baduhai/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: baduhai:master
Branches Tags
baduhai:master
baduhai:dendritic-light
baduhai:dendritic
baduhai:terranix
baduhai:refactor
baduhai:dms
baduhai:vim
baduhai:ansible
baduhai:niri
baduhai:hyprland
..
compare: baduhai:ansible
Branches Tags
baduhai:master
baduhai:dendritic-light
baduhai:dendritic
baduhai:terranix
baduhai:refactor
baduhai:dms
baduhai:vim
baduhai:ansible
baduhai:niri
baduhai:hyprland

No commits in common. "master" and "ansible" have entirely different histories.
master ... ansible

135 changed files with 2367 additions and 4203 deletions
Download patch file Download diff file Expand all files Collapse all files

13
.gitignore vendored
View file

@ -1,13 +1,4 @@
# Nix build outputs
result/
result
result-*
.direnv/
oci-trantor/
tailscale-tailnet/
cloudflare-baduhaidev
# Personal notes and temporary files
todo.md
notes.md
scratch/
tmp/
.pre-commit-config.yaml

19
aspects/ai.nix
View file

@ -1,19 +0,0 @@
{ ... }:
{
flake.modules.nixos.ai =
{ inputs, pkgs, ... }:
{
environment.systemPackages =
(with pkgs; [ ])
++ (with inputs.nix-ai-tools.packages.${pkgs.stdenv.hostPlatform.system}; [
opencode
]);
nix.settings = {
extra-substituters = [ "https://cache.numtide.com" ];
extra-trusted-public-keys = [
"niks3.numtide.com-1:DTx8wZduET09hRmMtKdQDxNNthLQETkc/yaX7M4qK0g="
];
};
};
}

16
aspects/base/bash.nix
View file

@ -1,16 +0,0 @@
{ ... }:
{
flake.modules.homeManager.bash =
{
config,
lib,
pkgs,
...
}:
{
programs.bash = {
enable = true;
historyFile = "~/.cache/bash_history";
};
};
}

23
aspects/base/boot.nix
View file

@ -1,23 +0,0 @@
{ ... }:
{
flake.modules.nixos.boot =
{ pkgs, ... }:
{
boot = {
loader = {
timeout = 1;
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
editor = false;
consoleMode = "max";
sortKey = "aa";
netbootxyz = {
enable = true;
sortKey = "zz";
};
};
};
};
};
}

11
aspects/base/console.nix
View file

@ -1,11 +0,0 @@
{ ... }:
{
flake.modules.nixos.console =
{ ... }:
{
console = {
useXkbConfig = true;
earlySetup = true;
};
};
}

11
aspects/base/firewall.nix
View file

@ -1,11 +0,0 @@
{ ... }:
{
flake.modules.nixos.firewall =
{ ... }:
{
networking = {
firewall.enable = true;
nftables.enable = true;
};
};
}

47
aspects/base/fish.nix
View file

@ -1,47 +0,0 @@
{ ... }:
{
flake.modules = {
nixos.fish =
{ ... }:
{
programs.fish.enable = true;
};
homeManager.fish =
{
config,
lib,
pkgs,
...
}:
{
programs.fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting
${lib.getExe pkgs.nix-your-shell} fish | source
'';
loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source";
plugins = [
{
name = "bang-bang";
src = pkgs.fetchFromGitHub {
owner = "oh-my-fish";
repo = "plugin-bang-bang";
rev = "f969c618301163273d0a03d002614d9a81952c1e";
sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ=";
};
}
{
name = "z";
src = pkgs.fetchFromGitHub {
owner = "jethrokuan";
repo = "z";
rev = "067e867debee59aee231e789fc4631f80fa5788e";
sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU=";
};
}
];
};
};
};
}

51
aspects/base/nix.nix
View file

@ -1,51 +0,0 @@
{ ... }:
{
flake.modules.nixos.nix =
{ inputs, pkgs, ... }:
{
imports = [ inputs.nixos-cli.nixosModules.nixos-cli ];
nix = {
settings = {
auto-optimise-store = true;
connect-timeout = 10;
log-lines = 25;
min-free = 128000000;
max-free = 1000000000;
trusted-users = [ "@wheel" ];
};
extraOptions = "experimental-features = nix-command flakes";
gc = {
automatic = true;
options = "--delete-older-than 8d";
};
};
nixpkgs.config = {
allowUnfree = true;
enableParallelBuilding = true;
buildManPages = false;
buildDocs = false;
};
services.nixos-cli = {
enable = true;
config = {
use_nvd = true;
ignore_dirty_tree = true;
apply = {
reexec_as_root = true;
use_nom = true;
};
confirmation.empty = "default-yes";
};
};
environment.systemPackages = with pkgs; [
nix-output-monitor
nvd
];
system.stateVersion = "22.11";
};
}

13
aspects/base/security.nix
View file

@ -1,13 +0,0 @@
{ ... }:
{
flake.modules.nixos.security =
{ ... }:
{
security.sudo = {
wheelNeedsPassword = false;
extraConfig = ''
Defaults lecture = never
'';
};
};
}

32
aspects/base/ssh.nix
View file

@ -1,32 +0,0 @@
{ ... }:
{
flake.modules.nixos.ssh =
{ ... }:
{
services.openssh = {
enable = true;
settings.PermitRootLogin = "no";
extraConfig = ''
PrintLastLog no
'';
};
programs = {
bash.interactiveShellInit = ''
if [ -n "$SSH_CONNECTION" ] && [ -z "$IN_NIX_SHELL" ] && [ -z "$TMUX" ]; then
export TERM=xterm-256color
clear
fastfetch
fi
'';
fish.interactiveShellInit = ''
set fish_greeting
if set -q SSH_CONNECTION; and not set -q IN_NIX_SHELL; and not set -q TMUX
export TERM=xterm-256color
clear
fastfetch
end
'';
};
};
}

16
aspects/bluetooth.nix
View file

@ -1,16 +0,0 @@
{ ... }:
{
flake.modules.nixos.bluetooth =
{
config,
lib,
pkgs,
...
}:
{
hardware.bluetooth = {
enable = true;
powerOnBoot = false;
};
};
}

28
aspects/cli/btop.nix
View file

@ -1,28 +0,0 @@
{ ... }:
{
flake.modules = {
nixos.btop =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ btop ];
};
homeManager.btop =
{
config,
lib,
pkgs,
...
}:
{
programs.btop = {
enable = true;
settings = {
theme_background = false;
proc_sorting = "cpu direct";
update_ms = 500;
};
};
};
};
}

16
aspects/cli/comma.nix
View file

@ -1,16 +0,0 @@
{ ... }:
{
flake.modules.homeManager.comma =
{
config,
lib,
pkgs,
inputs,
...
}:
{
imports = [ inputs.nix-index-database.homeModules.nix-index ];
programs.nix-index-database.comma.enable = true;
};
}

16
aspects/cli/direnv.nix
View file

@ -1,16 +0,0 @@
{ ... }:
{
flake.modules.homeManager.direnv =
{
config,
lib,
pkgs,
...
}:
{
programs.direnv = {
enable = true;
nix-direnv.enable = true;
};
};
}

67
aspects/cli/helix.nix
View file

@ -1,67 +0,0 @@
{ ... }:
{
flake.modules = {
nixos.helix =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
helix
];
};
homeManager.helix =
{
config,
lib,
pkgs,
...
}:
{
home.sessionVariables = {
EDITOR = "hx";
};
programs.helix = {
enable = true;
settings = {
editor = {
file-picker.hidden = false;
idle-timeout = 0;
line-number = "relative";
cursor-shape = {
normal = "underline";
insert = "bar";
select = "underline";
};
soft-wrap.enable = true;
auto-format = true;
indent-guides.render = true;
};
keys.normal = {
space = {
o = "file_picker_in_current_buffer_directory";
esc = [
"collapse_selection"
"keep_primary_selection"
];
};
};
};
languages = {
language = [
{
name = "nix";
auto-format = true;
formatter.command = "nixfmt";
}
{
name = "typst";
auto-format = true;
formatter.command = "typstyle -c 1000 -i";
}
];
};
};
};
};
}

18
aspects/cli/hm-cli.nix
View file

@ -1,18 +0,0 @@
{ ... }:
{
flake.modules.homeManager.hm-cli =
{
config,
lib,
pkgs,
...
}:
{
home = {
packages = with pkgs; [ hm-cli ];
sessionVariables = {
HM_PATH = "/etc/nixos";
};
};
};
}

48
aspects/cli/starship.nix
View file

@ -1,48 +0,0 @@
{ ... }:
{
flake.modules.homeManager.starship =
{
config,
lib,
pkgs,
...
}:
{
programs.starship = {
enable = true;
enableBashIntegration = true;
enableFishIntegration = true;
settings = {
add_newline = false;
format = ''
$hostname$directory$git_branch$git_status$nix_shell
[ ](bold green)
'';
right_format = "$cmd_duration$character";
hostname = {
ssh_symbol = "󰖟 ";
};
character = {
error_symbol = "[](red)";
success_symbol = "[󱐋](green)";
};
cmd_duration = {
format = "[󰄉 $duration ]($style)";
style = "yellow";
min_time = 500;
};
git_branch = {
symbol = " ";
style = "purple";
};
git_status.style = "red";
nix_shell = {
format = "via [$symbol$state]($style)";
heuristic = true;
style = "blue";
symbol = "󱄅 ";
};
};
};
};
}

29
aspects/cli/tmux.nix
View file

@ -1,29 +0,0 @@
{ ... }:
{
flake.modules = {
nixos.tmux =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
tmux
];
};
homeManager.tmux =
{
config,
lib,
pkgs,
...
}:
{
programs.tmux = {
enable = true;
clock24 = true;
terminal = "xterm-256color";
mouse = true;
keyMode = "vi";
};
};
};
}

217
aspects/constants.nix
View file

@ -1,217 +0,0 @@
{
inputs,
lib,
config,
...
}:
let
# Host submodule type
hostType = lib.types.submodule {
options = {
lanIP = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "LAN IP address for the host";
};
tailscaleIP = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Tailscale IP address for the host";
};
};
};
# Service submodule type
serviceType = lib.types.submodule {
options = {
name = lib.mkOption {
type = lib.types.str;
description = "Service name";
};
domain = lib.mkOption {
type = lib.types.str;
description = "Domain name for the service";
};
host = lib.mkOption {
type = lib.types.str;
description = "Host where the service runs";
};
public = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Whether the service is publicly accessible";
};
lanIP = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "LAN IP address (inherited from host)";
};
tailscaleIP = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Tailscale IP address (inherited from host)";
};
};
};
# Import shared data (also used by terranix)
sharedData = import ../data/services.nix;
# Enrich services with host IP information
enrichServices =
hosts: services:
map (
svc:
let
hostInfo = hosts.${svc.host} or { };
in
svc
// {
lanIP = hostInfo.lanIP or null;
tailscaleIP = hostInfo.tailscaleIP or null;
}
) services;
in
{
options.flake = {
hosts = lib.mkOption {
type = lib.types.attrsOf hostType;
default = { };
description = "Host definitions with IP addresses";
};
services = lib.mkOption {
type = lib.types.listOf serviceType;
default = [ ];
description = "Service definitions with enriched host information";
};
lib = lib.mkOption {
type = lib.types.attrsOf lib.types.raw;
default = { };
description = "Utility functions for flake configuration";
};
};
config.flake = {
hosts = sharedData.hosts;
services = enrichServices config.flake.hosts sharedData.services;
lib = {
# Nginx virtual host utilities
mkNginxVHosts =
{ domains }:
let
mkVHostConfig =
domain: vhostConfig:
lib.recursiveUpdate {
useACMEHost = domain;
forceSSL = true;
kTLS = true;
} vhostConfig;
in
lib.mapAttrs mkVHostConfig domains;
# Split DNS utilities for unbound
# Generates unbound view config from a list of DNS entries
mkSplitDNS =
entries:
let
tailscaleData = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') entries;
lanData = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') entries;
in
[
{
name = "tailscale";
view-first = true;
local-zone = ''"baduhai.dev." transparent'';
local-data = tailscaleData;
}
{
name = "lan";
view-first = true;
local-zone = ''"baduhai.dev." transparent'';
local-data = lanData;
}
];
# Generates flake.homeConfigurations
mkHomeConfiguration =
{
user,
hostname,
system ? "x86_64-linux",
stateVersion ? "22.05",
nixpkgs ? inputs.nixpkgs, # override with e.g. inputs.nixpkgs-stable
userModules ? [ ],
overlays ? [ inputs.self.overlays.default ],
homeManagerModules ? with inputs.self.modules.homeManager; [
base
cli
],
userDirectory ? "/home/${user}",
}:
inputs.home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.${system};
extraSpecialArgs = {
inherit inputs hostname;
};
modules = [
{ nixpkgs.overlays = overlays; }
{
home = {
username = user;
homeDirectory = userDirectory;
inherit stateVersion;
};
}
((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p))
"/${inputs.self}/aspects/users/_${user}"
)
]
++ homeManagerModules
++ userModules;
};
# Generates flake.nixosConfigurations
mkHost =
{
hostname,
system ? "x86_64-linux",
nixpkgs ? inputs.nixpkgs,
overlays ? [
inputs.agenix.overlays.default
inputs.self.overlays.default
],
ephemeralRootDev ? null, # pass rootDevice string to enable, e.g. ephemeralephemeralRootDev = "/dev/mapper/cryptroot"
nixosModules ? with inputs.self.modules.nixos; [
base
cli
user
root
],
extraModules ? [ ],
}:
nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs; };
modules = [
inputs.agenix.nixosModules.default
{ networking.hostName = hostname; }
{ nixpkgs.overlays = overlays; }
((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p))
"${inputs.self}/aspects/hosts/_${hostname}"
)
]
++ (lib.optional (ephemeralRootDev != null) (
inputs.self.factory.ephemeral { rootDevice = ephemeralRootDev; }
))
++ nixosModules
++ extraModules;
};
};
};
}

25
aspects/desktop/graphics.nix
View file

@ -1,25 +0,0 @@
{ ... }:
{
flake.modules.nixos.graphics =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
gimp
inkscape
plasticity
];
services.flatpak.packages = [
"com.boxy_svg.BoxySVG"
rec {
appId = "io.github.softfever.OrcaSlicer";
sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1";
bundle = "${pkgs.fetchurl {
url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak";
inherit sha256;
}}";
}
];
};
}

29
aspects/desktop/media.nix
View file

@ -1,29 +0,0 @@
{ ... }:
{
flake.modules = {
nixos.media =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
decibels
loupe
obs-studio
showtime
];
};
homeManager.media =
{ pkgs, ... }:
{
programs.obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [
obs-vkcapture
obs-backgroundremoval
obs-pipewire-audio-capture
];
};
};
};
}

246
aspects/desktop/niri.nix
View file

@ -1,246 +0,0 @@
{ ... }:
{
flake.modules = {
nixos.niri =
{
config,
lib,
pkgs,
...
}:
{
services.greetd.settings = {
default_session.command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session";
};
programs.niri.enable = true;
};
homeManager.niri =
{
config,
lib,
pkgs,
inputs,
hostname ? null,
...
}:
let
isRotterdam = hostname == "rotterdam";
in
{
imports = [ inputs.noctalia.homeModules.default ];
services.kanshi = {
enable = true;
settings = [
{
profile.name = "default";
profile.outputs = [
{
criteria = "*";
scale = 1.0;
}
];
}
];
};
home = {
packages = with pkgs; [
xwayland-satellite
inputs.noctalia.packages.${pkgs.stdenv.hostPlatform.system}.default
];
sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3";
};
xdg.configFile."niri/config.kdl".text = ''
input {
keyboard {
xkb {
layout "us"
variant "altgr-intl"
}
}
touchpad {
tap
dwt
drag true
drag-lock
natural-scroll
accel-speed 0.2
accel-profile "flat"
scroll-method "two-finger"
middle-emulation
}
mouse {
natural-scroll
accel-speed 0.2
accel-profile "flat"
}
warp-mouse-to-focus mode="center-xy"
focus-follows-mouse
}
output "LG Electronics LG ULTRAWIDE 206AZFM5E459" {
layout {
preset-column-widths {
proportion 0.33333
proportion 0.5
proportion 0.66667
}
default-column-width { proportion 0.33333; }
}
}
layout {
gaps 8
center-focused-column "never"
always-center-single-column
empty-workspace-above-first
preset-column-widths {
proportion 0.5
proportion 1.0
}
default-column-width { proportion 0.5; }
focus-ring {
off
}
border {
width 4
active-color "#ffc87f"
inactive-color "#505050"
urgent-color "#9b0000"
}
tab-indicator {
width 4
gap 4
place-within-column
}
}
overview {
zoom 0.65
}
spawn-at-startup "noctalia-shell" "-d"
spawn-at-startup "${lib.getExe pkgs.niri-auto-centre}"
layer-rule {
match namespace="^noctalia-overview*"
place-within-backdrop true
}
hotkey-overlay {
skip-at-startup
}
prefer-no-csd
screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png"
animations {
slowdown 0.3
}
window-rule {
match app-id="zen"
default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; }
}
window-rule {
geometry-corner-radius 12
clip-to-geometry true
}
config-notification {
disable-failed
}
binds {
Alt+Space repeat=false { spawn "vicinae" "toggle"; }
XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; }
XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; }
XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; }
XF86MonBrightnessUp allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "increase"; }
XF86MonBrightnessDown allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "decrease"; }
XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; }
XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; }
XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; }
XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; }
Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; }
Mod+Shift+L repeat=false { spawn "noctalia-shell" "ipc" "call" "lockScreen" "lock"; }
Mod+Return { spawn "ghostty"; }
Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; }
Mod+W repeat=false { toggle-overview; }
Mod+Q { close-window; }
Alt+Shift+Q { close-window;}
Mod+Shift+Q { close-window; }
Alt+F4 { close-window; }
Mod+Left { focus-column-left; }
Mod+Down { focus-window-or-workspace-down; }
Mod+Up { focus-window-or-workspace-up; }
Mod+Right { focus-column-right; }
Mod+H { focus-column-left; }
Mod+L { focus-column-right; }
Mod+J { focus-window-or-workspace-down; }
Mod+K { focus-window-or-workspace-up; }
Mod+Ctrl+Left { move-column-left; }
Mod+Ctrl+Down { move-window-down-or-to-workspace-down; }
Mod+Ctrl+Up { move-window-up-or-to-workspace-up; }
Mod+Ctrl+Right { move-column-right; }
Mod+Ctrl+H { move-column-left; }
Mod+Ctrl+J { move-window-down-or-to-workspace-down; }
Mod+Ctrl+K { move-window-up-or-to-workspace-up; }
Mod+Ctrl+L { move-column-right; }
Mod+Home { focus-column-first; }
Mod+End { focus-column-last; }
Mod+Ctrl+Home { move-column-to-first; }
Mod+Ctrl+End { move-column-to-last; }
Mod+Alt+Left { focus-monitor-left; }
Mod+Alt+Down { focus-monitor-down; }
Mod+Alt+Up { focus-monitor-up; }
Mod+Alt+Right { focus-monitor-right; }
Mod+Alt+H { focus-monitor-left; }
Mod+Alt+J { focus-monitor-down; }
Mod+Alt+K { focus-monitor-up; }
Mod+Alt+L { focus-monitor-right; }
Mod+Alt+Ctrl+Left { move-column-to-monitor-left; }
Mod+Alt+Ctrl+Down { move-column-to-monitor-down; }
Mod+Alt+Ctrl+Up { move-column-to-monitor-up; }
Mod+Alt+Ctrl+Right { move-column-to-monitor-right; }
Mod+Alt+Ctrl+H { move-column-to-monitor-left; }
Mod+Alt+Ctrl+J { move-column-to-monitor-down; }
Mod+Alt+Ctrl+K { move-column-to-monitor-up; }
Mod+Alt+Ctrl+L { move-column-to-monitor-right; }
Mod+Ctrl+U { move-workspace-down; }
Mod+Ctrl+I { move-workspace-up; }
Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; }
Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; }
Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; }
Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; }
Mod+Shift+WheelScrollDown { focus-column-right; }
Mod+Shift+WheelScrollUp { focus-column-left; }
Mod+Ctrl+Shift+WheelScrollDown { move-column-right; }
Mod+Ctrl+Shift+WheelScrollUp { move-column-left; }
Mod+BracketLeft { consume-or-expel-window-left; }
Mod+BracketRight { consume-or-expel-window-right; }
Mod+Comma { consume-window-into-column; }
Mod+Period { expel-window-from-column; }
Mod+R { switch-preset-column-width; }
Mod+F { maximize-column; }
Mod+Ctrl+F { fullscreen-window; }
Mod+C { center-visible-columns; }
Mod+Ctrl+C { center-column; }
Mod+Space { toggle-window-floating; }
Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; }
Mod+T { toggle-column-tabbed-display; }
Print { screenshot-screen; }
Mod+Print { screenshot; }
Ctrl+Print { screenshot-window; }
Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; }
Mod+Alt+E { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; }
Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; }
Mod+Ctrl+P { power-off-monitors; }
}
'';
};
};
}

23
aspects/desktop/office.nix
View file

@ -1,23 +0,0 @@
{ ... }:
{
flake.modules.nixos.office =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
aspell
aspellDicts.de
aspellDicts.en
aspellDicts.en-computers
aspellDicts.pt_BR
glow
papers
presenterm
rnote
];
services.flatpak.packages = [
"com.collabora.Office"
];
};
}

22
aspects/desktop/web.nix
View file

@ -1,22 +0,0 @@
{ ... }:
{
flake.modules.nixos.web =
{
inputs,
pkgs,
...
}:
{
environment.systemPackages = with pkgs; [
inputs.zen-browser.packages."${pkgs.stdenv.hostPlatform.system}".default
beeper
bitwarden-desktop
fragments
nextcloud-client
tor-browser
ungoogled-chromium
vesktop
];
};
}

23
aspects/dev.nix
View file

@ -1,23 +0,0 @@
{ ... }:
{
flake.modules.nixos.dev =
{
config,
lib,
pkgs,
...
}:
{
environment.systemPackages = with pkgs; [
android-tools
lazygit
fd
fzf
nixfmt
nix-init
ripgrep
];
users.users.user.extraGroups = [ "adbusers" ];
};
}

139
aspects/ephemeral.nix
View file

@ -1,139 +0,0 @@
# Ephemeral root aspect - provides automatic btrfs root subvolume rollover
# Exports both a base module with options and a factory function for easy configuration
{ inputs, ... }:
{
# Base module with options (for external flakes or direct use)
flake.modules.nixos.ephemeral =
{ lib, config, ... }:
let
cfg = config.ephemeral;
in
{
options.ephemeral = {
enable = lib.mkEnableOption "ephemeral root with automatic rollback";
rootDevice = lib.mkOption {
type = lib.types.str;
example = "/dev/mapper/cryptroot";
description = "Device path for the root btrfs filesystem";
};
rootSubvolume = lib.mkOption {
type = lib.types.str;
default = "@root";
description = "Name of the root btrfs subvolume";
};
oldRootRetentionDays = lib.mkOption {
type = lib.types.int;
default = 30;
description = "Number of days to keep old root snapshots before deletion";
};
};
config = lib.mkIf cfg.enable {
boot.initrd.systemd.services.recreate-root = {
description = "Rolling over and creating new filesystem root";
requires = [ "initrd-root-device.target" ];
after = [
"local-fs-pre.target"
"initrd-root-device.target"
];
requiredBy = [ "initrd-root-fs.target" ];
before = [ "sysroot.mount" ];
unitConfig = {
AssertPathExists = "/etc/initrd-release";
DefaultDependencies = false;
};
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
set -euo pipefail
mkdir /btrfs_tmp
if ! mount ${cfg.rootDevice} /btrfs_tmp; then
echo "ERROR: Failed to mount ${cfg.rootDevice}"
exit 1
fi
if [[ -e /btrfs_tmp/${cfg.rootSubvolume} ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/${cfg.rootSubvolume})" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/${cfg.rootSubvolume} "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +${toString cfg.oldRootRetentionDays}); do
delete_subvolume_recursively "$i"
done
if ! btrfs subvolume create /btrfs_tmp/${cfg.rootSubvolume}; then
echo "ERROR: Failed to create subvolume ${cfg.rootSubvolume}"
umount /btrfs_tmp
exit 1
fi
umount /btrfs_tmp
'';
};
};
};
# Factory function that generates configured modules
flake.factory.ephemeral =
{
rootDevice,
rootSubvolume ? "@root",
retentionDays ? 30,
persistentStoragePath ? "/persistent",
persistentFiles ? [
"/etc/machine-id"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
],
persistentDirectories ? [
"/etc/NetworkManager/system-connections"
"/etc/nixos"
"/var/lib/bluetooth"
"/var/lib/flatpak"
"/var/lib/lxd"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/var/lib/systemd/timers"
"/var/lib/tailscale"
"/var/log"
],
}:
{ ... }:
{
imports = [
inputs.impermanence.nixosModules.impermanence
inputs.self.modules.nixos.ephemeral
];
ephemeral = {
enable = true;
inherit rootDevice rootSubvolume;
oldRootRetentionDays = retentionDays;
};
fileSystems."/persistent".neededForBoot = true;
environment.persistence.main = {
inherit persistentStoragePath;
files = persistentFiles;
directories = persistentDirectories;
};
};
}

13
aspects/fwupd.nix
View file

@ -1,13 +0,0 @@
{ ... }:
{
flake.modules.nixos.fwupd =
{
config,
lib,
pkgs,
...
}:
{
services.fwupd.enable = true;
};
}

47
aspects/gaming/mangohud.nix
View file

@ -1,47 +0,0 @@
{ ... }:
{
flake.modules = {
nixos.mangohud =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
mangohud
];
};
homeManager.mangohud =
{ config, ... }:
{
programs.mangohud = {
enable = true;
enableSessionWide = true;
settings = {
position = "top-left";
fps = true;
frametime = false;
frame_timing = false;
gpu_stats = true;
gpu_temp = true;
gpu_power = true;
cpu_stats = true;
cpu_temp = true;
cpu_power = true;
ram = true;
vram = true;
gamemode = false;
vkbasalt = false;
version = false;
engine_version = false;
vulkan_driver = false;
wine = false;
time = false;
fps_sampling_period = 500;
toggle_hud = "Shift_L+F12";
toggle_logging = "Ctrl_L+F2";
output_folder = "${config.home.homeDirectory}/.local/share/mangohud";
};
};
};
};
}

24
aspects/gaming/steam.nix
View file

@ -1,24 +0,0 @@
{ ... }:
{
flake.modules.nixos.steam =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
steam-run
];
programs = {
steam = {
enable = true;
extraCompatPackages = [ pkgs.proton-ge-bin ];
};
gamemode.enable = true;
};
services.flatpak.packages = [
"com.steamgriddb.SGDBoop"
"io.github.Foldex.AdwSteamGtk"
];
};
}

14
aspects/hosts/_alexandria/jellyfin.nix
View file

@ -1,14 +0,0 @@
{ lib, inputs, ... }:
let
mkNginxVHosts = inputs.self.lib.mkNginxVHosts;
in
{
services.jellyfin = {
enable = true;
openFirewall = true;
};
services.nginx.virtualHosts = mkNginxVHosts {
domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/";
};
}

95
aspects/hosts/_alexandria/nextcloud.nix
View file

@ -1,95 +0,0 @@
{
config,
inputs,
pkgs,
...
}:
let
mkNginxVHosts = inputs.self.lib.mkNginxVHosts;
in
{
services = {
nextcloud = {
enable = true;
package = pkgs.nextcloud32;
datadir = "/data/nextcloud";
hostName = "cloud.baduhai.dev";
configureRedis = true;
https = true;
secretFile = config.age.secrets."nextcloud-secrets.json".path;
database.createLocally = true;
maxUploadSize = "16G";
extraApps = {
inherit (config.services.nextcloud.package.packages.apps)
calendar
contacts
notes
tasks
user_oidc
;
};
extraAppsEnable = true;
caching = {
apcu = true;
redis = true;
};
settings = {
trusted_proxies = [ "127.0.0.1" ];
default_phone_region = "BR";
maintenance_window_start = "4";
allow_local_remote_servers = true;
enabledPreviewProviders = [
"OC\\Preview\\BMP"
"OC\\Preview\\EMF"
"OC\\Preview\\Font"
"OC\\Preview\\GIF"
"OC\\Preview\\HEIC"
"OC\\Preview\\Illustrator"
"OC\\Preview\\JPEG"
"OC\\Preview\\Krita"
"OC\\Preview\\MarkDown"
"OC\\Preview\\Movie"
"OC\\Preview\\MP3"
"OC\\Preview\\MSOffice2003"
"OC\\Preview\\MSOffice2007"
"OC\\Preview\\MSOfficeDoc"
"OC\\Preview\\OpenDocument"
"OC\\Preview\\PDF"
"OC\\Preview\\Photoshop"
"OC\\Preview\\PNG"
"OC\\Preview\\Postscript"
"OC\\Preview\\SVG"
"OC\\Preview\\TIFF"
"OC\\Preview\\TXT"
"OC\\Preview\\XBitmap"
];
};
config = {
dbtype = "pgsql";
adminpassFile = config.age.secrets.nextcloud-adminpass.path;
};
phpOptions = {
"opcache.interned_strings_buffer" = "16";
};
};
nginx.virtualHosts = mkNginxVHosts {
domains."cloud.baduhai.dev" = { };
};
};
age.secrets = {
"nextcloud-secrets.json" = {
file = "${inputs.self}/secrets/nextcloud-secrets.json.age";
owner = "nextcloud";
group = "nextcloud";
};
nextcloud-adminpass = {
file = "${inputs.self}/secrets/nextcloud-adminpass.age";
owner = "nextcloud";
group = "nextcloud";
};
};
}

58
aspects/hosts/_alexandria/nginx.nix
View file

@ -1,58 +0,0 @@
{
config,
lib,
inputs,
...
}:
let
services = inputs.self.services;
# Get all unique domains from shared services that have LAN IPs (served by this host)
localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "alexandria") services));
# Generate ACME cert configs for all local domains
acmeCerts = lib.genAttrs localDomains (domain: {
group = "nginx";
});
in
{
security.acme = {
acceptTerms = true;
defaults = {
email = "baduhai@proton.me";
dnsResolver = "1.1.1.1:53";
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets.cloudflare.path;
};
certs = acmeCerts;
};
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"_" = {
default = true;
locations."/".return = "444";
};
};
};
users.users.nginx.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [
80
443
];
age.secrets.cloudflare = {
file = "${inputs.self}/secrets/cloudflare.age";
owner = "nginx";
group = "nginx";
};
}

57
aspects/hosts/_alexandria/unbound.nix
View file

@ -1,57 +0,0 @@
{ inputs, lib, ... }:
let
services = inputs.self.services;
in
{
services.unbound = {
enable = true;
enableRootTrustAnchor = true;
settings = {
server = {
interface = [
"0.0.0.0"
"::"
];
access-control = [
"127.0.0.0/8 allow"
"192.168.0.0/16 allow"
"::1/128 allow"
];
num-threads = 2;
msg-cache-size = "50m";
rrset-cache-size = "100m";
cache-min-ttl = 300;
cache-max-ttl = 86400;
prefetch = true;
prefetch-key = true;
hide-identity = true;
hide-version = true;
so-rcvbuf = "1m";
so-sndbuf = "1m";
# LAN-only DNS records
local-zone = ''"baduhai.dev." transparent'';
local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') (lib.filter (e: e.lanIP != null) services);
};
forward-zone = [
{
name = ".";
forward-addr = [
"1.1.1.1@853#cloudflare-dns.com"
"1.0.0.1@853#cloudflare-dns.com"
];
forward-tls-upstream = true;
}
];
};
};
networking.firewall = {
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 ];
};
}

25
aspects/hosts/_alexandria/vaultwarden.nix
View file

@ -1,25 +0,0 @@
{
config,
lib,
inputs,
...
}:
let
mkNginxVHosts = inputs.self.lib.mkNginxVHosts;
in
{
services.vaultwarden = {
enable = true;
config = {
DOMAIN = "https://pass.baduhai.dev";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 58222;
};
};
services.nginx.virtualHosts = mkNginxVHosts {
domains."pass.baduhai.dev".locations."/".proxyPass =
"http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/";
};
}

79
aspects/hosts/_io/disko.nix
View file

@ -1,79 +0,0 @@
{ inputs, ... }:
{
imports = [ inputs.disko.nixosModules.default ];
disko.devices.disk.main = {
type = "disk";
device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
start = "1MiB";
end = "1GiB";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot/efi";
mountOptions = [
"noatime"
"fmask=0077"
"dmask=0077"
];
};
};
cryptroot = {
priority = 2;
name = "root";
size = "100%";
content = {
type = "luks";
name = "cryptroot";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"@root" = {
mountpoint = "/";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@root"
];
};
"@home" = {
mountpoint = "/home";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@home"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@nix"
];
};
"@persistent" = {
mountpoint = "/persistent";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@persistent"
];
};
};
};
};
};
};
};
};
}

6
aspects/hosts/_trantor/boot.nix
View file

@ -1,6 +0,0 @@
{
boot = {
initrd.systemd.enable = true;
loader.efi.efiSysMountPoint = "/boot/efi";
};
}

64
aspects/hosts/_trantor/disko.nix
View file

@ -1,64 +0,0 @@
{ inputs, ... }:
{
imports = [ inputs.disko.nixosModules.default ];
disko.devices.disk.main = {
type = "disk";
device = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
start = "1MiB";
end = "512MiB";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot/efi";
mountOptions = [
"noatime"
"fmask=0077"
"dmask=0077"
];
};
};
root = {
priority = 2;
name = "root";
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"@root" = {
mountpoint = "/";
mountOptions = [
"noatime"
"compress=zstd"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"noatime"
"compress=zstd"
];
};
"@persistent" = {
mountpoint = "/persistent";
mountOptions = [
"noatime"
"compress=zstd"
];
};
};
};
};
};
};
};
}

23
aspects/hosts/_trantor/fail2ban.nix
View file

@ -1,23 +0,0 @@
{ config, pkgs, ... }:
{
services.fail2ban = {
enable = true;
maxretry = 5;
ignoreIP = [
"127.0.0.0/8"
"::1"
"10.0.0.0/8"
"172.16.0.0/12"
"192.168.0.0/16"
"100.64.0.0/10"
];
bantime = "1h";
bantime-increment = {
enable = true;
multipliers = "1 2 4 8 16 32 64";
maxtime = "10000h";
overalljails = true;
};
};
}

76
aspects/hosts/_trantor/forgejo.nix
View file

@ -1,76 +0,0 @@
{
config,
lib,
inputs,
...
}:
let
mkNginxVHosts = inputs.self.lib.mkNginxVHosts;
in
{
services = {
forgejo = {
enable = true;
settings = {
session.COOKIE_SECURE = true;
server = {
PROTOCOL = "http+unix";
DOMAIN = "git.baduhai.dev";
ROOT_URL = "https://git.baduhai.dev";
OFFLINE_MODE = true; # disable use of CDNs
SSH_DOMAIN = "git.baduhai.dev";
SSH_USER = "forgejo";
SSH_PORT = lib.head config.services.openssh.ports;
};
log.LEVEL = "Warn";
mailer.ENABLED = false;
actions.ENABLED = false;
service.DISABLE_REGISTRATION = true;
oauth2_client = {
ENABLE_AUTO_REGISTRATION = true;
UPDATE_AVATAR = true;
ACCOUNT_LINKING = "login";
USERNAME = "preferred_username";
};
};
};
nginx.virtualHosts = mkNginxVHosts {
domains."git.baduhai.dev".locations."/".proxyPass =
"http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/";
};
fail2ban.jails.forgejo = {
settings = {
enabled = true;
filter = "forgejo";
maxretry = 3;
findtime = "10m";
bantime = "1h";
};
};
};
environment = {
etc."fail2ban/filter.d/forgejo.conf".text = ''
[Definition]
failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
ignoreregex =
journalmatch = _SYSTEMD_UNIT=forgejo.service
'';
persistence.main.directories = [
{
directory = config.services.forgejo.stateDir;
inherit (config.services.forgejo) user group;
mode = "0700";
}
];
};
# Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories
systemd.services.forgejo.serviceConfig = {
PrivateMounts = lib.mkForce false;
ProtectSystem = lib.mkForce false;
};
}

20
aspects/hosts/_trantor/hardware-configuration.nix
View file

@ -1,20 +0,0 @@
{
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"virtio_pci"
"virtio_scsi"
"usbhid"
];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

56
aspects/hosts/_trantor/nginx.nix
View file

@ -1,56 +0,0 @@
{
config,
lib,
inputs,
...
}:
let
services = inputs.self.services;
localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "trantor") services));
acmeCerts = lib.genAttrs localDomains (domain: {
group = "nginx";
});
in
{
security.acme = {
acceptTerms = true;
defaults = {
email = "baduhai@proton.me";
dnsResolver = "1.1.1.1:53";
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets.cloudflare.path;
};
certs = acmeCerts;
};
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"_" = {
default = true;
locations."/".return = "444";
};
};
};
users.users.nginx.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [
80
443
];
age.secrets.cloudflare = {
file = "${inputs.self}/secrets/cloudflare.age";
owner = "nginx";
group = "nginx";
};
}

23
aspects/hosts/_trantor/openssh.nix
View file

@ -1,23 +0,0 @@
{ ... }:
{
services = {
openssh = {
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
fail2ban.jails.sshd = {
settings = {
enabled = true;
port = "ssh";
filter = "sshd";
logpath = "/var/log/auth.log";
maxretry = 3;
findtime = "10m";
bantime = "1h";
};
};
};
}

58
aspects/hosts/_trantor/unbound.nix
View file

@ -1,58 +0,0 @@
{ inputs, lib, ... }:
let
services = inputs.self.services;
in
{
services.unbound = {
enable = true;
enableRootTrustAnchor = true;
settings = {
server = {
interface = [
"0.0.0.0"
"::"
];
access-control = [
"127.0.0.0/8 allow"
"100.64.0.0/10 allow" # Tailscale CGNAT range
"::1/128 allow"
"fd7a:115c:a1e0::/48 allow" # Tailscale IPv6
];
num-threads = 2;
msg-cache-size = "50m";
rrset-cache-size = "100m";
cache-min-ttl = 300;
cache-max-ttl = 86400;
prefetch = true;
prefetch-key = true;
hide-identity = true;
hide-version = true;
so-rcvbuf = "1m";
so-sndbuf = "1m";
# Tailnet DNS records from shared services
local-zone = ''"baduhai.dev." transparent'';
local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') services;
};
forward-zone = [
{
name = ".";
forward-addr = [
"1.1.1.1@853#cloudflare-dns.com"
"1.0.0.1@853#cloudflare-dns.com"
];
forward-tls-upstream = true;
}
];
};
};
networking.firewall = {
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 ];
};
}

19
aspects/hosts/alexandria.nix
View file

@ -1,19 +0,0 @@
{ inputs, ... }:
let
mkHost = inputs.self.lib.mkHost;
in
{
flake.nixosConfigurations.alexandria = mkHost {
hostname = "alexandria";
nixpkgs = inputs.nixpkgs-stable;
extraModules = with inputs.self.modules.nixos; [
# base aspects
server
# other aspects
fwupd
libvirtd
];
};
}

24
aspects/hosts/io.nix
View file

@ -1,24 +0,0 @@
{ inputs, ... }:
let
mkHost = inputs.self.lib.mkHost;
in
{
flake.nixosConfigurations.io = mkHost {
hostname = "io";
ephemeralRootDev = "/dev/mapper/cryptroot";
extraModules = with inputs.self.modules.nixos; [
# base aspects
desktop
# other aspects
ai
bluetooth
dev
libvirtd
networkmanager
niri
podman
];
};
}

26
aspects/hosts/rotterdam.nix
View file

@ -1,26 +0,0 @@
{ inputs, ... }:
let
mkHost = inputs.self.lib.mkHost;
in
{
flake.nixosConfigurations.rotterdam = mkHost {
hostname = "rotterdam";
ephemeralRootDev = "/dev/mapper/cryptroot";
extraModules = with inputs.self.modules.nixos; [
# base aspects
desktop
gaming
# other aspects
ai
bluetooth
dev
fwupd
libvirtd
networkmanager
niri
podman
];
};
}

18
aspects/hosts/trantor.nix
View file

@ -1,18 +0,0 @@
{ inputs, ... }:
let
mkHost = inputs.self.lib.mkHost;
in
{
flake.nixosConfigurations.trantor = mkHost {
hostname = "trantor";
system = "aarch64-linux";
nixpkgs = inputs.nixpkgs-stable;
ephemeralRootDev = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2";
extraModules = with inputs.self.modules.nixos; [
# base aspects
server
];
};
}

27
aspects/libvirtd.nix
View file

@ -1,27 +0,0 @@
{ ... }:
{
flake.modules.nixos.libvirtd =
{
config,
lib,
pkgs,
...
}:
{
virtualisation = {
libvirtd.enable = true;
spiceUSBRedirection.enable = true;
};
programs.virt-manager.enable = true;
environment.systemPackages = with pkgs; [ lima ];
networking.firewall.trustedInterfaces = [ "virbr0" ];
users.users.user.extraGroups = [
"libvirt"
"libvirtd"
];
};
}

22
aspects/lxc.nix
View file

@ -1,22 +0,0 @@
{ ... }:
{
flake.modules.nixos.lxc =
{
config,
lib,
pkgs,
...
}:
{
virtualisation = {
lxc = {
enable = true;
unprivilegedContainers = true;
};
incus.enable = true;
};
users.users.user.extraGroups = [ "incus-admin" ];
};
}

18
aspects/networkmanager.nix
View file

@ -1,18 +0,0 @@
{ ... }:
{
flake.modules.nixos.networkmanager =
{
config,
lib,
pkgs,
...
}:
{
networking.networkmanager = {
enable = true;
wifi.backend = "iwd";
};
users.users.user.extraGroups = [ "networkmanager" ];
};
}

24
aspects/podman.nix
View file

@ -1,24 +0,0 @@
{ ... }:
{
flake.modules.nixos.podman =
{
config,
lib,
pkgs,
...
}:
{
virtualisation.podman = {
enable = true;
autoPrune.enable = true;
extraPackages = [ pkgs.podman-compose ];
};
security.unprivilegedUsernsClone = true; # Needed for rootless podman
systemd = {
services.podman-auto-update.enable = true;
timers.podman-auto-update.enable = true;
};
};
}

69
aspects/stylix.nix
View file

@ -1,69 +0,0 @@
{ ... }:
{
flake.modules = {
nixos.stylix =
{ inputs, ... }:
{
imports = [ inputs.stylix.nixosModules.stylix ];
};
homeManager.stylix =
{
config,
inputs,
pkgs,
...
}:
{
imports = [ inputs.stylix.homeModules.stylix ];
stylix = {
enable = true;
polarity = "dark";
base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyodark.yaml";
cursor = {
package = pkgs.kdePackages.breeze;
name = "breeze_cursors";
size = 24;
};
icons = {
enable = true;
package = pkgs.morewaita-icon-theme;
light = "MoreWaita";
dark = "MoreWaita";
};
opacity = {
applications = 1.0;
desktop = 1.0;
popups = config.stylix.opacity.desktop;
terminal = 1.0;
};
fonts = {
serif = {
package = pkgs.source-serif;
name = "Source Serif 4 Display";
};
sansSerif = {
package = pkgs.inter;
name = "Inter";
};
monospace = {
package = pkgs.nerd-fonts.fira-code;
name = "FiraCode Nerd Font";
};
emoji = {
package = pkgs.noto-fonts-color-emoji;
name = "Noto Color Emoji";
};
sizes = {
applications = 10;
desktop = config.stylix.fonts.sizes.applications;
popups = config.stylix.fonts.sizes.applications;
terminal = 12;
};
};
};
};
};
}

55
aspects/systems/base.nix
View file

@ -1,55 +0,0 @@
{ inputs, ... }:
{
flake.modules = {
nixos.base =
{ lib, pkgs, ... }:
{
imports = with inputs.self.modules.nixos; [
boot
console
firewall
fish
locale
nix
security
ssh
];
environment = {
systemPackages = with pkgs; [
git
fastfetch
nixos-firewall-tool
sysz
wget
yazi
];
shellAliases = {
cat = "${lib.getExe pkgs.bat} --paging=never --style=plain";
ls = "${lib.getExe pkgs.eza} --git --icons --group-directories-first";
tree = "ls --tree";
};
};
programs.command-not-found.enable = false;
services = {
dbus.implementation = "broker";
irqbalance.enable = true;
fstrim.enable = true;
tailscale = {
enable = true;
extraUpFlags = [ "--operator=user" ];
};
};
};
homeManager.base =
{ ... }:
{
imports = with inputs.self.modules.homeManager; [
bash
fish
];
};
};
}

33
aspects/systems/cli.nix
View file

@ -1,33 +0,0 @@
{ inputs, ... }:
{
flake.modules = {
nixos.cli =
{ pkgs, ... }:
{
imports = with inputs.self.modules.nixos; [
btop
helix
tmux
];
environment.systemPackages = with pkgs; [
p7zip
rclone
];
};
homeManager.cli =
{ ... }:
{
imports = with inputs.self.modules.homeManager; [
btop
comma
direnv
helix
hm-cli
starship
tmux
];
};
};
}

210
aspects/systems/desktop.nix
View file

@ -1,210 +0,0 @@
{
inputs,
...
}:
{
flake.modules = {
nixos.desktop =
{
config,
lib,
pkgs,
...
}:
{
imports = [
inputs.nix-flatpak.nixosModules.nix-flatpak
]
++ (with inputs.self.modules.nixos; [
graphics
media
office
web
]);
boot = {
plymouth.enable = true;
initrd.systemd.enable = true;
loader.efi.efiSysMountPoint = "/boot/efi";
kernelPackages = pkgs.linuxPackages_xanmod_latest;
extraModprobeConfig = ''
options bluetooth disable_ertm=1
'';
kernel.sysctl = {
"net.ipv4.tcp_mtu_probing" = 1;
};
kernelParams = [
"quiet"
"splash"
"i2c-dev"
"i2c-piix4"
"loglevel=3"
"udev.log_priority=3"
"rd.udev.log_level=3"
"rd.systemd.show_status=false"
];
};
nix = {
registry.nixpkgs.flake = inputs.nixpkgs;
nixPath = [
"nixpkgs=${inputs.nixpkgs}"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
environment = {
etc."channels/nixpkgs".source = inputs.nixpkgs.outPath;
sessionVariables = {
KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir
NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland
};
systemPackages = with pkgs; [
adwaita-icon-theme
ghostty
gnome-disk-utility
junction
libfido2
mission-center
nautilus
toggleaudiosink
unrar
];
};
services = {
printing.enable = true;
udev.packages = with pkgs; [ yubikey-personalization ];
keyd = {
enable = true;
keyboards.all = {
ids = [ "*" ];
settings.main.capslock = "overload(meta, esc)";
};
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
wireplumber.enable = true;
};
greetd = {
enable = true;
settings.default_session.user = "greeter";
};
flatpak = {
enable = true;
packages = [
"com.github.tchx84.Flatseal"
"com.rustdesk.RustDesk"
];
uninstallUnmanaged = true;
update.auto.enable = true;
};
gvfs.enable = true;
};
security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority
users = {
users.greeter = {
isSystemUser = true;
group = "greeter";
};
groups.greeter = { };
};
programs = {
kdeconnect = {
enable = true;
package = pkgs.valent;
};
dconf.enable = true;
appimage = {
enable = true;
binfmt = true;
};
};
fonts = {
fontDir.enable = true;
packages = with pkgs; [
corefonts
inter
nerd-fonts.fira-code
noto-fonts-cjk-sans
noto-fonts-color-emoji
roboto
];
};
xdg.portal = {
extraPortals = with pkgs; [
xdg-desktop-portal-gnome
xdg-desktop-portal-gtk
];
config.common.default = "*";
};
};
homeManager.desktop =
{
config,
lib,
pkgs,
inputs,
...
}:
{
imports = [
inputs.vicinae.homeManagerModules.default
]
++ (with inputs.self.modules.homeManager; [ media ]);
fonts.fontconfig.enable = true;
home = {
packages = with pkgs; [ xwayland-satellite ];
sessionVariables.TERMINAL = "ghostty";
};
services.vicinae = {
enable = true;
systemd = {
enable = true;
autoStart = true;
};
};
programs = {
ghostty = {
enable = true;
settings = {
cursor-style = "block";
shell-integration-features = "no-cursor";
cursor-style-blink = false;
custom-shader = "${builtins.fetchurl {
url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl";
sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41";
}}";
bell-features = "";
gtk-titlebar-style = "tabs";
keybind = [ "shift+enter=text:\\x1b\\r" ];
};
};
password-store = {
enable = true;
package = pkgs.pass-wayland;
};
};
xdg = {
enable = true;
userDirs.enable = true;
};
};
};
}

48
aspects/systems/gaming.nix
View file

@ -1,48 +0,0 @@
{ inputs, ... }:
{
flake.modules = {
nixos.gaming =
{ pkgs, ... }:
{
imports = with inputs.self.modules.nixos; [
mangohud
steam
];
hardware = {
xpadneo.enable = true;
steam-hardware.enable = true; # Allow steam client to manage controllers
graphics.enable32Bit = true; # For OpenGL games
};
services.flatpak.packages = [
"com.github.k4zmu2a.spacecadetpinball"
"io.itch.itch"
"io.mrarm.mcpelauncher"
"net.retrodeck.retrodeck"
"org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08"
rec {
appId = "com.hypixel.HytaleLauncher";
sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv";
bundle = "${pkgs.fetchurl {
url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak";
inherit sha256;
}}";
}
];
environment.systemPackages = with pkgs; [
clonehero
heroic
prismlauncher
];
};
homeManager.gaming =
{ ... }:
{
imports = with inputs.self.modules.homeManager; [
mangohud
];
};
};
}

36
aspects/systems/server.nix
View file

@ -1,36 +0,0 @@
{ inputs, ... }:
{
flake.modules.nixos.server =
{
config,
lib,
pkgs,
...
}:
{
boot = {
kernelPackages = pkgs.linuxPackages_hardened;
kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
};
environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath;
nix = {
registry.nixpkgs.flake = inputs.nixpkgs-stable;
nixPath = [
"nixpkgs=/etc/channels/nixpkgs"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
services.tailscale = {
extraSetFlags = [ "--advertise-exit-node" ];
useRoutingFeatures = "server";
};
};
}

17
aspects/users/_user/git.nix
View file

@ -1,17 +0,0 @@
{ ... }:
{
programs = {
git = {
enable = true;
settings.user = {
name = "William";
email = "baduhai@proton.me";
};
};
diff-so-fancy = {
enable = true;
enableGitIntegration = true;
};
};
}

12
aspects/users/root.nix
View file

@ -1,12 +0,0 @@
{ ... }:
{
flake.modules.nixos.root =
{ pkgs, ... }:
{
users.users.root = {
shell = pkgs.fish;
hashedPassword = "!";
};
};
}

55
aspects/users/user.nix
View file

@ -1,55 +0,0 @@
{ inputs, ... }:
let
mkHomeConfiguration = inputs.self.lib.mkHomeConfiguration;
in
{
flake = {
modules.nixos.user =
{ pkgs, ... }:
{
users.users.user = {
isNormalUser = true;
shell = pkgs.fish;
extraGroups = [
"networkmanager"
"wheel"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam"
];
hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0";
};
};
homeConfigurations = {
"user@rotterdam" = mkHomeConfiguration {
user = "user";
hostname = "rotterdam";
userModules = with inputs.self.modules.homeManager; [
# system aspects
desktop
gaming
# other aspects
stylix
niri
];
};
"user@io" = mkHomeConfiguration {
user = "user";
hostname = "io";
userModules = with inputs.self.modules.homeManager; [
# system aspects
desktop
# other aspects
stylix
niri
];
};
};
};
}

42
data/services.nix
View file

@ -1,42 +0,0 @@
# Shared service and host definitions
# This file can be imported directly (unlike aspects which use flake-parts)
{
hosts = {
alexandria = {
lanIP = "192.168.15.142";
tailscaleIP = "100.76.19.50";
};
trantor = {
tailscaleIP = "100.108.5.90";
};
};
services = [
{
name = "kanidm";
domain = "auth.baduhai.dev";
host = "alexandria";
}
{
name = "vaultwarden";
domain = "pass.baduhai.dev";
host = "alexandria";
}
{
name = "forgejo";
domain = "git.baduhai.dev";
host = "trantor";
public = true;
}
{
name = "nextcloud";
domain = "cloud.baduhai.dev";
host = "alexandria";
}
{
name = "jellyfin";
domain = "jellyfin.baduhai.dev";
host = "alexandria";
}
];
}

716
flake.lock generated
View file

File diff suppressed because it is too large Load diff

202
flake.nix
View file

@ -2,70 +2,186 @@
description = "My nix hosts";
inputs = {
# nix tools
flake-parts.url = "github:hercules-ci/flake-parts";
import-tree.url = "github:vic/import-tree";
# nixos/hm
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05";
home-manager = {
url = "github:nix-community/home-manager/master";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager-stable = {
url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs-stable";
};
stylix = {
url = "github:danth/stylix";
inputs.nixpkgs.follows = "nixpkgs";
};
# nixos/hm functionality modules
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs-stable";
};
disko.url = "github:nix-community/disko";
impermanence.url = "github:nix-community/impermanence";
disko = {
url = "github:nix-community/disko?ref=v1.11.0";
inputs.nixpkgs.follows = "nixpkgs-stable";
};
nixos-cli.url = "github:nix-community/nixos-cli";
nix-flatpak.url = "github:gmodena/nix-flatpak/main";
stylix.url = "github:danth/stylix";
# nixos/hm program modules
nix-ai-tools.url = "github:numtide/llm-agents.nix";
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
noctalia = {
url = "github:noctalia-dev/noctalia-shell";
inputs.nixpkgs.follows = "nixpkgs";
};
vicinae.url = "github:vicinaehq/vicinae";
zen-browser.url = "github:0xc000022070/zen-browser-flake";
# stand-alone tools
terranix = {
url = "github:terranix/terranix";
inputs.nixpkgs.follows = "nixpkgs";
};
impermanence.url = "github:nix-community/impermanence";
};
outputs =
inputs@{ flake-parts, import-tree, ... }:
inputs@{
self,
nixpkgs,
nixpkgs-stable,
home-manager,
home-manager-stable,
stylix,
disko,
agenix,
nixos-cli,
nix-flatpak,
impermanence,
...
}:
let
aspectsModules = import-tree ./aspects;
packagesModules = import-tree ./packages;
shellsModules = import-tree ./shells;
terranixModules = import-tree ./terranix;
in
flake-parts.lib.mkFlake { inherit inputs; } {
systems = [
"x86_64-linux"
"aarch64-linux"
];
forAllSystems = nixpkgs.lib.genAttrs systems;
forAllSystemsWithPkgs =
f:
forAllSystems (
system:
let
pkgs = nixpkgs.legacyPackages.${system};
in
f system pkgs
);
in
{
nixosConfigurations =
let
mkHost =
{
hostname,
type, # workstation|server
system ? "x86_64-linux",
extraModules ? [ ],
}:
let
pkgs = if type == "server" then nixpkgs-stable else nixpkgs;
hm = if type == "server" then home-manager-stable else home-manager;
hostTypeFlags = {
isServer = type == "server";
isWorkstation = type == "workstation";
};
defaultModules = [
./hosts/${hostname}.nix
agenix.nixosModules.default
disko.nixosModules.default
hm.nixosModules.default
impermanence.nixosModules.impermanence
nix-flatpak.nixosModules.nix-flatpak
stylix.nixosModules.stylix
nixos-cli.nixosModules.nixos-cli
{
nixpkgs.overlays = [
agenix.overlays.default
];
}
];
workstationModules = [
{
nixpkgs.overlays = [
self.overlays.workstationOverlay
];
}
];
serverModules = [
{
nixpkgs.overlays = [
self.overlays.serverOverlay
];
}
];
typeModules = if type == "server" then serverModules else workstationModules;
allModules = defaultModules ++ typeModules ++ extraModules;
in
pkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit inputs;
hostType = hostTypeFlags;
};
modules = allModules;
};
in
{
rotterdam = mkHost {
hostname = "rotterdam";
type = "workstation";
};
io = mkHost {
hostname = "io";
type = "workstation";
};
alexandria = mkHost {
hostname = "alexandria";
type = "server";
extraModules = [
self.nixosModules.qbittorrent
];
};
trantor = mkHost {
hostname = "trantor";
type = "server";
system = "aarch64-linux";
};
};
imports = [
flake-parts.flakeModules.modules
inputs.terranix.flakeModule
]
++ aspectsModules.imports
++ packagesModules.imports
++ shellsModules.imports
++ terranixModules.imports;
devShells = forAllSystemsWithPkgs (
system: pkgs: {
default = pkgs.mkShell {
packages = with pkgs; [
nil
nixfmt-rfc-style
];
};
}
);
packages = forAllSystemsWithPkgs (
system: pkgs:
{
toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { };
}
// nixpkgs.lib.optionalAttrs (system == "x86_64-linux") {
plasticity = pkgs.callPackage ./packages/plasticity.nix { };
}
);
overlays = {
overlay = final: prev: {
};
workstationOverlay = final: prev: {
plasticity = self.packages.${final.system}.plasticity;
toggleaudiosink = self.packages.${final.system}.toggleaudiosink;
};
serverOverlay = final: prev: {
};
};
nixosModules = {
qbittorrent = import ./modules/qbittorrent.nix;
};
};
}

12
hosts/alexandria.nix Normal file
View file

@ -0,0 +1,12 @@
{ ... }:
{
networking.hostName = "alexandria";
imports = [
./modules/alexandria
./modules
];
nix.nixPath = [ "nixos-config=${./alexandria.nix}" ];
}

12
hosts/io.nix Normal file
View file

@ -0,0 +1,12 @@
{ ... }:
{
networking.hostName = "io";
imports = [
./modules/io
./modules
];
nix.nixPath = [ "nixos-config=${./io.nix}" ];
}

9
hosts/modules/alexandria/default.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
imports = [
./hardware-configuration.nix
./services.nix
./users.nix
];
}

0
aspects/hosts/_alexandria/hardware-configuration.nix → hosts/modules/alexandria/hardware-configuration.nix
View file

16
hosts/modules/alexandria/networking.nix Normal file
View file

@ -0,0 +1,16 @@
{
networking = {
firewall = {
allowedTCPPorts = [
80
443
];
allowedUDPPorts = [ ];
};
};
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
}

225
hosts/modules/alexandria/services.nix Normal file
View file

@ -0,0 +1,225 @@
{
config,
lib,
pkgs,
...
}:
let
ports = {
jellyfin = "8096";
librespeed = "8000";
radicale = "8001";
vaultwarden = "8002";
};
rclone-webdav-start = pkgs.writeShellScript "rclone-webdav-start.sh" ''
#!/bin/bash
# Configuration
CREDS_FILE="/run/agenix/webdav"
SERVE_DIR="/data/webdav"
SOCKET_PATH="/run/rclone-webdav/webdav.sock"
# Check if credentials file exists
if [ ! -f "$CREDS_FILE" ]; then
echo "Error: Credentials file $CREDS_FILE not found"
exit 1
fi
# Read credentials from file (format: username:password)
CREDENTIALS=$(cat "$CREDS_FILE")
USERNAME=$(echo "$CREDENTIALS" | cut -d':' -f1)
PASSWORD=$(echo "$CREDENTIALS" | cut -d':' -f2)
# Validate credentials
if [ -z "$USERNAME" ] || [ -z "$PASSWORD" ]; then
echo "Error: Invalid credentials format. Expected username:password"
exit 1
fi
# Ensure serve directory exists
mkdir -p "$SERVE_DIR"
# Remove existing socket if it exists
rm -f "$SOCKET_PATH"
# Start rclone serve webdav
exec ${pkgs.rclone}/bin/rclone serve webdav "$SERVE_DIR" \
--addr unix://"$SOCKET_PATH" \
--user "$USERNAME" \
--pass "$PASSWORD" \
--config="" \
--baseurl "/webdav" \
--verbose
'';
in
{
services = {
forgejo = {
enable = true;
repositoryRoot = "/data/forgejo";
settings = {
session.COOKIE_SECURE = true;
server = {
PROTOCOL = "http+unix";
DOMAIN = "git.baduhai.dev";
ROOT_URL = "https://git.baduhai.dev";
OFFLINE_MODE = true; # disable use of CDNs
SSH_DOMAIN = "baduhai.dev";
};
log.LEVEL = "Warn";
mailer.ENABLED = false;
actions.ENABLED = false;
};
};
jellyfin = {
enable = true;
openFirewall = true;
};
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts =
let
commonVHostConfig = {
useACMEHost = "baduhai.dev";
forceSSL = true;
kTLS = true;
};
in
lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) {
"_".locations."/".return = "444";
"dav.baduhai.dev".locations = {
"/caldav" = {
proxyPass = "http://127.0.0.1:${ports.radicale}/";
extraConfig = ''
proxy_set_header X-Script-Name /caldav;
proxy_pass_header Authorization;
'';
};
"/webdav" = {
proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/webdav/";
extraConfig = ''
proxy_set_header X-Script-Name /webdav;
proxy_pass_header Authorization;
proxy_connect_timeout 300; # Increase timeouts for large file uploads
proxy_send_timeout 300;
proxy_read_timeout 300;
client_max_body_size 10G; # Allow large file uploads
proxy_buffering off; # Buffer settings for better performance
proxy_request_buffering off;
'';
};
};
"git.baduhai.dev".locations."/".proxyPass =
"http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/";
"jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.jellyfin}/";
"pass.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.vaultwarden}/";
"speedtest.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.librespeed}/";
};
};
radicale = {
enable = true;
settings = {
server = {
hosts = [
"127.0.0.1:${ports.radicale}"
"[::]:${ports.radicale}"
];
};
auth = {
type = "htpasswd";
htpasswd_filename = "/etc/radicale/users";
htpasswd_encryption = "bcrypt";
};
};
};
vaultwarden = {
enable = true;
config = {
DOMAIN = "https://pass.baduhai.dev";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = "${ports.vaultwarden}";
};
};
};
virtualisation.oci-containers.containers."librespeed" = {
image = "lscr.io/linuxserver/librespeed:latest";
environment = {
TZ = "America/Bahia";
};
ports = [ "${ports.librespeed}:80" ];
extraOptions = [
"--pull=newer"
"--label=io.containers.autoupdate=registry"
];
};
security.acme = {
acceptTerms = true;
defaults = {
email = "baduhai@proton.me";
dnsResolver = "1.1.1.1:53";
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets.cloudflare.path;
};
certs."baduhai.dev" = {
extraDomainNames = [ "*.baduhai.dev" ];
};
};
age.secrets = {
cloudflare = {
file = ../../../secrets/cloudflare.age;
owner = "nginx";
group = "nginx";
};
webdav = {
file = ../../../secrets/webdav.age;
owner = "user";
group = "users";
};
};
systemd.services = {
rclone-webdav = {
description = "RClone WebDAV Server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "exec";
User = "user";
Group = "nginx";
ExecStart = "${rclone-webdav-start}";
Restart = "always";
RestartSec = "10";
NoNewPrivileges = true;
PrivateTmp = true;
ProtectSystem = "strict";
ProtectHome = true;
ReadWritePaths = [
"/data/webdav"
"/run"
];
RuntimeDirectory = "rclone-webdav";
RuntimeDirectoryMode = "0750";
UMask = "0002";
};
preStart = ''
mkdir -p /data/webdav
chown user:users /data/webdav
chmod 755 /data/webdav
'';
};
};
}

3
hosts/modules/alexandria/users.nix Normal file
View file

@ -0,0 +1,3 @@
{
users.users.nginx.extraGroups = [ "acme" ];
}

61
hosts/modules/boot.nix Normal file
View file

@ -0,0 +1,61 @@
{
hostType,
lib,
pkgs,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
boot = {
loader = {
timeout = 1;
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
editor = false;
consoleMode = "max";
sortKey = "aa";
netbootxyz = {
enable = true;
sortKey = "zz";
};
};
};
};
}
# Server specific configuration
(lib.mkIf hostType.isServer {
boot.kernelPackages = pkgs.linuxPackages_hardened;
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
boot = {
plymouth.enable = true;
initrd.systemd.enable = true;
loader.efi.efiSysMountPoint = "/boot/efi";
kernelPackages = pkgs.linuxPackages_xanmod;
extraModprobeConfig = ''
options bluetooth disable_ertm=1
'';
kernel.sysctl = {
"net.ipv4.tcp_mtu_probing" = 1;
};
kernelParams = [
"quiet"
"splash"
"i2c-dev"
"i2c-piix4"
"loglevel=3"
"udev.log_priority=3"
"rd.udev.log_level=3"
"rd.systemd.show_status=false"
];
};
})
];
}

21
hosts/modules/console.nix Normal file
View file

@ -0,0 +1,21 @@
{ hostType, lib, ... }:
{
config = lib.mkMerge [
# Common configuration
{
console = {
useXkbConfig = true;
earlySetup = true;
};
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
})
];
}

20
hosts/modules/default.nix Normal file
View file

@ -0,0 +1,20 @@
{ ... }:
{
imports = [
./boot.nix
./console.nix
./desktop.nix
./ephermal.nix
./impermanence.nix
./locale.nix
./networking.nix
./nix.nix
./programs.nix
./security.nix
./services.nix
./stylix.nix
./users.nix
./virtualisation.nix
];
}

66
hosts/modules/desktop.nix Normal file
View file

@ -0,0 +1,66 @@
{
hostType,
lib,
pkgs,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
services = {
displayManager = {
autoLogin = {
enable = true;
user = "user";
};
sddm = {
enable = true;
wayland = {
enable = true;
compositor = "kwin";
};
};
};
desktopManager.plasma6.enable = true;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
wireplumber.enable = true;
};
};
hardware = {
xpadneo.enable = true;
bluetooth.enable = true;
steam-hardware.enable = true; # Allow steam client to manage controllers
graphics.enable32Bit = true; # For OpenGL games
i2c.enable = true;
};
security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority
xdg.portal = {
enable = true;
xdgOpenUsePortal = true;
extraPortals = with pkgs; [
kdePackages.xdg-desktop-portal-kde
xdg-desktop-portal-gtk
xdg-desktop-portal-gnome
];
};
})
];
}

4
hosts/modules/environment.nix Normal file
View file

@ -0,0 +1,4 @@
{ pkgs, ... }:
{
}

64
hosts/modules/ephermal.nix Normal file
View file

@ -0,0 +1,64 @@
{
hostType,
lib,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
boot.initrd.systemd.services.recreate-root = {
description = "Rolling over and creating new filesystem root";
requires = [ "initrd-root-device.target" ];
after = [
"local-fs-pre.target"
"initrd-root-device.target"
];
requiredBy = [ "initrd-root-fs.target" ];
before = [ "sysroot.mount" ];
unitConfig = {
AssertPathExists = "/etc/initrd-release";
DefaultDependencies = false;
};
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
mkdir /btrfs_tmp
mount /dev/mapper/cryptroot /btrfs_tmp
if [[ -e /btrfs_tmp/@root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/@root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/@root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/@root
umount /btrfs_tmp
'';
};
})
];
}

42
hosts/modules/impermanence.nix Normal file
View file

@ -0,0 +1,42 @@
{
hostType,
lib,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
environment.persistence.main = {
persistentStoragePath = "/persistent";
files = [
"/etc/machine-id"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
directories = [
"/etc/NetworkManager/system-connections"
"/etc/nixos"
"/var/lib/bluetooth"
"/var/lib/flatpak"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/var/lib/systemd/timers"
"/var/lib/tailscale"
"/var/log"
];
};
})
];
}

0
aspects/hosts/_io/boot.nix → hosts/modules/io/boot.nix
View file

11
hosts/modules/io/default.nix Normal file
View file

@ -0,0 +1,11 @@
{ ... }:
{
imports = [
./boot.nix
./disko.nix
./hardware-configuration.nix
./programs.nix
./services.nix
];
}

81
hosts/modules/io/disko.nix Normal file
View file

@ -0,0 +1,81 @@
{ ... }:
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
start = "1MiB";
end = "1GiB";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot/efi";
mountOptions = [
"noatime"
"fmask=0077"
"dmask=0077"
];
};
};
cryptroot = {
priority = 2;
name = "root";
size = "100%";
content = {
type = "luks";
name = "cryptroot";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"@root" = {
mountpoint = "/";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@root"
];
};
"@home" = {
mountpoint = "/home";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@home"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@nix"
];
};
"@persistent" = {
mountpoint = "/persistent";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@persistent"
];
};
};
};
};
};
};
};
};
};
};
}

1
aspects/hosts/_io/hardware-configuration.nix → hosts/modules/io/hardware-configuration.nix
View file

@ -2,7 +2,6 @@
config,
lib,
modulesPath,
inputs,
...
}:

10
aspects/hosts/_io/programs.nix → hosts/modules/io/programs.nix
View file

@ -19,9 +19,19 @@ in
{
environment = {
systemPackages = with pkgs; [
arduino-ide
esptool
# fritzing
maliit-keyboard
sof-firmware
];
sessionVariables.ALSA_CONFIG_UCM2 = "${cml-ucm-conf}/share/alsa/ucm2";
};
# TODO: remove once gmodena/nix-flatpak/issues/45 fixed
systemd.services."flatpak-managed-install" = {
serviceConfig = {
ExecStartPre = "${pkgs.coreutils}/bin/sleep 5";
};
};
}

11
aspects/hosts/_io/services.nix → hosts/modules/io/services.nix
View file

@ -1,5 +1,3 @@
{ pkgs, ... }:
{
services = {
keyd = {
@ -48,14 +46,5 @@
};
};
};
upower.enable = true;
power-profiles-daemon.enable = true;
};
# TODO: remove once gmodena/nix-flatpak/issues/45 fixed
systemd.services."flatpak-managed-install" = {
serviceConfig = {
ExecStartPre = "${pkgs.coreutils}/bin/sleep 5";
};
};
}

19
aspects/base/locale.nix → hosts/modules/locale.nix
View file

@ -1,7 +1,8 @@
{ ... }:
{ hostType, lib, ... }:
{
flake.modules.nixos.locale =
{ ... }:
config = lib.mkMerge [
# Common configuration
{
time.timeZone = "America/Bahia";
@ -9,7 +10,6 @@
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "pt_BR.utf8";
LC_COLLATE = "pt_BR.utf8";
LC_IDENTIFICATION = "pt_BR.utf8";
LC_MEASUREMENT = "pt_BR.utf8";
LC_MONETARY = "pt_BR.utf8";
@ -20,5 +20,14 @@
LC_TIME = "en_IE.utf8";
};
};
};
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
})
];
}

29
hosts/modules/networking.nix Normal file
View file

@ -0,0 +1,29 @@
{
hostType,
lib,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
networking = {
networkmanager.enable = true;
firewall.enable = true;
};
}
# Server specific configuration
(lib.mkIf hostType.isServer {
services.tailscale = {
extraSetFlags = [ "--advertise-exit-node" ];
useRoutingFeatures = "server";
};
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
})
];
}

64
hosts/modules/nix.nix Normal file
View file

@ -0,0 +1,64 @@
{
inputs,
lib,
hostType,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
nix = {
settings = {
auto-optimise-store = true;
connect-timeout = 10;
log-lines = 25;
min-free = 128000000;
max-free = 1000000000;
trusted-users = [ "@wheel" ];
};
extraOptions = "experimental-features = nix-command flakes";
gc = {
automatic = true;
options = "--delete-older-than 8d";
};
};
nixpkgs.config = {
allowUnfree = true;
enableParallelBuilding = true;
buildManPages = false;
buildDocs = false;
};
system.stateVersion = "22.11";
}
# Server specific configuration
(lib.mkIf hostType.isServer {
environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath;
nix = {
registry.nixpkgs.flake = inputs.nixpkgs-stable;
nixPath = [
"nixpkgs=/etc/channels/nixpkgs"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath;
nix = {
registry.nixpkgs.flake = inputs.nixpkgs;
nixPath = [
"nixpkgs=${inputs.nixpkgs}"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
})
];
}

209
hosts/modules/programs.nix Normal file
View file

@ -0,0 +1,209 @@
{
hostType,
lib,
pkgs,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
environment = {
systemPackages = with pkgs; [
### Dev Tools ###
agenix
git
helix
### System Utilities ###
btop
nixos-firewall-tool
nvd
sysz
tmux
wget
];
shellAliases = {
ls = "${pkgs.eza}/bin/eza --icons --group-directories-first";
neofetch = "${pkgs.fastfetch}/bin/fastfetch";
tree = "ls --tree";
syscleanup = "sudo nix-collect-garbage -d; sudo /run/current-system/bin/switch-to-configuration boot";
vi = "${pkgs.evil-helix}/bin/hx";
vim = "${pkgs.evil-helix}/bin/hx";
nvim = "${pkgs.evil-helix}/bin/hx";
};
};
programs = {
fish.enable = true;
command-not-found.enable = false;
};
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation (
let
kdepkgs = with pkgs.kdePackages; [
ark
dolphin-plugins
kolourpaint
];
kwrite = pkgs.symlinkJoin {
name = "kwrite";
paths = [ pkgs.kdePackages.kate ];
postBuild = ''
rm -rf $out/bin/kate \
$out/bin/.kate-wrapped \
$out/share/applications/org.kde.kate.desktop \
$out/share/man \
$out/share/icons/hicolor/*/apps/kate.png \
$out/share/icons/hicolor/scalable/apps/kate.svg \
$out/share/appdata/org.kde.kate.appdata.xml
'';
};
in
{
environment = {
systemPackages =
with pkgs;
[
### Dev Tools ###
bat
ciscoPacketTracer8
claude-code
fd
fzf
nixfmt-rfc-style
nix-init
nix-output-monitor
ripgrep
### Internet Browsers & Communication ###
beeper
brave
tor-browser
vesktop
### Office & Productivity ###
aspell
aspellDicts.de
aspellDicts.en
aspellDicts.en-computers
aspellDicts.pt_BR
kwrite
libreoffice-qt
obsidian
onlyoffice-desktopeditors
rnote
### Graphics & Design ###
gimp
inkscape
plasticity
### Gaming & Entertainment ###
clonehero
heroic
mangohud
prismlauncher
protonup
### System Utilities ###
adwaita-icon-theme
junction
kara
kde-rounded-corners
libfido2
mission-center
p7zip
qbittorrent
quickemu
quickgui
rclone
steam-run
toggleaudiosink
unrar
### Media ###
mpv
obs-studio
qview
]
++ kdepkgs;
plasma6.excludePackages = with pkgs.kdePackages; [
discover
elisa
gwenview
kate
khelpcenter
konsole
oxygen
];
};
programs = {
adb.enable = true;
steam = {
enable = true;
extraCompatPackages = [ pkgs.proton-ge-bin ];
};
dconf.enable = true;
nix-ld.enable = true;
kdeconnect.enable = true;
partition-manager.enable = true;
gamemode.enable = true;
appimage = {
enable = true;
binfmt = true;
};
nh = {
enable = true;
flake = "/home/user/Projects/personal/nix-config";
};
};
fonts = {
fontDir.enable = true;
packages = with pkgs; [
corefonts
inter
nerd-fonts.hack
noto-fonts-cjk-sans
roboto
];
};
services.flatpak = {
enable = true;
packages = [
### Dev Tools ###
### Internet Browsers & Communication ###
"app.zen_browser.zen"
### Office & Productivity ###
### Graphics & Design ###
"com.boxy_svg.BoxySVG"
rec {
appId = "io.github.softfever.OrcaSlicer";
sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1";
bundle = "${pkgs.fetchurl {
url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak";
inherit sha256;
}}";
}
### Gaming & Entertainment ###
"com.github.k4zmu2a.spacecadetpinball"
"io.itch.itch"
"io.mrarm.mcpelauncher"
"org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08"
### System Utilities ###
"com.github.tchx84.Flatseal"
"com.rustdesk.RustDesk"
"com.steamgriddb.SGDBoop"
"io.github.Foldex.AdwSteamGtk"
### Media ###
];
uninstallUnmanaged = true;
update.auto.enable = true;
};
}
))
];
}

0
aspects/hosts/_rotterdam/boot.nix → hosts/modules/rotterdam/boot.nix
View file

11
hosts/modules/rotterdam/default.nix Normal file
View file

@ -0,0 +1,11 @@
{ ... }:
{
imports = [
./boot.nix
./hardware-configuration.nix
./hardware.nix
./programs.nix
./services.nix
];
}

0
aspects/hosts/_rotterdam/hardware-configuration.nix → hosts/modules/rotterdam/hardware-configuration.nix
View file

5
aspects/hosts/_rotterdam/hardware.nix → hosts/modules/rotterdam/hardware.nix
View file

@ -2,7 +2,10 @@
{
hardware = {
amdgpu.opencl.enable = true;
amdgpu = {
opencl.enable = true;
amdvlk.enable = true;
};
graphics.extraPackages = with pkgs; [ rocmPackages.clr.icd ];
};
}

2
aspects/hosts/_rotterdam/programs.nix → hosts/modules/rotterdam/programs.nix
View file

@ -27,5 +27,7 @@ in
{
environment.systemPackages = [ reboot-into-qubes ];
services.flatpak.packages = [ "net.retrodeck.retrodeck" ];
programs.steam.dedicatedServer.openFirewall = true;
}

0
aspects/hosts/_rotterdam/services.nix → hosts/modules/rotterdam/services.nix
View file

26
hosts/modules/security.nix Normal file
View file

@ -0,0 +1,26 @@
{ hostType, lib, ... }:
{
config = lib.mkMerge [
# Common configuration
{
security = {
unprivilegedUsernsClone = true; # Needed for rootless podman
sudo = {
wheelNeedsPassword = false;
extraConfig = ''
Defaults lecture = never
'';
};
};
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
})
];
}

52
hosts/modules/services.nix Normal file
View file

@ -0,0 +1,52 @@
{
hostType,
lib,
pkgs,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
services = {
tailscale = {
enable = true;
extraUpFlags = [ "--operator=user" ];
};
openssh = {
enable = true;
settings.PermitRootLogin = "no";
};
nixos-cli = {
enable = true;
config = {
use_nvd = true;
ignore_dirty_tree = true;
};
};
fwupd.enable = true;
fstrim.enable = true;
};
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
services = {
printing.enable = true;
udev.packages = with pkgs; [ yubikey-personalization ];
keyd = {
enable = true;
keyboards.all = {
ids = [ "*" ];
settings.main.capslock = "overload(meta, esc)";
};
};
};
})
];
}

63
hosts/modules/stylix.nix Normal file
View file

@ -0,0 +1,63 @@
{
config,
hostType,
lib,
pkgs,
...
}:
{
config = lib.mkMerge [
# Common configuration
{
}
# Server specific configuration
(lib.mkIf hostType.isServer {
})
# Workstation specific configuration
(lib.mkIf hostType.isWorkstation {
stylix = {
enable = true;
polarity = "dark";
base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml";
cursor = {
package = pkgs.kdePackages.breeze-icons;
name = "Breeze_Light";
size = 24;
};
opacity = {
applications = 1.0;
desktop = 0.8;
popups = config.stylix.opacity.desktop;
terminal = 1.0;
};
fonts = {
serif = {
package = pkgs.source-serif;
name = "Source Serif 4 Display";
};
sansSerif = {
package = pkgs.inter;
name = "Inter";
};
monospace = {
package = pkgs.nerd-fonts.fira-code;
name = "FiraCode Nerd Font";
};
emoji = {
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";
};
sizes = {
applications = 11;
desktop = config.stylix.fonts.sizes.applications;
popups = config.stylix.fonts.sizes.applications;
terminal = 12;
};
};
};
})
];
}

7
hosts/modules/trantor/boot.nix Normal file
View file

@ -0,0 +1,7 @@
{
boot = {
loader.efi.efiSysMountPoint = "/boot";
initrd.systemd.enable = true;
kernel.sysctl."net.ipv4.ip_forward" = 1;
};
}

10
hosts/modules/trantor/default.nix Normal file
View file

@ -0,0 +1,10 @@
{ ... }:
{
imports = [
./boot.nix
./disko.nix
./hardware-configuration.nix
./networking.nix
];
}

34
hosts/modules/trantor/disko.nix Normal file
View file

@ -0,0 +1,34 @@
{ ... }:
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/disk/by-id/scsi-3605e4addb4c640319c8c03436205530b";
content = {
type = "gpt";
partitions = {
boot = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}

27
hosts/modules/trantor/hardware-configuration.nix Normal file
View file

@ -0,0 +1,27 @@
{
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
kernelModules = [ ];
extraModulePackages = [ ];
initrd = {
availableKernelModules = [
"xhci_pci"
"virtio_pci"
"virtio_scsi"
"usbhid"
];
kernelModules = [ ];
};
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

Some files were not shown because too many files have changed in this diff Show more