.nix", - "rev": "266d4d8a55eef6dd23cd0adced301053d8fc23c9", + "rev": "db94a329058a1a37b49d3209af85708b3338559a", "type": "github" }, "original": { @@ -589,11 +589,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1770843696, - "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=", + "lastModified": 1771207753, + "narHash": "sha256-b9uG8yN50DRQ6A7JdZBfzq718ryYrlmGgqkRm9OOwCE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2343bbb58f99267223bc2aac4fc9ea301a155a16", + "rev": "d1c15b7d5806069da59e819999d70e1cec0760bf", "type": "github" }, "original": { From c3650b73a1310c61c2e67afe0d1347bc4dac852a Mon Sep 17 00:00:00 2001 From: William Date: Mon, 23 Feb 2026 08:32:16 -0300 Subject: [PATCH 206/206] opencode from nix-ai-tools --- aspects/ai.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/aspects/ai.nix b/aspects/ai.nix index 99efd60..f3eb6dd 100644 --- a/aspects/ai.nix +++ b/aspects/ai.nix @@ -4,8 +4,16 @@ { inputs, pkgs, ... }: { environment.systemPackages = - (with pkgs; [ opencode ]) + (with pkgs; [ ]) ++ (with inputs.nix-ai-tools.packages.${pkgs.stdenv.hostPlatform.system}; [ + opencode ]); + + nix.settings = { + extra-substituters = [ "https://cache.numtide.com" ]; + extra-trusted-public-keys = [ + "niks3.numtide.com-1:DTx8wZduET09hRmMtKdQDxNNthLQETkc/yaX7M4qK0g=" + ]; + }; }; }