baduhai/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: baduhai:master
Branches Tags
baduhai:master
baduhai:dendritic-light
baduhai:dendritic
baduhai:terranix
baduhai:refactor
baduhai:dms
baduhai:vim
baduhai:ansible
baduhai:niri
baduhai:hyprland
..
compare: baduhai:dendritic-light
Branches Tags
baduhai:master
baduhai:dendritic-light
baduhai:dendritic
baduhai:terranix
baduhai:refactor
baduhai:dms
baduhai:vim
baduhai:ansible
baduhai:niri
baduhai:hyprland

No commits in common. "master" and "dendritic-light" have entirely different histories.
master ... dendritic-

97 changed files with 2287 additions and 2115 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -11,4 +11,3 @@ todo.md
notes.md notes.md
scratch/ scratch/
tmp/ tmp/
.worktrees/

61
aspects/ai.nix
View file

@ -1,57 +1,12 @@
{ ... }: { ... }:
{ {
flake.modules = { flake.modules.nixos.ai = { inputs, pkgs, ... }: {
nixos.ai = environment.systemPackages =
{ inputs, pkgs, ... }: (with pkgs; [claude-desktop]) ++
{ (with inputs.nix-ai-tools.packages.${pkgs.system}; [
environment.systemPackages = claude-code
(with pkgs; [ claudebox
playwright opencode
playwright-mcp ]);
])
++ (with inputs.nix-ai-tools.packages.${pkgs.stdenv.hostPlatform.system}; [
opencode
]);
nix.settings = {
extra-substituters = [ "https://cache.numtide.com" ];
extra-trusted-public-keys = [
"niks3.numtide.com-1:DTx8wZduET09hRmMtKdQDxNNthLQETkc/yaX7M4qK0g="
];
};
};
homeManager.ai =
{
config,
inputs,
pkgs,
...
}:
{
programs.opencode = {
enable = true;
package = inputs.nix-ai-tools.packages.${pkgs.stdenv.hostPlatform.system}.opencode;
tui = {
theme = "system";
autoupdate = false;
};
settings = {
mcp = {
playwright = {
type = "local";
command = [
"${pkgs.coreutils}/bin/env"
"PLAYWRIGHT_BROWSERS_PATH=${config.xdg.cacheHome}/playwright-mcp"
"${pkgs.nodejs}/bin/node"
"${pkgs.playwright-mcp}/lib/node_modules/playwright-mcp-internal/cli.js"
"--executable-path"
"/run/current-system/sw/bin/chromium"
];
enabled = true;
};
};
};
};
};
}; };
} }

16
aspects/base/bash.nix
View file

@ -1,16 +0,0 @@
{ ... }:
{
flake.modules.homeManager.bash =
{
config,
lib,
pkgs,
...
}:
{
programs.bash = {
enable = true;
historyFile = "~/.cache/bash_history";
};
};
}

23
aspects/base/boot.nix
View file

@ -1,23 +0,0 @@
{ ... }:
{
flake.modules.nixos.boot =
{ pkgs, ... }:
{
boot = {
loader = {
timeout = 1;
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
editor = false;
consoleMode = "max";
sortKey = "aa";
netbootxyz = {
enable = true;
sortKey = "zz";
};
};
};
};
};
}

11
aspects/base/console.nix
View file

@ -1,11 +0,0 @@
{ ... }:
{
flake.modules.nixos.console =
{ ... }:
{
console = {
useXkbConfig = true;
earlySetup = true;
};
};
}

11
aspects/base/firewall.nix
View file

@ -1,11 +0,0 @@
{ ... }:
{
flake.modules.nixos.firewall =
{ ... }:
{
networking = {
firewall.enable = true;
nftables.enable = true;
};
};
}

47
aspects/base/fish.nix
View file

@ -1,47 +0,0 @@
{ ... }:
{
flake.modules = {
nixos.fish =
{ ... }:
{
programs.fish.enable = true;
};
homeManager.fish =
{
config,
lib,
pkgs,
...
}:
{
programs.fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting
${lib.getExe pkgs.nix-your-shell} fish | source
'';
loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source";
plugins = [
{
name = "bang-bang";
src = pkgs.fetchFromGitHub {
owner = "oh-my-fish";
repo = "plugin-bang-bang";
rev = "f969c618301163273d0a03d002614d9a81952c1e";
sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ=";
};
}
{
name = "z";
src = pkgs.fetchFromGitHub {
owner = "jethrokuan";
repo = "z";
rev = "067e867debee59aee231e789fc4631f80fa5788e";
sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU=";
};
}
];
};
};
};
}

24
aspects/base/locale.nix
View file

@ -1,24 +0,0 @@
{ ... }:
{
flake.modules.nixos.locale =
{ ... }:
{
time.timeZone = "America/Bahia";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "pt_BR.utf8";
LC_COLLATE = "pt_BR.utf8";
LC_IDENTIFICATION = "pt_BR.utf8";
LC_MEASUREMENT = "pt_BR.utf8";
LC_MONETARY = "pt_BR.utf8";
LC_NAME = "pt_BR.utf8";
LC_NUMERIC = "pt_BR.utf8";
LC_PAPER = "pt_BR.utf8";
LC_TELEPHONE = "pt_BR.utf8";
LC_TIME = "en_IE.utf8";
};
};
};
}

63
aspects/base/nix.nix
View file

@ -1,63 +0,0 @@
{ ... }:
{
flake.modules.nixos.nix =
{
inputs,
pkgs,
lib,
...
}:
{
imports = [ inputs.nixos-cli.nixosModules.nixos-cli ];
nix = {
settings = {
auto-optimise-store = true;
connect-timeout = 10;
log-lines = 25;
min-free = 128000000;
max-free = 1000000000;
trusted-users = [ "@wheel" ];
};
extraOptions = "experimental-features = nix-command flakes";
gc = {
automatic = true;
options = "--delete-older-than 8d";
};
};
nixpkgs.config = {
allowUnfree = true;
enableParallelBuilding = true;
buildManPages = false;
buildDocs = false;
};
programs.nixos-cli = {
enable = true;
config = {
ignore_dirty_tree = true;
apply = {
reexec_as_root = true;
use_nom = true;
};
confirmation.empty = "default-yes";
differ = {
command = [
"${lib.getExe pkgs.nvd}"
"diff"
];
tool = "command";
};
};
};
environment.systemPackages = with pkgs; [
nix-output-monitor
];
documentation.nixos.enable = false;
system.stateVersion = "22.11";
};
}

32
aspects/base/ssh.nix
View file

@ -1,32 +0,0 @@
{ ... }:
{
flake.modules.nixos.ssh =
{ ... }:
{
services.openssh = {
enable = true;
settings.PermitRootLogin = "no";
extraConfig = ''
PrintLastLog no
'';
};
programs = {
bash.interactiveShellInit = ''
if [ -n "$SSH_CONNECTION" ] && [ -z "$IN_NIX_SHELL" ] && [ -z "$TMUX" ]; then
export TERM=xterm-256color
clear
fastfetch
fi
'';
fish.interactiveShellInit = ''
set fish_greeting
if set -q SSH_CONNECTION; and not set -q IN_NIX_SHELL; and not set -q TMUX
export TERM=xterm-256color
clear
fastfetch
end
'';
};
};
}

69
aspects/base/zsh.nix
View file

@ -1,69 +0,0 @@
{ ... }:
{
flake.modules = {
nixos.zsh =
{ ... }:
{
programs.zsh.enable = true;
};
homeManager.zsh =
{
config,
lib,
pkgs,
...
}:
{
programs.zsh = {
enable = true;
dotDir = "${config.xdg.configHome}/zsh";
autosuggestion = {
enable = true;
strategy = [
"match_prev_cmd"
"completion"
];
};
enableCompletion = true;
syntaxHighlighting.enable = true;
initExtra = ''
unsetopt beep
${lib.getExe pkgs.nix-your-shell} zsh | source /dev/stdin
# Expand !! and !$ on space (Fish-style)
bindkey ' ' magic-space
setopt HIST_VERIFY
# History prefix search with up/down arrows
bindkey "^[[A" history-search-backward
bindkey "^[[B" history-search-forward
# Fish-style Ctrl+Backspace: delete one path segment at a time
function backward-kill-path-component() {
if [[ "$LBUFFER" == */ ]]; then
LBUFFER="''${LBUFFER%/}"
fi
if [[ "$LBUFFER" == */* ]]; then
LBUFFER="''${LBUFFER%/*}/"
else
zle backward-kill-word
fi
}
zle -N backward-kill-path-component
bindkey '^H' backward-kill-path-component
# Ctrl+Arrow Keys to move back and forward by a word
bindkey "^[[1;5D" backward-word
bindkey "^[[1;5C" forward-word
'';
loginExtra = "${lib.getExe pkgs.nix-your-shell} zsh | source /dev/stdin";
history = {
size = 10000;
save = 10000;
share = true;
};
initExtraBeforeCompInit = ''
zstyle ':completion:*' menu select
zstyle ':completion:*' matcher-list 'm:{a-zA-Z}={A-Za-z}'
'';
};
};
};
}

16
aspects/bluetooth.nix
View file

@ -1,16 +1,6 @@
{ ... }: { ... }:
{ {
flake.modules.nixos.bluetooth = flake.modules.nixos.bluetooth = { config, lib, pkgs, ... }: {
{ hardware.bluetooth.enable = true;
config, };
lib,
pkgs,
...
}:
{
hardware.bluetooth = {
enable = true;
powerOnBoot = false;
};
};
} }

31
aspects/cli/btop.nix
View file

@ -1,28 +1,13 @@
{ ... }: { ... }:
{ {
flake.modules = { flake.modules.homeManager.cli-btop = { config, lib, pkgs, ... }: {
nixos.btop = programs.btop = {
{ pkgs, ... }: enable = true;
{ settings = {
environment.systemPackages = with pkgs; [ btop ]; theme_background = false;
}; proc_sorting = "cpu direct";
update_ms = 500;
homeManager.btop =
{
config,
lib,
pkgs,
...
}:
{
programs.btop = {
enable = true;
settings = {
theme_background = false;
proc_sorting = "cpu direct";
update_ms = 500;
};
};
}; };
};
}; };
} }

16
aspects/cli/comma.nix
View file

@ -1,16 +1,8 @@
{ ... }: { ... }:
{ {
flake.modules.homeManager.comma = flake.modules.homeManager.cli-comma = { config, lib, pkgs, inputs, ... }: {
{ imports = [ inputs.nix-index-database.homeModules.nix-index ];
config,
lib,
pkgs,
inputs,
...
}:
{
imports = [ inputs.nix-index-database.homeModules.nix-index ];
programs.nix-index-database.comma.enable = true; programs.nix-index-database.comma.enable = true;
}; };
} }

17
aspects/cli/direnv.nix
View file

@ -1,16 +1,9 @@
{ ... }: { ... }:
{ {
flake.modules.homeManager.direnv = flake.modules.homeManager.cli-direnv = { config, lib, pkgs, ... }: {
{ programs.direnv = {
config, enable = true;
lib, nix-direnv.enable = true;
pkgs,
...
}:
{
programs.direnv = {
enable = true;
nix-direnv.enable = true;
};
}; };
};
} }

104
aspects/cli/helix.nix
View file

@ -1,74 +1,50 @@
{ ... }: { ... }:
{ {
flake.modules = { flake.modules.homeManager.cli-helix = { config, lib, pkgs, ... }: {
nixos.helix = home.sessionVariables = {
{ pkgs, ... }: EDITOR = "hx";
{ };
environment.systemPackages = with pkgs; [
helix
];
};
homeManager.helix = programs.helix = {
{ enable = true;
config, settings = {
lib, editor = {
pkgs, file-picker.hidden = false;
... idle-timeout = 0;
}: line-number = "relative";
{ cursor-shape = {
home.sessionVariables = { normal = "underline";
EDITOR = "hx"; insert = "bar";
select = "underline";
};
soft-wrap.enable = true;
auto-format = true;
indent-guides.render = true;
}; };
keys.normal = {
programs.helix = { space = {
enable = true; o = "file_picker_in_current_buffer_directory";
themes = { esc = [
base16_terminal_transparent = { "collapse_selection"
inherits = "base16_terminal"; "keep_primary_selection"
"ui.background" = { };
};
};
settings = {
theme = "base16_terminal_transparent";
editor = {
file-picker.hidden = false;
idle-timeout = 0;
line-number = "relative";
cursor-shape = {
normal = "underline";
insert = "bar";
select = "underline";
};
soft-wrap.enable = true;
auto-format = true;
indent-guides.render = true;
};
keys.normal = {
space = {
o = "file_picker_in_current_buffer_directory";
esc = [
"collapse_selection"
"keep_primary_selection"
];
};
};
};
languages = {
language = [
{
name = "nix";
auto-format = true;
formatter.command = "nixfmt";
}
{
name = "typst";
auto-format = true;
formatter.command = "typstyle -c 1000 -i";
}
]; ];
}; };
}; };
}; };
languages = {
language = [
{
name = "nix";
auto-format = true;
formatter.command = "nixfmt";
}
{
name = "typst";
auto-format = true;
formatter.command = "typstyle -c 1000 -i";
}
];
};
};
}; };
} }

19
aspects/cli/hm-cli.nix
View file

@ -1,18 +1,11 @@
{ ... }: { ... }:
{ {
flake.modules.homeManager.hm-cli = flake.modules.homeManager.cli-base = { config, lib, pkgs, ... }: {
{ home = {
config, packages = with pkgs; [ hm-cli ];
lib, sessionVariables = {
pkgs, HM_PATH = "/etc/nixos";
...
}:
{
home = {
packages = with pkgs; [ hm-cli ];
sessionVariables = {
HM_PATH = "/etc/nixos";
};
}; };
}; };
};
} }

77
aspects/cli/starship.nix
View file

@ -1,48 +1,41 @@
{ ... }: { ... }:
{ {
flake.modules.homeManager.starship = flake.modules.homeManager.cli-starship = { config, lib, pkgs, ... }: {
{ programs.starship = {
config, enable = true;
lib, enableBashIntegration = true;
pkgs, enableFishIntegration = true;
... settings = {
}: add_newline = false;
{ format = ''
programs.starship = { $hostname$directory$git_branch$git_status$nix_shell
enable = true; [ ](bold green)
enableBashIntegration = true; '';
enableFishIntegration = true; right_format = "$cmd_duration$character";
settings = { hostname = {
add_newline = false; ssh_symbol = "󰖟 ";
format = '' };
$hostname$directory$git_branch$git_status$nix_shell character = {
[ ](bold green) error_symbol = "[](red)";
''; success_symbol = "[󱐋](green)";
right_format = "$cmd_duration$character"; };
hostname = { cmd_duration = {
ssh_symbol = "󰖟 "; format = "[󰄉 $duration ]($style)";
}; style = "yellow";
character = { min_time = 500;
error_symbol = "[](red)"; };
success_symbol = "[󱐋](green)"; git_branch = {
}; symbol = " ";
cmd_duration = { style = "purple";
format = "[󰄉 $duration ]($style)"; };
style = "yellow"; git_status.style = "red";
min_time = 500; nix_shell = {
}; format = "via [$symbol$state]($style)";
git_branch = { heuristic = true;
symbol = " "; style = "blue";
style = "purple"; symbol = "󱄅 ";
};
git_status.style = "red";
nix_shell = {
format = "via [$symbol$state]($style)";
heuristic = true;
style = "blue";
symbol = "󱄅 ";
};
}; };
}; };
}; };
};
} }

33
aspects/cli/tmux.nix
View file

@ -1,29 +1,12 @@
{ ... }: { ... }:
{ {
flake.modules = { flake.modules.homeManager.cli-tmux = { config, lib, pkgs, ... }: {
nixos.tmux = programs.tmux = {
{ pkgs, ... }: enable = true;
{ clock24 = true;
environment.systemPackages = with pkgs; [ terminal = "xterm-256color";
tmux mouse = true;
]; keyMode = "vi";
}; };
homeManager.tmux =
{
config,
lib,
pkgs,
...
}:
{
programs.tmux = {
enable = true;
clock24 = true;
terminal = "xterm-256color";
mouse = true;
keyMode = "vi";
};
};
}; };
} }

21
aspects/common/boot.nix Normal file
View file

@ -0,0 +1,21 @@
{ ... }:
{
flake.modules.nixos.common-boot = { pkgs, ... }: {
boot = {
loader = {
timeout = 1;
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
editor = false;
consoleMode = "max";
sortKey = "aa";
netbootxyz = {
enable = true;
sortKey = "zz";
};
};
};
};
};
}

9
aspects/common/console.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
flake.modules.nixos.common-console = { ... }: {
console = {
useXkbConfig = true;
earlySetup = true;
};
};
}

9
aspects/common/firewall.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
flake.modules.nixos.common-firewall = { ... }: {
networking = {
firewall.enable = true;
nftables.enable = true;
};
};
}

22
aspects/common/locale.nix Normal file
View file

@ -0,0 +1,22 @@
{ ... }:
{
flake.modules.nixos.common-locale = { ... }: {
time.timeZone = "America/Bahia";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "pt_BR.utf8";
LC_COLLATE = "pt_BR.utf8";
LC_IDENTIFICATION = "pt_BR.utf8";
LC_MEASUREMENT = "pt_BR.utf8";
LC_MONETARY = "pt_BR.utf8";
LC_NAME = "pt_BR.utf8";
LC_NUMERIC = "pt_BR.utf8";
LC_PAPER = "pt_BR.utf8";
LC_TELEPHONE = "pt_BR.utf8";
LC_TIME = "en_IE.utf8";
};
};
};
}

39
aspects/common/nix.nix Normal file
View file

@ -0,0 +1,39 @@
{ ... }:
{
flake.modules.nixos.common-nix = { inputs, ... }: {
imports = [ inputs.nixos-cli.nixosModules.nixos-cli ];
nix = {
settings = {
auto-optimise-store = true;
connect-timeout = 10;
log-lines = 25;
min-free = 128000000;
max-free = 1000000000;
trusted-users = [ "@wheel" ];
};
extraOptions = "experimental-features = nix-command flakes";
gc = {
automatic = true;
options = "--delete-older-than 8d";
};
};
nixpkgs.config = {
allowUnfree = true;
enableParallelBuilding = true;
buildManPages = false;
buildDocs = false;
};
services.nixos-cli = {
enable = true;
config = {
use_nvd = true;
ignore_dirty_tree = true;
};
};
system.stateVersion = "22.11";
};
}

12
aspects/common/openssh.nix Normal file
View file

@ -0,0 +1,12 @@
{ ... }:
{
flake.modules.nixos.common-openssh = { ... }: {
services.openssh = {
enable = true;
settings.PermitRootLogin = "no";
extraConfig = ''
PrintLastLog no
'';
};
};
}

43
aspects/common/programs.nix Normal file
View file

@ -0,0 +1,43 @@
{ ... }:
{
flake.modules.nixos.common-programs =
{ lib, pkgs, ... }:
{
environment = {
systemPackages = with pkgs; [
### Dev Tools ###
git
### System Utilities ###
btop
fastfetch
helix
nixos-firewall-tool
nvd
sysz
tmux
wget
yazi
];
shellAliases = {
cat = "${lib.getExe pkgs.bat} --paging=never --style=plain";
ls = "${lib.getExe pkgs.eza} --git --icons --group-directories-first";
tree = "ls --tree";
};
};
programs = {
command-not-found.enable = false;
fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting
if set -q SSH_CONNECTION
export TERM=xterm-256color
clear
fastfetch
end
'';
};
};
};
}

2
aspects/base/security.nix → aspects/common/security.nix
View file

@ -1,6 +1,6 @@
{ ... }: { ... }:
{ {
flake.modules.nixos.security = flake.modules.nixos.common-security =
{ ... }: { ... }:
{ {
security.sudo = { security.sudo = {

10
aspects/common/services.nix Normal file
View file

@ -0,0 +1,10 @@
{ ... }:
{
flake.modules.nixos.common-services = { ... }: {
services = {
dbus.implementation = "broker";
irqbalance.enable = true;
fstrim.enable = true;
};
};
}

9
aspects/common/tailscale.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
flake.modules.nixos.common-tailscale = { ... }: {
services.tailscale = {
enable = true;
extraUpFlags = [ "--operator=user" ];
};
};
}

108
aspects/constants.nix
View file

@ -1,9 +1,4 @@
{ { lib, config, ... }:
inputs,
lib,
config,
...
}:
let let
# Host submodule type # Host submodule type
@ -59,15 +54,12 @@ let
sharedData = import ../data/services.nix; sharedData = import ../data/services.nix;
# Enrich services with host IP information # Enrich services with host IP information
enrichServices = enrichServices = hosts: services:
hosts: services: map (svc:
map (
svc:
let let
hostInfo = hosts.${svc.host} or { }; hostInfo = hosts.${svc.host} or {};
in in
svc svc // {
// {
lanIP = hostInfo.lanIP or null; lanIP = hostInfo.lanIP or null;
tailscaleIP = hostInfo.tailscaleIP or null; tailscaleIP = hostInfo.tailscaleIP or null;
} }
@ -78,19 +70,19 @@ in
options.flake = { options.flake = {
hosts = lib.mkOption { hosts = lib.mkOption {
type = lib.types.attrsOf hostType; type = lib.types.attrsOf hostType;
default = { }; default = {};
description = "Host definitions with IP addresses"; description = "Host definitions with IP addresses";
}; };
services = lib.mkOption { services = lib.mkOption {
type = lib.types.listOf serviceType; type = lib.types.listOf serviceType;
default = [ ]; default = [];
description = "Service definitions with enriched host information"; description = "Service definitions with enriched host information";
}; };
lib = lib.mkOption { lib = lib.mkOption {
type = lib.types.attrsOf lib.types.raw; type = lib.types.attrsOf lib.types.raw;
default = { }; default = {};
description = "Utility functions for flake configuration"; description = "Utility functions for flake configuration";
}; };
}; };
@ -102,11 +94,9 @@ in
lib = { lib = {
# Nginx virtual host utilities # Nginx virtual host utilities
mkNginxVHosts = mkNginxVHosts = { domains }:
{ domains }:
let let
mkVHostConfig = mkVHostConfig = domain: vhostConfig:
domain: vhostConfig:
lib.recursiveUpdate { lib.recursiveUpdate {
useACMEHost = domain; useACMEHost = domain;
forceSSL = true; forceSSL = true;
@ -117,8 +107,7 @@ in
# Split DNS utilities for unbound # Split DNS utilities for unbound
# Generates unbound view config from a list of DNS entries # Generates unbound view config from a list of DNS entries
mkSplitDNS = mkSplitDNS = entries:
entries:
let let
tailscaleData = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') entries; tailscaleData = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') entries;
lanData = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') entries; lanData = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') entries;
@ -137,81 +126,6 @@ in
local-data = lanData; local-data = lanData;
} }
]; ];
# Generates flake.homeConfigurations
mkHomeConfiguration =
{
user,
hostname,
system ? "x86_64-linux",
stateVersion ? "22.05",
nixpkgs ? inputs.nixpkgs, # override with e.g. inputs.nixpkgs-stable
userModules ? [ ],
overlays ? [ inputs.self.overlays.default ],
homeManagerModules ? with inputs.self.modules.homeManager; [
base
cli
],
userDirectory ? "/home/${user}",
}:
inputs.home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.${system};
extraSpecialArgs = {
inherit inputs hostname;
};
modules = [
{ nixpkgs.overlays = overlays; }
{
home = {
username = user;
homeDirectory = userDirectory;
inherit stateVersion;
};
}
((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p))
"/${inputs.self}/aspects/users/_${user}"
)
]
++ homeManagerModules
++ userModules;
};
# Generates flake.nixosConfigurations
mkHost =
{
hostname,
system ? "x86_64-linux",
nixpkgs ? inputs.nixpkgs,
overlays ? [
inputs.agenix.overlays.default
inputs.self.overlays.default
],
ephemeralRootDev ? null, # pass rootDevice string to enable, e.g. ephemeralephemeralRootDev = "/dev/mapper/cryptroot"
nixosModules ? with inputs.self.modules.nixos; [
base
cli
user
root
],
extraModules ? [ ],
}:
nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs; };
modules = [
inputs.agenix.nixosModules.default
{ networking.hostName = hostname; }
{ nixpkgs.overlays = overlays; }
((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p))
"${inputs.self}/aspects/hosts/_${hostname}"
)
]
++ (lib.optional (ephemeralRootDev != null) (
inputs.self.factory.ephemeral { rootDevice = ephemeralRootDev; }
))
++ nixosModules
++ extraModules;
};
}; };
}; };
} }

27
aspects/desktop/boot.nix Normal file
View file

@ -0,0 +1,27 @@
{ ... }:
{
flake.modules.nixos.desktop-boot = { config, lib, pkgs, ... }: {
boot = {
plymouth.enable = true;
initrd.systemd.enable = true;
loader.efi.efiSysMountPoint = "/boot/efi";
kernelPackages = pkgs.linuxPackages_xanmod_latest;
extraModprobeConfig = ''
options bluetooth disable_ertm=1
'';
kernel.sysctl = {
"net.ipv4.tcp_mtu_probing" = 1;
};
kernelParams = [
"quiet"
"splash"
"i2c-dev"
"i2c-piix4"
"loglevel=3"
"udev.log_priority=3"
"rd.udev.log_level=3"
"rd.systemd.show_status=false"
];
};
};
}

292
aspects/desktop/desktop.nix Normal file
View file

@ -0,0 +1,292 @@
{
inputs,
...
}:
{
flake.modules = {
nixos.desktop-desktop = { config, lib, pkgs, ... }: {
imports = [
inputs.niri-flake.nixosModules.niri
inputs.nix-flatpak.nixosModules.nix-flatpak
];
environment = {
sessionVariables = {
KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir
NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland
};
systemPackages = with pkgs; [
### Web ###
bitwarden-desktop
fragments
nextcloud-client
tor-browser
vesktop
inputs.zen-browser.packages."${system}".default
### Office & Productivity ###
aspell
aspellDicts.de
aspellDicts.en
aspellDicts.en-computers
aspellDicts.pt_BR
papers
presenterm
rnote
### Graphics & Design ###
gimp
inkscape
plasticity
### System Utilities ###
adwaita-icon-theme
ghostty
gnome-disk-utility
junction
libfido2
mission-center
nautilus
p7zip
rclone
toggleaudiosink
unrar
### Media ###
decibels
loupe
obs-studio
showtime
];
};
services = {
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
wireplumber.enable = true;
};
greetd = {
enable = true;
settings = {
default_session = {
command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session";
user = "greeter";
};
}
// lib.optionalAttrs (config.networking.hostName == "io") {
initial_session = {
command = "${config.programs.niri.package}/bin/niri-session";
user = "user";
};
};
};
flatpak = {
enable = true;
packages = [
### Office & Productivity ###
"com.collabora.Office"
### Graphics & Design ###
"com.boxy_svg.BoxySVG"
rec {
appId = "io.github.softfever.OrcaSlicer";
sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1";
bundle = "${pkgs.fetchurl {
url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak";
inherit sha256;
}}";
}
### System Utilities ###
"com.github.tchx84.Flatseal"
"com.rustdesk.RustDesk"
];
uninstallUnmanaged = true;
update.auto.enable = true;
};
gvfs.enable = true;
};
security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority
users = {
users.greeter = {
isSystemUser = true;
group = "greeter";
};
groups.greeter = { };
};
programs = {
niri = {
enable = true;
package = inputs.niri.packages.${pkgs.system}.niri;
};
kdeconnect = {
enable = true;
package = pkgs.valent;
};
dconf.enable = true;
appimage = {
enable = true;
binfmt = true;
};
};
niri-flake.cache.enable = false;
fonts = {
fontDir.enable = true;
packages = with pkgs; [
corefonts
inter
nerd-fonts.fira-code
noto-fonts-cjk-sans
noto-fonts-color-emoji
roboto
];
};
xdg.portal = {
extraPortals = with pkgs; [
xdg-desktop-portal-gnome
xdg-desktop-portal-gtk
];
config = {
common.default = "*";
niri.default = [
"gtk"
"gnome"
];
};
};
};
homeManager.desktop-desktop = { config, lib, pkgs, inputs, ... }: {
imports = [ inputs.vicinae.homeManagerModules.default ];
fonts.fontconfig.enable = true;
home.packages = with pkgs; [ xwayland-satellite ];
services.vicinae = {
enable = true;
systemd = {
enable = true;
autoStart = true;
};
};
programs = {
ghostty = {
enable = true;
settings = {
cursor-style = "block";
shell-integration-features = "no-cursor";
cursor-style-blink = false;
custom-shader = "${builtins.fetchurl {
url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl";
sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41";
}}";
bell-features = "";
gtk-titlebar-style = "tabs";
keybind = [ "shift+enter=text:\\x1b\\r" ];
};
};
password-store = {
enable = true;
package = pkgs.pass-wayland;
};
};
xdg = {
enable = true;
userDirs.enable = true;
mimeApps = {
enable = true;
defaultApplications = {
"text/html" = [
"re.sonny.Junction.desktop"
"zen-browser.desktop"
"torbrowser.desktop"
];
"x-scheme-handler/http" = [
"re.sonny.Junction.desktop"
"zen-browser.desktop"
"torbrowser.desktop"
];
"x-scheme-handler/https" = [
"re.sonny.Junction.desktop"
"zen-browser.desktop"
"torbrowser.desktop"
];
"x-scheme-handler/about" = [
"re.sonny.Junction.desktop"
"zen-browser.desktop"
"torbrowser.desktop"
];
"x-scheme-handler/unknown" = [
"re.sonny.Junction.desktop"
"zen-browser.desktop"
"torbrowser.desktop"
];
"image/jpeg" = "org.gnome.Loupe.desktop";
"image/png" = "org.gnome.Loupe.desktop";
"image/gif" = "org.gnome.Loupe.desktop";
"image/webp" = "org.gnome.Loupe.desktop";
"image/bmp" = "org.gnome.Loupe.desktop";
"image/svg+xml" = "org.gnome.Loupe.desktop";
"image/tiff" = "org.gnome.Loupe.desktop";
"video/mp4" = "io.bassi.Showtime.desktop";
"video/x-matroska" = "io.bassi.Showtime.desktop";
"video/webm" = "io.bassi.Showtime.desktop";
"video/mpeg" = "io.bassi.Showtime.desktop";
"video/x-msvideo" = "io.bassi.Showtime.desktop";
"video/quicktime" = "io.bassi.Showtime.desktop";
"video/x-flv" = "io.bassi.Showtime.desktop";
"audio/mpeg" = "io.bassi.Showtime.desktop";
"audio/flac" = "io.bassi.Showtime.desktop";
"audio/ogg" = "io.bassi.Showtime.desktop";
"audio/wav" = "io.bassi.Showtime.desktop";
"audio/mp4" = "io.bassi.Showtime.desktop";
"audio/x-opus+ogg" = "io.bassi.Showtime.desktop";
"application/pdf" = [
"org.gnome.Papers.desktop"
"zen-browser.desktop"
];
"text/plain" = "Helix.desktop";
"text/markdown" = "Helix.desktop";
"text/x-log" = "Helix.desktop";
"application/x-shellscript" = "Helix.desktop";
"application/vnd.openxmlformats-officedocument.wordprocessingml.document" =
"com.collabora.Office.desktop"; # DOCX
"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" =
"com.collabora.Office.desktop"; # XLSX
"application/vnd.openxmlformats-officedocument.presentationml.presentation" =
"com.collabora.Office.desktop"; # PPTX
"application/vnd.oasis.opendocument.text" = "com.collabora.Office.desktop"; # ODT
"application/vnd.oasis.opendocument.spreadsheet" = "com.collabora.Office.desktop"; # ODS
"application/vnd.oasis.opendocument.presentation" = "com.collabora.Office.desktop"; # ODP
"application/msword" = "com.collabora.Office.desktop"; # DOC
"application/vnd.ms-excel" = "com.collabora.Office.desktop"; # XLS
"application/vnd.ms-powerpoint" = "com.collabora.Office.desktop"; # PPT
"application/zip" = "org.gnome.FileRoller.desktop";
"application/x-tar" = "org.gnome.FileRoller.desktop";
"application/x-compressed-tar" = "org.gnome.FileRoller.desktop";
"application/x-bzip-compressed-tar" = "org.gnome.FileRoller.desktop";
"application/x-xz-compressed-tar" = "org.gnome.FileRoller.desktop";
"application/x-7z-compressed" = "org.gnome.FileRoller.desktop";
"application/x-rar" = "org.gnome.FileRoller.desktop";
"application/gzip" = "org.gnome.FileRoller.desktop";
"application/x-bzip" = "org.gnome.FileRoller.desktop";
"inode/directory" = "org.gnome.Nautilus.desktop";
};
};
};
# Set Ghostty as default terminal
home.sessionVariables = {
TERMINAL = "ghostty";
};
};
};
}

61
aspects/desktop/kde.nix
View file

@ -1,61 +0,0 @@
{ ... }:
{
flake.modules = {
nixos.kde =
{ pkgs, ... }:
{
services = {
displayManager = {
autoLogin = {
enable = true;
user = "user";
};
plasma-login-manager.enable = true;
};
desktopManager.plasma6.enable = true;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
wireplumber.enable = true;
};
};
xdg.portal = {
enable = true;
xdgOpenUsePortal = true;
extraPortals = with pkgs; [
kdePackages.xdg-desktop-portal-kde
xdg-desktop-portal-gtk
xdg-desktop-portal-gnome
];
config.common.default = "*";
};
environment = {
systemPackages = with pkgs; [
kara
kdePackages.karousel
kdePackages.krdc
kde-rounded-corners
];
plasma6.excludePackages = with pkgs.kdePackages; [
elisa
gwenview
kate
khelpcenter
];
};
programs = {
kdeconnect.enable = true;
partition-manager.enable = true;
};
};
homeManager.kde =
{ pkgs, ... }:
{
};
};
}

220
aspects/desktop/niri.nix Normal file
View file

@ -0,0 +1,220 @@
{ ... }:
{
flake.modules.homeManager.desktop-niri = { config, lib, pkgs, inputs, hostname ? null, ... }:
let
isRotterdam = hostname == "rotterdam";
in
{
imports = [ inputs.noctalia.homeModules.default ];
services.kanshi = {
enable = true;
settings = [
{
profile.name = "default";
profile.outputs = [
{
criteria = "*";
scale = 1.0;
}
];
}
];
};
home = {
packages = with pkgs; [
xwayland-satellite
inputs.noctalia.packages.${pkgs.system}.default
];
sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3";
};
xdg.configFile."niri/config.kdl".text = ''
input {
keyboard {
xkb {
layout "us"
variant "altgr-intl"
}
}
touchpad {
tap
dwt
drag true
drag-lock
natural-scroll
accel-speed 0.2
accel-profile "flat"
scroll-method "two-finger"
middle-emulation
}
mouse {
natural-scroll
accel-speed 0.2
accel-profile "flat"
}
warp-mouse-to-focus mode="center-xy"
focus-follows-mouse
}
layout {
gaps 8
center-focused-column "never"
auto-center-when-space-available
preset-column-widths {
${
if isRotterdam then
''
proportion 0.33333
proportion 0.5
proportion 0.66667
''
else
''
proportion 0.5
proportion 1.0
''
}
}
default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; }
focus-ring {
off
}
border {
width 4
active-color "#ffc87f"
inactive-color "#505050"
urgent-color "#9b0000"
}
tab-indicator {
width 4
gap 4
place-within-column
}
}
overview {
zoom 0.65
}
spawn-at-startup "noctalia-shell" "-d"
layer-rule {
match namespace="^noctalia-overview*"
place-within-backdrop true
}
hotkey-overlay {
skip-at-startup
}
prefer-no-csd
screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png"
animations {
slowdown 0.3
}
window-rule {
match app-id="zen"
default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; }
}
window-rule {
geometry-corner-radius 12
clip-to-geometry true
}
config-notification {
disable-failed
}
binds {
Alt+Space repeat=false { spawn "vicinae" "toggle"; }
XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; }
XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; }
XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; }
XF86MonBrightnessUp allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "increase"; }
XF86MonBrightnessDown allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "decrease"; }
XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; }
XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; }
XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; }
XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; }
Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; }
Mod+Shift+L repeat=false { spawn "noctalia-shell" "ipc" "call" "lockScreen" "lock"; }
Mod+Return { spawn "ghostty"; }
Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; }
Mod+W repeat=false { toggle-overview; }
Mod+Q { close-window; }
Alt+Shift+Q { close-window;}
Mod+Shift+Q { close-window; }
Alt+F4 { close-window; }
Mod+Left { focus-column-left; }
Mod+Down { focus-window-or-workspace-down; }
Mod+Up { focus-window-or-workspace-up; }
Mod+Right { focus-column-right; }
Mod+H { focus-column-left; }
Mod+L { focus-column-right; }
Mod+J { focus-window-or-workspace-down; }
Mod+K { focus-window-or-workspace-up; }
Mod+Ctrl+Left { move-column-left; }
Mod+Ctrl+Down { move-window-down-or-to-workspace-down; }
Mod+Ctrl+Up { move-window-up-or-to-workspace-up; }
Mod+Ctrl+Right { move-column-right; }
Mod+Ctrl+H { move-column-left; }
Mod+Ctrl+J { move-window-down-or-to-workspace-down; }
Mod+Ctrl+K { move-window-up-or-to-workspace-up; }
Mod+Ctrl+L { move-column-right; }
Mod+Home { focus-column-first; }
Mod+End { focus-column-last; }
Mod+Ctrl+Home { move-column-to-first; }
Mod+Ctrl+End { move-column-to-last; }
Mod+Alt+Left { focus-monitor-left; }
Mod+Alt+Down { focus-monitor-down; }
Mod+Alt+Up { focus-monitor-up; }
Mod+Alt+Right { focus-monitor-right; }
Mod+Alt+H { focus-monitor-left; }
Mod+Alt+J { focus-monitor-down; }
Mod+Alt+K { focus-monitor-up; }
Mod+Alt+L { focus-monitor-right; }
Mod+Alt+Ctrl+Left { move-column-to-monitor-left; }
Mod+Alt+Ctrl+Down { move-column-to-monitor-down; }
Mod+Alt+Ctrl+Up { move-column-to-monitor-up; }
Mod+Alt+Ctrl+Right { move-column-to-monitor-right; }
Mod+Alt+Ctrl+H { move-column-to-monitor-left; }
Mod+Alt+Ctrl+J { move-column-to-monitor-down; }
Mod+Alt+Ctrl+K { move-column-to-monitor-up; }
Mod+Alt+Ctrl+L { move-column-to-monitor-right; }
Mod+Ctrl+U { move-workspace-down; }
Mod+Ctrl+I { move-workspace-up; }
Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; }
Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; }
Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; }
Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; }
Mod+Shift+WheelScrollDown { focus-column-right; }
Mod+Shift+WheelScrollUp { focus-column-left; }
Mod+Ctrl+Shift+WheelScrollDown { move-column-right; }
Mod+Ctrl+Shift+WheelScrollUp { move-column-left; }
Mod+BracketLeft { consume-or-expel-window-left; }
Mod+BracketRight { consume-or-expel-window-right; }
Mod+Comma { consume-window-into-column; }
Mod+Period { expel-window-from-column; }
Mod+R { switch-preset-column-width; }
Mod+F { maximize-column; }
Mod+Ctrl+F { fullscreen-window; }
Mod+C { center-visible-columns; }
Mod+Ctrl+C { center-column; }
Mod+Space { toggle-window-floating; }
Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; }
Mod+T { toggle-column-tabbed-display; }
Print { screenshot-screen; }
Mod+Print { screenshot; }
Ctrl+Print { screenshot-window; }
Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; }
Mod+Alt+E { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; }
Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; }
Mod+Ctrl+P { power-off-monitors; }
}
'';
};
}

14
aspects/desktop/nix.nix Normal file
View file

@ -0,0 +1,14 @@
{ inputs, ... }:
{
flake.modules.nixos.desktop-nix = { config, lib, pkgs, ... }: {
environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath;
nix = {
registry.nixpkgs.flake = inputs.nixpkgs;
nixPath = [
"nixpkgs=${inputs.nixpkgs}"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
};
}

16
aspects/desktop/services.nix Normal file
View file

@ -0,0 +1,16 @@
{ ... }:
{
flake.modules.nixos.desktop-services = { config, lib, pkgs, ... }: {
services = {
printing.enable = true;
udev.packages = with pkgs; [ yubikey-personalization ];
keyd = {
enable = true;
keyboards.all = {
ids = [ "*" ];
settings.main.capslock = "overload(meta, esc)";
};
};
};
};
}

34
aspects/dev.nix
View file

@ -1,23 +1,19 @@
{ ... }: { ... }:
{ {
flake.modules.nixos.dev = flake.modules.nixos.dev = { config, lib, pkgs, ... }: {
{ environment.systemPackages = with pkgs; [
config, android-tools
lib, bat
pkgs, lazygit
... fd
}: fzf
{ glow
environment.systemPackages = with pkgs; [ nixfmt
android-tools nix-init
lazygit nix-output-monitor
fd ripgrep
fzf ];
nixfmt
nix-init
ripgrep
];
users.users.user.extraGroups = [ "adbusers" ]; users.users.user.extraGroups = [ "adbusers" ];
}; };
} }

29
aspects/ephemeral.nix
View file

@ -3,8 +3,7 @@
{ inputs, ... }: { inputs, ... }:
{ {
# Base module with options (for external flakes or direct use) # Base module with options (for external flakes or direct use)
flake.modules.nixos.ephemeral = flake.modules.nixos.ephemeral = { lib, config, ... }:
{ lib, config, ... }:
let let
cfg = config.ephemeral; cfg = config.ephemeral;
in in
@ -62,7 +61,6 @@
mkdir -p /btrfs_tmp/old_roots mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/${cfg.rootSubvolume})" "+%Y-%m-%-d_%H:%M:%S") timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/${cfg.rootSubvolume})" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/${cfg.rootSubvolume} "/btrfs_tmp/old_roots/$timestamp" mv /btrfs_tmp/${cfg.rootSubvolume} "/btrfs_tmp/old_roots/$timestamp"
touch "/btrfs_tmp/old_roots/$timestamp"
fi fi
delete_subvolume_recursively() { delete_subvolume_recursively() {
@ -91,19 +89,18 @@
# Factory function that generates configured modules # Factory function that generates configured modules
flake.factory.ephemeral = flake.factory.ephemeral =
{ { rootDevice
rootDevice, , rootSubvolume ? "@root"
rootSubvolume ? "@root", , retentionDays ? 30
retentionDays ? 30, , persistentStoragePath ? "/persistent"
persistentStoragePath ? "/persistent", , persistentFiles ? [
persistentFiles ? [
"/etc/machine-id" "/etc/machine-id"
"/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub" "/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key" "/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub" "/etc/ssh/ssh_host_rsa_key.pub"
], ]
persistentDirectories ? [ , persistentDirectories ? [
"/etc/NetworkManager/system-connections" "/etc/NetworkManager/system-connections"
"/etc/nixos" "/etc/nixos"
"/var/lib/bluetooth" "/var/lib/bluetooth"
@ -114,10 +111,9 @@
"/var/lib/systemd/timers" "/var/lib/systemd/timers"
"/var/lib/tailscale" "/var/lib/tailscale"
"/var/log" "/var/log"
], ]
}: }:
{ ... }: { ... }: {
{
imports = [ imports = [
inputs.impermanence.nixosModules.impermanence inputs.impermanence.nixosModules.impermanence
inputs.self.modules.nixos.ephemeral inputs.self.modules.nixos.ephemeral
@ -129,11 +125,6 @@
oldRootRetentionDays = retentionDays; oldRootRetentionDays = retentionDays;
}; };
age.identityPaths = [
"${persistentStoragePath}/etc/ssh/ssh_host_ed25519_key"
"${persistentStoragePath}/etc/ssh/ssh_host_rsa_key"
];
fileSystems."/persistent".neededForBoot = true; fileSystems."/persistent".neededForBoot = true;
environment.persistence.main = { environment.persistence.main = {

13
aspects/fwupd.nix
View file

@ -1,13 +1,6 @@
{ ... }: { ... }:
{ {
flake.modules.nixos.fwupd = flake.modules.nixos.fwupd = { config, lib, pkgs, ... }: {
{ services.fwupd.enable = true;
config, };
lib,
pkgs,
...
}:
{
services.fwupd.enable = true;
};
} }

23
aspects/gaming/flatpak.nix Normal file
View file

@ -0,0 +1,23 @@
{ ... }:
{
flake.modules.nixos.gaming-flatpak = { pkgs, ... }: {
services.flatpak.packages = [
"com.github.k4zmu2a.spacecadetpinball"
"com.steamgriddb.SGDBoop"
"io.github.Foldex.AdwSteamGtk"
"io.itch.itch"
"io.mrarm.mcpelauncher"
"net.retrodeck.retrodeck"
"org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08"
rec {
appId = "com.hypixel.HytaleLauncher";
sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv";
bundle = "${pkgs.fetchurl {
url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak";
inherit sha256;
}}";
}
];
};
}

11
aspects/gaming/hardware.nix Normal file
View file

@ -0,0 +1,11 @@
{ ... }:
{
flake.modules.nixos.gaming-hardware = { ... }: {
hardware = {
xpadneo.enable = true;
steam-hardware.enable = true; # Allow steam client to manage controllers
graphics.enable32Bit = true; # For OpenGL games
};
};
}

11
aspects/gaming/launchers.nix Normal file
View file

@ -0,0 +1,11 @@
{ ... }:
{
flake.modules.nixos.gaming-launchers = { pkgs, ... }: {
environment.systemPackages = with pkgs; [
clonehero
heroic
prismlauncher
];
};
}

72
aspects/gaming/mangohud.nix
View file

@ -2,46 +2,42 @@
{ {
flake.modules = { flake.modules = {
nixos.mangohud = nixos.gaming-mangohud = { pkgs, ... }: {
{ pkgs, ... }: environment.systemPackages = with pkgs; [
{ mangohud
environment.systemPackages = with pkgs; [ ];
mangohud };
];
};
homeManager.mangohud = homeManager.gaming-mangohud = { config, ... }: {
{ config, ... }: programs.mangohud = {
{ enable = true;
programs.mangohud = { enableSessionWide = true;
enable = true; settings = {
enableSessionWide = true; position = "top-left";
settings = { fps = true;
position = "top-left"; frametime = false;
fps = true; frame_timing = false;
frametime = false; gpu_stats = true;
frame_timing = false; gpu_temp = true;
gpu_stats = true; gpu_power = true;
gpu_temp = true; cpu_stats = true;
gpu_power = true; cpu_temp = true;
cpu_stats = true; cpu_power = true;
cpu_temp = true; ram = true;
cpu_power = true; vram = true;
ram = true; gamemode = false;
vram = true; vkbasalt = false;
gamemode = false; version = false;
vkbasalt = false; engine_version = false;
version = false; vulkan_driver = false;
engine_version = false; wine = false;
vulkan_driver = false; time = false;
wine = false; fps_sampling_period = 500;
time = false; toggle_hud = "Shift_L+F12";
fps_sampling_period = 500; toggle_logging = "Ctrl_L+F2";
toggle_hud = "Shift_L+F12"; output_folder = "${config.home.homeDirectory}/.local/share/mangohud";
toggle_logging = "Ctrl_L+F2";
output_folder = "${config.home.homeDirectory}/.local/share/mangohud";
};
}; };
}; };
};
}; };
} }

27
aspects/gaming/steam.nix
View file

@ -1,24 +1,17 @@
{ ... }: { ... }:
{ {
flake.modules.nixos.steam = flake.modules.nixos.gaming-steam = { pkgs, ... }: {
{ pkgs, ... }: environment.systemPackages = with pkgs; [
{ steam-run
environment.systemPackages = with pkgs; [ ];
steam-run
];
programs = { programs = {
steam = { steam = {
enable = true; enable = true;
extraCompatPackages = [ pkgs.proton-ge-bin ]; extraCompatPackages = [ pkgs.proton-ge-bin ];
};
gamemode.enable = true;
}; };
gamemode.enable = true;
services.flatpak.packages = [
"com.steamgriddb.SGDBoop"
"io.github.Foldex.AdwSteamGtk"
];
}; };
};
} }

82
aspects/hosts/_alexandria/kanidm.nix Normal file
View file

@ -0,0 +1,82 @@
{
config,
lib,
inputs,
pkgs,
...
}:
let
mkNginxVHosts = inputs.self.lib.mkNginxVHosts;
kanidmCertDir = "/var/lib/kanidm/certs";
in
{
services.kanidm = {
enableServer = true;
enableClient = true;
package = pkgs.kanidm;
serverSettings = {
domain = "auth.baduhai.dev";
origin = "https://auth.baduhai.dev";
bindaddress = "127.0.0.1:8443";
ldapbindaddress = "127.0.0.1:636";
trust_x_forward_for = true;
# Use self-signed certificates for internal TLS
tls_chain = "${kanidmCertDir}/cert.pem";
tls_key = "${kanidmCertDir}/key.pem";
};
clientSettings = {
uri = "https://auth.baduhai.dev";
};
};
services.nginx.virtualHosts = mkNginxVHosts {
domains."auth.baduhai.dev" = {
locations."/" = {
proxyPass = "https://127.0.0.1:8443";
extraConfig = ''
proxy_ssl_verify off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
'';
};
};
};
networking.firewall.allowedTCPPorts = [ 636 ];
# Generate self-signed certificates for kanidm's internal TLS
systemd.services.kanidm-generate-certs = {
description = "Generate self-signed TLS certificates for Kanidm";
wantedBy = [ "multi-user.target" ];
before = [ "kanidm.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
mkdir -p ${kanidmCertDir}
if [ ! -f ${kanidmCertDir}/key.pem ]; then
${pkgs.openssl}/bin/openssl req -x509 -newkey rsa:4096 \
-keyout ${kanidmCertDir}/key.pem \
-out ${kanidmCertDir}/cert.pem \
-days 3650 -nodes \
-subj "/CN=localhost" \
-addext "subjectAltName=DNS:localhost,IP:127.0.0.1"
chown -R kanidm:kanidm ${kanidmCertDir}
chmod 600 ${kanidmCertDir}/key.pem
chmod 644 ${kanidmCertDir}/cert.pem
fi
'';
};
# Ensure certificate generation runs before kanidm starts
systemd.services.kanidm = {
after = [ "kanidm-generate-certs.service" ];
wants = [ "kanidm-generate-certs.service" ];
};
}

7
aspects/hosts/_alexandria/nextcloud.nix
View file

@ -1,7 +1,8 @@
{ {
lib,
config, config,
inputs,
pkgs, pkgs,
inputs,
... ...
}: }:
@ -82,12 +83,12 @@ in
age.secrets = { age.secrets = {
"nextcloud-secrets.json" = { "nextcloud-secrets.json" = {
file = "${inputs.self}/secrets/nextcloud-secrets.json.age"; file = ../../../secrets/nextcloud-secrets.json.age;
owner = "nextcloud"; owner = "nextcloud";
group = "nextcloud"; group = "nextcloud";
}; };
nextcloud-adminpass = { nextcloud-adminpass = {
file = "${inputs.self}/secrets/nextcloud-adminpass.age"; file = ../../../secrets/nextcloud-adminpass.age;
owner = "nextcloud"; owner = "nextcloud";
group = "nextcloud"; group = "nextcloud";
}; };

2
aspects/hosts/_alexandria/nginx.nix
View file

@ -51,7 +51,7 @@ in
]; ];
age.secrets.cloudflare = { age.secrets.cloudflare = {
file = "${inputs.self}/secrets/cloudflare.age"; file = ../../../secrets/cloudflare.age;
owner = "nginx"; owner = "nginx";
group = "nginx"; group = "nginx";
}; };

27
aspects/hosts/_alexandria/open-webui.nix
View file

@ -1,27 +0,0 @@
{ lib, config, inputs, ... }:
let
mkNginxVHosts = inputs.self.lib.mkNginxVHosts;
in
{
nixpkgs.overlays = [
(final: prev: {
open-webui = (import inputs.nixpkgs {
inherit (prev) system;
config.allowUnfree = true;
}).open-webui;
})
];
services.open-webui = {
enable = true;
environment = {
SCARF_NO_ANALYTICS = "True";
DO_NOT_TRACK = "True";
ANONYMIZED_TELEMETRY = "False";
};
};
services.nginx.virtualHosts = mkNginxVHosts {
domains."ai.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8080/";
};
}

56
aspects/hosts/_alexandria/rss.nix
View file

@ -1,56 +0,0 @@
{ config, inputs, ... }:
let
mkNginxVHosts = inputs.self.lib.mkNginxVHosts;
in
{
services = {
miniflux = {
enable = true;
config = {
LISTEN_ADDR = "localhost:58000";
CREATE_ADMIN = 1;
FETCHER_ALLOW_PRIVATE_NETWORKS = 1;
POLLING_SCHEDULER = "entry_frequency";
SCHEDULER_ENTRY_FREQUENCY_MIN_INTERVAL = 60;
SCHEDULER_ENTRY_FREQUENCY_MAX_INTERVAL = 10080;
};
adminCredentialsFile = config.age.secrets.miniflux-admincreds.path;
createDatabaseLocally = true;
};
nginx.virtualHosts = mkNginxVHosts {
domains."rss.baduhai.dev".locations."/".proxyPass =
"http://${config.services.miniflux.config.LISTEN_ADDR}/";
domains."read.baduhai.dev".locations."/".proxyPass = "http://localhost:58001/";
};
};
virtualisation.oci-containers.containers.laterfeed = {
image = "reaperberri/laterfeed:latest";
ports = [
"58001:8000"
];
environment = {
PORT = "8000";
DATABASE_URL = "sqlite:/data/data.db";
BASE_URL = "https://read.baduhai.dev";
AUTH_TOKEN = "changeme";
};
volumes = [
"/var/lib/laterfeed:/data"
];
autoStart = true;
};
systemd.tmpfiles.rules = [
"d /var/lib/laterfeed 0755 root root -"
];
age.secrets.miniflux-admincreds = {
file = "${inputs.self}/secrets/miniflux-admincreds.age";
owner = "miniflux";
group = "miniflux";
};
}

20
aspects/hosts/_alexandria/silverbullet.nix
View file

@ -1,20 +0,0 @@
{ config, inputs, ... }:
let
mkNginxVHosts = inputs.self.lib.mkNginxVHosts;
in
{
services = {
silverbullet = {
enable = true;
listenAddress = "127.0.0.1";
listenPort = 58002;
};
nginx.virtualHosts = mkNginxVHosts {
domains."notes.baduhai.dev".locations."/".proxyPass =
"http://${config.services.silverbullet.listenAddress}:${toString config.services.silverbullet.listenPort}/";
};
};
}

3
aspects/hosts/_alexandria/unbound.nix
View file

@ -34,7 +34,8 @@ in
# LAN-only DNS records # LAN-only DNS records
local-zone = ''"baduhai.dev." transparent''; local-zone = ''"baduhai.dev." transparent'';
local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') (lib.filter (e: e.lanIP != null) services); local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'')
(lib.filter (e: e.lanIP != null) services);
}; };
forward-zone = [ forward-zone = [

10
aspects/hosts/_rotterdam/boot.nix
View file

@ -28,14 +28,4 @@ in
''; '';
}; };
}; };
systemd.services.disable-gpp0-wakeup = {
description = "Disable GPP0 wakeup trigger to fix Aorus B550 sleep";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.bash}/bin/bash -c 'if grep -q \"GPP0.*enabled\" /proc/acpi/wakeup; then echo GPP0 > /proc/acpi/wakeup; fi'";
RemainAfterExit = true;
};
};
} }

5
aspects/hosts/_rotterdam/programs.nix
View file

@ -25,10 +25,7 @@ let
in in
{ {
environment.systemPackages = [ environment.systemPackages = [ reboot-into-qubes ];
reboot-into-qubes
pkgs.kdePackages.krdp
];
programs.steam.dedicatedServer.openFirewall = true; programs.steam.dedicatedServer.openFirewall = true;
} }

11
aspects/hosts/_rotterdam/services.nix Normal file
View file

@ -0,0 +1,11 @@
{
services.keyd = {
enable = true;
keyboards.main = {
ids = [ "5653:0001" ];
settings.main = {
esc = "overload(meta, esc)";
};
};
};
}

7
aspects/hosts/_trantor/forgejo.nix
View file

@ -21,8 +21,6 @@ in
ROOT_URL = "https://git.baduhai.dev"; ROOT_URL = "https://git.baduhai.dev";
OFFLINE_MODE = true; # disable use of CDNs OFFLINE_MODE = true; # disable use of CDNs
SSH_DOMAIN = "git.baduhai.dev"; SSH_DOMAIN = "git.baduhai.dev";
SSH_USER = "forgejo";
SSH_PORT = lib.head config.services.openssh.ports;
}; };
log.LEVEL = "Warn"; log.LEVEL = "Warn";
mailer.ENABLED = false; mailer.ENABLED = false;
@ -69,8 +67,5 @@ in
}; };
# Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories # Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories
systemd.services.forgejo.serviceConfig = { systemd.services.forgejo.serviceConfig.PrivateMounts = lib.mkForce false;
PrivateMounts = lib.mkForce false;
ProtectSystem = lib.mkForce false;
};
} }

8
aspects/hosts/_trantor/nginx.nix
View file

@ -8,8 +8,12 @@
let let
services = inputs.self.services; services = inputs.self.services;
localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "trantor") services)); # Get all unique domains from shared services on trantor (host = "trantor")
localDomains = lib.unique (
map (s: s.domain) (lib.filter (s: s.host == "trantor") services)
);
# Generate ACME cert configs for all local domains
acmeCerts = lib.genAttrs localDomains (domain: { acmeCerts = lib.genAttrs localDomains (domain: {
group = "nginx"; group = "nginx";
}); });
@ -49,7 +53,7 @@ in
]; ];
age.secrets.cloudflare = { age.secrets.cloudflare = {
file = "${inputs.self}/secrets/cloudflare.age"; file = ../../../secrets/cloudflare.age;
owner = "nginx"; owner = "nginx";
group = "nginx"; group = "nginx";
}; };

43
aspects/hosts/_trantor/pocket-id.nix
View file

@ -1,43 +0,0 @@
{
config,
lib,
inputs,
...
}:
let
mkNginxVHosts = inputs.self.lib.mkNginxVHosts;
in
{
services.pocket-id = {
enable = true;
environmentFile = config.age.secrets.pocket-id-key.path;
settings = {
APP_URL = "https://auth.baduhai.dev";
TRUST_PROXY = true;
ANALYTICS_DISABLED = true;
};
};
services.nginx.virtualHosts = mkNginxVHosts {
domains."auth.baduhai.dev".locations."/".proxyPass = "http://localhost:1411/";
};
age.secrets.pocket-id-key = {
file = "${inputs.self}/secrets/pocket-id.key.age";
};
environment.persistence.main.directories = [
{
directory = config.services.pocket-id.dataDir;
inherit (config.services.pocket-id) user group;
mode = "0700";
}
];
systemd.services.pocket-id.serviceConfig = {
PrivateMounts = lib.mkForce false;
ProtectSystem = lib.mkForce false;
};
}

61
aspects/hosts/alexandria.nix
View file

@ -1,19 +1,50 @@
{ inputs, ... }: { inputs, self, ... }:
let
mkHost = inputs.self.lib.mkHost;
in
{ {
flake.nixosConfigurations.alexandria = mkHost { flake.nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem {
hostname = "alexandria"; system = "x86_64-linux";
nixpkgs = inputs.nixpkgs-stable; specialArgs = { inherit inputs; };
extraModules = with inputs.self.modules.nixos; [ modules = [
# base aspects inputs.agenix.nixosModules.default
server { networking.hostName = "alexandria"; }
# other aspects {
fwupd nixpkgs.overlays = [
podman inputs.agenix.overlays.default
inputs.self.overlays.default
];
}
# Common aspects (always included)
inputs.self.modules.nixos.common-boot
inputs.self.modules.nixos.common-console
inputs.self.modules.nixos.common-firewall
inputs.self.modules.nixos.common-locale
inputs.self.modules.nixos.common-nix
inputs.self.modules.nixos.common-openssh
inputs.self.modules.nixos.common-programs
inputs.self.modules.nixos.common-security
inputs.self.modules.nixos.common-services
inputs.self.modules.nixos.common-tailscale
# User aspects
inputs.self.modules.nixos.user
inputs.self.modules.nixos.root
# Server aspects
inputs.self.modules.nixos.server-boot
inputs.self.modules.nixos.server-nix
inputs.self.modules.nixos.server-tailscale
# Other aspects based on tags
inputs.self.modules.nixos.fwupd
# Host-specific files (from _alexandria/)
./_alexandria/hardware-configuration.nix
./_alexandria/jellyfin.nix
./_alexandria/kanidm.nix
./_alexandria/nextcloud.nix
./_alexandria/nginx.nix
./_alexandria/unbound.nix
./_alexandria/vaultwarden.nix
]; ];
}; };
} }

74
aspects/hosts/io.nix
View file

@ -1,23 +1,59 @@
{ inputs, ... }: { inputs, self, ... }:
let
mkHost = inputs.self.lib.mkHost;
in
{ {
flake.nixosConfigurations.io = mkHost { flake.nixosConfigurations.io = inputs.nixpkgs.lib.nixosSystem {
hostname = "io"; system = "x86_64-linux";
ephemeralRootDev = "/dev/mapper/cryptroot"; specialArgs = { inherit inputs; };
extraModules = with inputs.self.modules.nixos; [ modules = [
# base aspects inputs.agenix.nixosModules.default
desktop { networking.hostName = "io"; }
# other aspects {
ai nixpkgs.overlays = [
bluetooth inputs.agenix.overlays.default
dev inputs.self.overlays.default
kde ];
networkmanager }
podman
# Common aspects (always included)
inputs.self.modules.nixos.common-boot
inputs.self.modules.nixos.common-console
inputs.self.modules.nixos.common-firewall
inputs.self.modules.nixos.common-locale
inputs.self.modules.nixos.common-nix
inputs.self.modules.nixos.common-openssh
inputs.self.modules.nixos.common-programs
inputs.self.modules.nixos.common-security
inputs.self.modules.nixos.common-services
inputs.self.modules.nixos.common-tailscale
# User aspects
inputs.self.modules.nixos.user
inputs.self.modules.nixos.root
# Desktop aspects
inputs.self.modules.nixos.desktop-boot
inputs.self.modules.nixos.desktop-desktop
inputs.self.modules.nixos.desktop-nix
inputs.self.modules.nixos.desktop-services
# Other aspects based on tags
inputs.self.modules.nixos.ai
inputs.self.modules.nixos.bluetooth
inputs.self.modules.nixos.dev
inputs.self.modules.nixos.libvirtd
inputs.self.modules.nixos.networkmanager
inputs.self.modules.nixos.podman
# Factory-generated ephemeral module
(inputs.self.factory.ephemeral {
rootDevice = "/dev/mapper/cryptroot";
})
# Host-specific files (from _io/)
./_io/hardware-configuration.nix
./_io/disko.nix
./_io/boot.nix
./_io/programs.nix
./_io/services.nix
]; ];
}; };
} }

79
aspects/hosts/rotterdam.nix
View file

@ -1,25 +1,64 @@
{ inputs, ... }: { inputs, ... }:
let
mkHost = inputs.self.lib.mkHost;
in
{ {
flake.nixosConfigurations.rotterdam = mkHost { flake.nixosConfigurations.rotterdam = inputs.nixpkgs.lib.nixosSystem {
hostname = "rotterdam"; system = "x86_64-linux";
ephemeralRootDev = "/dev/mapper/cryptroot"; specialArgs = { inherit inputs; };
extraModules = with inputs.self.modules.nixos; [ modules = [
# base aspects inputs.agenix.nixosModules.default
desktop { networking.hostName = "rotterdam"; }
gaming {
# other aspects nixpkgs.overlays = [
ai inputs.agenix.overlays.default
bluetooth inputs.self.overlays.default
dev ];
fwupd }
kde
networkmanager # Common aspects (always included)
podman inputs.self.modules.nixos.common-boot
inputs.self.modules.nixos.common-console
inputs.self.modules.nixos.common-firewall
inputs.self.modules.nixos.common-locale
inputs.self.modules.nixos.common-nix
inputs.self.modules.nixos.common-openssh
inputs.self.modules.nixos.common-programs
inputs.self.modules.nixos.common-security
inputs.self.modules.nixos.common-services
inputs.self.modules.nixos.common-tailscale
# User aspects
inputs.self.modules.nixos.user
inputs.self.modules.nixos.root
# Desktop aspects
inputs.self.modules.nixos.desktop-boot
inputs.self.modules.nixos.desktop-desktop
inputs.self.modules.nixos.desktop-nix
inputs.self.modules.nixos.desktop-services
# Other aspects based on tags
inputs.self.modules.nixos.ai
inputs.self.modules.nixos.bluetooth
inputs.self.modules.nixos.dev
inputs.self.modules.nixos.fwupd
inputs.self.modules.nixos.gaming-steam
inputs.self.modules.nixos.gaming-hardware
inputs.self.modules.nixos.gaming-flatpak
inputs.self.modules.nixos.gaming-launchers
inputs.self.modules.nixos.libvirtd
inputs.self.modules.nixos.networkmanager
inputs.self.modules.nixos.podman
# Factory-generated ephemeral module
(inputs.self.factory.ephemeral {
rootDevice = "/dev/mapper/cryptroot";
})
# Host-specific files (from _rotterdam/)
./_rotterdam/hardware-configuration.nix
./_rotterdam/boot.nix
./_rotterdam/hardware.nix
./_rotterdam/programs.nix
./_rotterdam/services.nix
]; ];
}; };
} }

62
aspects/hosts/trantor.nix
View file

@ -1,18 +1,54 @@
{ inputs, ... }: { inputs, self, ... }:
let
mkHost = inputs.self.lib.mkHost;
in
{ {
flake.nixosConfigurations.trantor = mkHost { flake.nixosConfigurations.trantor = inputs.nixpkgs-stable.lib.nixosSystem {
hostname = "trantor";
system = "aarch64-linux"; system = "aarch64-linux";
nixpkgs = inputs.nixpkgs-stable; specialArgs = { inherit inputs; };
ephemeralRootDev = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; modules = [
extraModules = with inputs.self.modules.nixos; [ inputs.agenix.nixosModules.default
# base aspects { networking.hostName = "trantor"; }
server {
nixpkgs.overlays = [
inputs.agenix.overlays.default
inputs.self.overlays.default
];
}
# Common aspects (always included)
inputs.self.modules.nixos.common-boot
inputs.self.modules.nixos.common-console
inputs.self.modules.nixos.common-firewall
inputs.self.modules.nixos.common-locale
inputs.self.modules.nixos.common-nix
inputs.self.modules.nixos.common-openssh
inputs.self.modules.nixos.common-programs
inputs.self.modules.nixos.common-security
inputs.self.modules.nixos.common-services
inputs.self.modules.nixos.common-tailscale
# User aspects
inputs.self.modules.nixos.user
inputs.self.modules.nixos.root
# Server aspects
inputs.self.modules.nixos.server-boot
inputs.self.modules.nixos.server-nix
inputs.self.modules.nixos.server-tailscale
# Factory-generated ephemeral module
(inputs.self.factory.ephemeral {
rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2";
})
# Host-specific files (from _trantor/)
./_trantor/hardware-configuration.nix
./_trantor/disko.nix
./_trantor/boot.nix
./_trantor/fail2ban.nix
./_trantor/forgejo.nix
./_trantor/networking.nix
./_trantor/nginx.nix
./_trantor/openssh.nix
./_trantor/unbound.nix
]; ];
}; };
} }

35
aspects/libvirtd.nix
View file

@ -1,25 +1,18 @@
{ ... }: { ... }:
{ {
flake.modules.nixos.libvirtd = flake.modules.nixos.libvirtd = { config, lib, pkgs, ... }: {
{ virtualisation = {
config, libvirtd.enable = true;
lib, spiceUSBRedirection.enable = true;
pkgs,
...
}:
{
virtualisation = {
libvirtd.enable = true;
spiceUSBRedirection.enable = true;
};
programs.virt-manager.enable = true;
networking.firewall.trustedInterfaces = [ "virbr0" ];
users.users.user.extraGroups = [
"libvirt"
"libvirtd"
];
}; };
programs.virt-manager.enable = true;
networking.firewall.trustedInterfaces = [ "virbr0" ];
users.users.user.extraGroups = [
"libvirt"
"libvirtd"
];
};
} }

22
aspects/lxc.nix
View file

@ -1,22 +0,0 @@
{ ... }:
{
flake.modules.nixos.lxc =
{
config,
lib,
pkgs,
...
}:
{
virtualisation = {
lxc = {
enable = true;
unprivilegedContainers = true;
};
incus.enable = true;
};
users.users.user.extraGroups = [ "incus-admin" ];
};
}

18
aspects/networkmanager.nix
View file

@ -1,15 +1,11 @@
{ ... }: { ... }:
{ {
flake.modules.nixos.networkmanager = flake.modules.nixos.networkmanager = { config, lib, pkgs, ... }: {
{ networking.networkmanager = {
config, enable = true;
lib, wifi.backend = "iwd";
pkgs,
...
}:
{
networking.networkmanager.enable = true;
users.users.user.extraGroups = [ "networkmanager" ];
}; };
users.users.user.extraGroups = [ "networkmanager" ];
};
} }

2
aspects/desktop/graphics.nix → aspects/programs/graphics.nix
View file

@ -1,7 +1,7 @@
{ ... }: { ... }:
{ {
flake.modules.nixos.graphics = flake.modules.nixos.programs-graphics =
{ pkgs, ... }: { pkgs, ... }:
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

9
aspects/desktop/media.nix → aspects/programs/media.nix
View file

@ -2,17 +2,18 @@
{ {
flake.modules = { flake.modules = {
nixos.media = nixos.programs-media =
{ pkgs, ... }: { pkgs, ... }:
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
mpv decibels
loupe
obs-studio obs-studio
qview showtime
]; ];
}; };
homeManager.media = homeManager.programs-media =
{ pkgs, ... }: { pkgs, ... }:
{ {
programs.obs-studio = { programs.obs-studio = {

5
aspects/desktop/office.nix → aspects/programs/office.nix
View file

@ -1,7 +1,7 @@
{ ... }: { ... }:
{ {
flake.modules.nixos.office = flake.modules.nixos.programs-office =
{ pkgs, ... }: { pkgs, ... }:
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -10,8 +10,7 @@
aspellDicts.en aspellDicts.en
aspellDicts.en-computers aspellDicts.en-computers
aspellDicts.pt_BR aspellDicts.pt_BR
glow papers
kwrite
presenterm presenterm
rnote rnote
]; ];

62
aspects/programs/utilities.nix Normal file
View file

@ -0,0 +1,62 @@
{ ... }:
{
flake.modules = {
nixos.programs-utilities =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
ghostty
gnome-disk-utility
mission-center
nautilus
p7zip
rclone
unrar
# Desktop Integration
adwaita-icon-theme
junction
libfido2
toggleaudiosink
# Xwayland Support
xwayland-satellite
];
services.flatpak.packages = [
"com.github.tchx84.Flatseal"
"com.rustdesk.RustDesk"
];
};
homeManager.programs-utilities =
{ pkgs, ... }:
{
programs = {
ghostty = {
enable = true;
settings = {
cursor-style = "block";
shell-integration-features = "no-cursor";
cursor-style-blink = false;
custom-shader = "${builtins.fetchurl {
url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl";
sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41";
}}";
bell-features = "";
gtk-titlebar-style = "tabs";
keybind = [ "shift+enter=text:\\x1b\\r" ];
};
};
password-store = {
enable = true;
package = pkgs.pass-wayland;
};
};
home.sessionVariables = {
TERMINAL = "ghostty";
};
};
};
}

11
aspects/desktop/web.nix → aspects/programs/web.nix
View file

@ -1,21 +1,20 @@
{ ... }: { ... }:
{ {
flake.modules.nixos.web = flake.modules.nixos.programs-web =
{ {
inputs, inputs,
pkgs, pkgs,
system,
... ...
}: }:
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
inputs.zen-browser.packages."${pkgs.stdenv.hostPlatform.system}".default inputs.zen-browser.packages."${system}".default
amnesiac-brave
beeper
bitwarden-desktop bitwarden-desktop
qbittorrent fragments
nextcloud-client nextcloud-client
ungoogled-chromium tor-browser
vesktop vesktop
]; ];
}; };

7
aspects/server/boot.nix Normal file
View file

@ -0,0 +1,7 @@
# aspects/server/boot.nix
{ ... }:
{
flake.modules.nixos.server-boot = { config, lib, pkgs, ... }: {
boot.kernelPackages = pkgs.linuxPackages_hardened;
};
}

15
aspects/server/nix.nix Normal file
View file

@ -0,0 +1,15 @@
# aspects/server/nix.nix
{ inputs, ... }:
{
flake.modules.nixos.server-nix = { config, lib, pkgs, ... }: {
environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath;
nix = {
registry.nixpkgs.flake = inputs.nixpkgs-stable;
nixPath = [
"nixpkgs=/etc/channels/nixpkgs"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
};
}

15
aspects/server/tailscale.nix Normal file
View file

@ -0,0 +1,15 @@
# aspects/server/tailscale.nix
{ ... }:
{
flake.modules.nixos.server-tailscale = { config, lib, pkgs, ... }: {
services.tailscale = {
extraSetFlags = [ "--advertise-exit-node" ];
useRoutingFeatures = "server";
};
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
};
}

9
aspects/shell/bash.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
flake.modules.homeManager.shell-bash = { config, lib, pkgs, ... }: {
programs.bash = {
enable = true;
historyFile = "~/.cache/bash_history";
};
};
}

33
aspects/shell/fish.nix Normal file
View file

@ -0,0 +1,33 @@
{ ... }:
{
flake.modules.homeManager.shell-fish = { config, lib, pkgs, ... }: {
programs.fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting
${lib.getExe pkgs.nix-your-shell} fish | source
'';
loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source";
plugins = [
{
name = "bang-bang";
src = pkgs.fetchFromGitHub {
owner = "oh-my-fish";
repo = "plugin-bang-bang";
rev = "f969c618301163273d0a03d002614d9a81952c1e";
sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ=";
};
}
{
name = "z";
src = pkgs.fetchFromGitHub {
owner = "jethrokuan";
repo = "z";
rev = "067e867debee59aee231e789fc4631f80fa5788e";
sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU=";
};
}
];
};
};
}

15
aspects/stylix.nix
View file

@ -1,5 +1,4 @@
{ ... }: { ... }:
{ {
flake.modules = { flake.modules = {
nixos.stylix = nixos.stylix =
@ -16,7 +15,10 @@
... ...
}: }:
{ {
imports = [ inputs.stylix.homeModules.stylix ]; imports = [
inputs.stylix.homeModules.stylix
inputs.zen-browser.homeModules.beta
];
stylix = { stylix = {
enable = true; enable = true;
@ -63,6 +65,15 @@
terminal = 12; terminal = 12;
}; };
}; };
targets.zen-browser = {
enable = true;
profileNames = [ "william" ];
};
};
programs.zen-browser = {
enable = true;
profiles.william = { };
}; };
}; };
}; };

57
aspects/systems/base.nix
View file

@ -1,57 +0,0 @@
{ inputs, ... }:
{
flake.modules = {
nixos.base =
{ lib, pkgs, ... }:
{
imports = with inputs.self.modules.nixos; [
boot
console
firewall
fish
locale
nix
security
ssh
zsh
];
environment = {
systemPackages = with pkgs; [
git
fastfetch
nixos-firewall-tool
sysz
wget
];
shellAliases = {
cat = "${lib.getExe pkgs.bat} --paging=never --style=plain";
ls = "${lib.getExe pkgs.eza} --git --icons --group-directories-first";
la = "ls -hal";
tree = "ls --tree";
};
};
programs.command-not-found.enable = false;
services = {
dbus.implementation = "broker";
irqbalance.enable = true;
fstrim.enable = true;
tailscale = {
enable = true;
extraUpFlags = [ "--operator=user" ];
};
};
};
homeManager.base =
{ ... }:
{
imports = with inputs.self.modules.homeManager; [
bash
fish
zsh
];
};
};
}

38
aspects/systems/cli.nix
View file

@ -1,38 +0,0 @@
{ inputs, ... }:
{
flake.modules = {
nixos.cli =
{ pkgs, ... }:
{
imports = with inputs.self.modules.nixos; [
btop
helix
tmux
];
environment.systemPackages = with pkgs; [
p7zip
rclone
];
};
homeManager.cli =
{ ... }:
{
imports = with inputs.self.modules.homeManager; [
btop
comma
direnv
helix
hm-cli
starship
tmux
];
programs.zoxide = {
enable = true;
enableBashIntegration = true;
enableZshIntegration = true;
};
};
};
}

165
aspects/systems/desktop.nix
View file

@ -1,165 +0,0 @@
{
inputs,
...
}:
{
flake.modules = {
nixos.desktop =
{
config,
lib,
pkgs,
...
}:
{
imports = [
inputs.nix-flatpak.nixosModules.nix-flatpak
]
++ (with inputs.self.modules.nixos; [
graphics
media
office
web
]);
boot = {
plymouth.enable = true;
initrd.systemd.enable = true;
loader.efi.efiSysMountPoint = "/boot/efi";
kernelPackages = pkgs.linuxPackages_xanmod_latest;
extraModprobeConfig = ''
options bluetooth disable_ertm=1
'';
kernel.sysctl = {
"net.ipv4.tcp_mtu_probing" = 1;
};
kernelParams = [
"quiet"
"splash"
"i2c-dev"
"i2c-piix4"
"loglevel=3"
"udev.log_priority=3"
"rd.udev.log_level=3"
"rd.systemd.show_status=false"
];
};
nix = {
registry.nixpkgs.flake = inputs.nixpkgs;
nixPath = [
"nixpkgs=${inputs.nixpkgs}"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
environment = {
etc."channels/nixpkgs".source = inputs.nixpkgs.outPath;
sessionVariables = {
KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir
NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland
};
systemPackages = with pkgs; [
libfido2
mission-center
toggleaudiosink
unrar
];
};
services = {
printing.enable = true;
udev.packages = with pkgs; [ yubikey-personalization ];
keyd = {
enable = true;
keyboards = {
all = {
ids = [ "*" ];
settings.main.capslock = "overload(meta, esc)";
};
corne = {
ids = [ "5653:0001" ];
settings.main = {
esc = "overload(meta, esc)";
};
};
};
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
wireplumber.enable = true;
};
displayManager.autoLogin = {
enable = true;
user = "user";
};
flatpak = {
enable = true;
packages = [
"com.github.tchx84.Flatseal"
"com.rustdesk.RustDesk"
];
uninstallUnmanaged = true;
update.auto.enable = true;
};
gvfs.enable = true;
};
security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority
programs = {
dconf.enable = true;
appimage = {
enable = true;
binfmt = true;
};
};
fonts = {
fontDir.enable = true;
packages = with pkgs; [
corefonts
inter
nerd-fonts.fira-code
noto-fonts-cjk-sans
noto-fonts-color-emoji
roboto
];
};
};
homeManager.desktop =
{
config,
lib,
pkgs,
inputs,
...
}:
{
imports = [
inputs.vicinae.homeManagerModules.default
]
++ (with inputs.self.modules.homeManager; [ media ]);
fonts.fontconfig.enable = true;
services.vicinae = {
enable = true;
systemd = {
enable = true;
autoStart = true;
};
};
xdg = {
enable = true;
userDirs.enable = true;
};
};
};
}

48
aspects/systems/gaming.nix
View file

@ -1,48 +0,0 @@
{ inputs, ... }:
{
flake.modules = {
nixos.gaming =
{ pkgs, ... }:
{
imports = with inputs.self.modules.nixos; [
mangohud
steam
];
hardware = {
xpadneo.enable = true;
steam-hardware.enable = true; # Allow steam client to manage controllers
graphics.enable32Bit = true; # For OpenGL games
};
services.flatpak.packages = [
"com.github.k4zmu2a.spacecadetpinball"
"io.itch.itch"
"io.mrarm.mcpelauncher"
"net.retrodeck.retrodeck"
"org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08"
rec {
appId = "com.hypixel.HytaleLauncher";
sha256 = "uu7FA36M4wSqDXRF1fFNla8S5MjL1N1kZi4gwbpw1oY=";
bundle = "${pkgs.fetchurl {
url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak";
inherit sha256;
}}";
}
];
environment.systemPackages = with pkgs; [
clonehero
heroic
prismlauncher
];
};
homeManager.gaming =
{ ... }:
{
imports = with inputs.self.modules.homeManager; [
mangohud
];
};
};
}

39
aspects/systems/server.nix
View file

@ -1,39 +0,0 @@
{ inputs, ... }:
{
flake.modules.nixos.server =
{
config,
lib,
pkgs,
...
}:
{
boot = {
kernelPackages = pkgs.linuxPackages_hardened;
kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
};
environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath;
nix = {
registry.nixpkgs.flake = inputs.nixpkgs-stable;
nixPath = [
"nixpkgs=/etc/channels/nixpkgs"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
services = {
tailscale = {
extraSetFlags = [ "--advertise-exit-node" ];
useRoutingFeatures = "server";
};
logrotate.checkConfig = false;
};
};
}

2
aspects/users/_user/git.nix
View file

@ -1,4 +1,4 @@
{ ... }: { pkgs, ... }:
{ {
programs = { programs = {

115
aspects/users/user.nix
View file

@ -1,8 +1,4 @@
{ inputs, ... }: { inputs, self, ... }:
let
mkHomeConfiguration = inputs.self.lib.mkHomeConfiguration;
in
{ {
flake = { flake = {
@ -11,7 +7,7 @@ in
{ {
users.users.user = { users.users.user = {
isNormalUser = true; isNormalUser = true;
shell = pkgs.zsh; shell = pkgs.fish;
extraGroups = [ extraGroups = [
"networkmanager" "networkmanager"
"wheel" "wheel"
@ -24,30 +20,97 @@ in
hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0";
}; };
}; };
homeConfigurations = {
"user@rotterdam" = mkHomeConfiguration {
user = "user";
hostname = "rotterdam";
userModules = with inputs.self.modules.homeManager; [
# system aspects
desktop
gaming
# other aspects homeConfigurations = {
ai "user@rotterdam" = inputs.home-manager.lib.homeManagerConfiguration {
kde pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = {
inherit inputs;
hostname = "rotterdam";
};
modules = [
{ nixpkgs.overlays = [ inputs.self.overlays.default ]; }
# CLI aspects (common module included)
inputs.self.modules.homeManager.cli-base
inputs.self.modules.homeManager.cli-btop
inputs.self.modules.homeManager.cli-comma
inputs.self.modules.homeManager.cli-direnv
inputs.self.modules.homeManager.cli-helix
inputs.self.modules.homeManager.cli-starship
inputs.self.modules.homeManager.cli-tmux
# Shell
inputs.self.modules.homeManager.shell-fish
inputs.self.modules.homeManager.shell-bash
# Desktop
inputs.self.modules.homeManager.desktop-desktop
inputs.self.modules.homeManager.desktop-niri
# Gaming
inputs.self.modules.homeManager.gaming-mangohud
# Programs
inputs.self.modules.homeManager.programs-media # for obs-studio
# Stylix
inputs.self.modules.homeManager.stylix
# User-specific (from _user/)
./_user/git.nix
# Home configuration
{
home = {
username = "user";
homeDirectory = "/home/user";
stateVersion = "22.05";
};
}
]; ];
}; };
"user@io" = mkHomeConfiguration {
user = "user";
hostname = "io";
userModules = with inputs.self.modules.homeManager; [
# system aspects
desktop
# other aspects "user@io" = inputs.home-manager.lib.homeManagerConfiguration {
ai pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
kde extraSpecialArgs = {
inherit inputs;
hostname = "io";
};
modules = [
{ nixpkgs.overlays = [ inputs.self.overlays.default ]; }
# CLI aspects (common module included)
inputs.self.modules.homeManager.cli-base
inputs.self.modules.homeManager.cli-btop
inputs.self.modules.homeManager.cli-comma
inputs.self.modules.homeManager.cli-direnv
inputs.self.modules.homeManager.cli-helix
inputs.self.modules.homeManager.cli-starship
inputs.self.modules.homeManager.cli-tmux
# Shell
inputs.self.modules.homeManager.shell-fish
inputs.self.modules.homeManager.shell-bash
# Desktop
inputs.self.modules.homeManager.desktop-desktop
inputs.self.modules.homeManager.desktop-niri
# Stylix
inputs.self.modules.homeManager.stylix
# User-specific (from _user/)
./_user/git.nix
# Home configuration
{
home = {
username = "user";
homeDirectory = "/home/user";
stateVersion = "22.05";
};
}
]; ];
}; };
}; };

31
data/services.nix
View file

@ -12,6 +12,11 @@
}; };
services = [ services = [
{
name = "kanidm";
domain = "auth.baduhai.dev";
host = "alexandria";
}
{ {
name = "vaultwarden"; name = "vaultwarden";
domain = "pass.baduhai.dev"; domain = "pass.baduhai.dev";
@ -33,31 +38,5 @@
domain = "jellyfin.baduhai.dev"; domain = "jellyfin.baduhai.dev";
host = "alexandria"; host = "alexandria";
} }
{
name = "miniflux";
domain = "rss.baduhai.dev";
host = "alexandria";
}
{
name = "laterfeed";
domain = "read.baduhai.dev";
host = "alexandria";
}
{
name = "pocket-id";
domain = "auth.baduhai.dev";
host = "trantor";
public = true;
}
{
name = "silverbullet";
domain = "notes.baduhai.dev";
host = "alexandria";
}
{
name = "open-webui";
domain = "ai.baduhai.dev";
host = "alexandria";
}
]; ];
} }

672
flake.lock generated
View file

File diff suppressed because it is too large Load diff

4
flake.nix
View file

@ -26,6 +26,7 @@
stylix.url = "github:danth/stylix"; stylix.url = "github:danth/stylix";
# nixos/hm program modules # nixos/hm program modules
niri-flake.url = "github:sodiboo/niri-flake";
nix-ai-tools.url = "github:numtide/llm-agents.nix"; nix-ai-tools.url = "github:numtide/llm-agents.nix";
nix-index-database = { nix-index-database = {
url = "github:nix-community/nix-index-database"; url = "github:nix-community/nix-index-database";
@ -43,6 +44,9 @@
url = "github:terranix/terranix"; url = "github:terranix/terranix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# others
niri.url = "github:baduhai/niri/auto-center-when-space-available";
}; };
outputs = outputs =

188
packages/amnesiac-brave.nix
View file

@ -1,188 +0,0 @@
{ ... }:
{
perSystem =
{
pkgs,
lib,
...
}:
let
# Managed policy (enforced, user cannot override)
brave-policy = pkgs.writeTextFile {
name = "brave-managed-policy.json";
destination = "/etc/brave/policies/managed/policy.json";
text = builtins.toJSON {
# ── Startup / UI ────────────────────────────────────────────────
DefaultBrowserSettingEnabled = false; # Never ask to set as default
PromotionalTabsEnabled = false; # No welcome/promo pages
RestoreOnStartup = 5; # Open new tab on startup
NewTabPageLocation = "about:blank"; # New tab = blank page
BookmarkBarEnabled = false; # Never show bookmarks bar
# ── Search engine ───────────────────────────────────────────────
DefaultSearchProviderEnabled = true;
DefaultSearchProviderName = "Google";
DefaultSearchProviderSearchURL = "https://www.google.com/search?q={searchTerms}";
DefaultSearchProviderSuggestURL = "https://www.google.com/complete/search?client=chrome&q={searchTerms}";
# ── HTTPS ────────────────────────────────────────────────────────
HttpsOnlyMode = "force_enabled"; # Strict HTTPS upgrade
# ── Cookies ──────────────────────────────────────────────────────
DefaultCookiesSetting = 1; # Allow all cookies
# ── Passwords / Autofill ─────────────────────────────────────────
PasswordManagerEnabled = false;
AutofillAddressEnabled = false;
AutofillCreditCardEnabled = false;
PaymentMethodQueryEnabled = false;
# ── Background running ───────────────────────────────────────────
BackgroundModeEnabled = false;
# ── Clear data on exit ───────────────────────────────────────────
ClearBrowsingDataOnExitList = [
"browsing_history"
"download_history"
"cookies_and_other_site_data"
"cached_images_and_files"
"password_signin"
"autofill"
"site_settings"
"hosted_app_data"
];
# ── Brave data collection / telemetry ────────────────────────────
BraveP3AEnabled = false; # Product analytics
BraveStatsPingEnabled = false; # Usage ping
BraveWebDiscoveryEnabled = false; # Web discovery project
MetricsReportingEnabled = false; # Chromium UMA metrics
SafeBrowsingEnabled = false;
SafeBrowsingExtendedReportingEnabled = false;
SafeBrowsingDeepScanningEnabled = false;
SearchSuggestEnabled = false;
# ── Web3 / Crypto ────────────────────────────────────────────────
BraveWalletDisabled = true;
BraveRewardsDisabled = true;
BraveVPNDisabled = true;
TorDisabled = true;
# ── Leo / AI ─────────────────────────────────────────────────────
BraveAIChatEnabled = false;
# ── Other Brave features ─────────────────────────────────────────
BraveTalkDisabled = true;
# ── Privacy Sandbox (Chromium) ───────────────────────────────────
PrivacySandboxPromptEnabled = false;
PrivacySandboxAdTopicsEnabled = false;
PrivacySandboxSiteEnabledAdsEnabled = false;
PrivacySandboxAdMeasurementEnabled = false;
# ── Misc Chromium ────────────────────────────────────────────────
WebRtcEventLogCollectionAllowed = false;
EnableMediaRouter = false;
};
};
# Seeded Preferences (first-run defaults, user can override)
# These keys have no policy or CLI equivalent. Brave writes over this
# file at runtime so this only sets the initial state on a fresh profile.
brave-prefs = pkgs.writeText "brave-initial-prefs.json" (
builtins.toJSON {
brave = {
tabs.vertical_tabs_enabled = true;
sidebar.sidebar_show_option = 3;
window_closing_confirm = false;
};
browser.custom_chrome_frame = true;
tab_hover_cards.tab_hover_card_images_enabled = true;
}
);
brave-launcher = pkgs.writeShellScriptBin "brave" ''
RUNTIME_DIR="/tmp/brave-$$"
CONFIG_DIR="$RUNTIME_DIR/config/BraveSoftware"
CACHE_DIR="$RUNTIME_DIR/cache/BraveSoftware"
POLICY="${brave-policy}/etc/brave/policies/managed/policy.json"
mkdir -p "$CONFIG_DIR/Brave-Browser/Default"
mkdir -p "$CACHE_DIR"
cp ${brave-prefs} "$CONFIG_DIR/Brave-Browser/Default/Preferences"
chmod 600 "$CONFIG_DIR/Brave-Browser/Default/Preferences"
trap 'rm -rf "$RUNTIME_DIR"' EXIT
${pkgs.bubblewrap}/bin/bwrap \
--ro-bind /nix/store /nix/store \
--ro-bind /etc/fonts /etc/fonts \
--bind "$CONFIG_DIR" "$HOME/.config/BraveSoftware" \
--bind "$CACHE_DIR" "$HOME/.cache/BraveSoftware" \
--ro-bind "$POLICY" /etc/brave/policies/managed/policy.json \
--dev /dev \
--proc /proc \
--tmpfs /tmp \
--bind /run /run \
--die-with-parent \
-- ${pkgs.brave}/bin/brave --no-first-run "$@"
'';
brave-desktop = pkgs.writeTextFile {
name = "amnesiac-brave.desktop";
destination = "/share/applications/amnesiac-brave.desktop";
text = "[Desktop Entry]
Version=1.0
Name=Amnesiac Brave
GenericName=Amnesiac Web Browser
Comment=Access the internet, leave no trace on your system
Exec=@BRAVE_WRAPPER@ %U
StartupNotify=true
Icon=amnesiac-brave
Type=Application
Categories=Network;WebBrowser;
MimeType=application/pdf;application/rdf+xml;application/rss+xml;application/xhtml+xml;application/xhtml_xml;application/xml;image/gif;image/jpeg;image/png;image/webp;text/html;text/xml;x-scheme-handler/http;x-scheme-handler/https;x-scheme-handler/chromium;
Actions=new-window
[Desktop Action new-window]
Name=New Window
Exec=@BRAVE_WRAPPER@ %U
";
};
amnesiac-brave-icon =
pkgs.runCommand "amnesiac-brave-icon"
{
nativeBuildInputs = [ pkgs.imagemagick ];
}
''
mkdir -p "$out/share/icons/hicolor/256x256/apps"
convert ${pkgs.brave}/share/icons/hicolor/256x256/apps/brave-browser.png \
-modulate 100,100,270 \
"$out/share/icons/hicolor/256x256/apps/amnesiac-brave.png"
for size in 16 24 32 48 64; do
mkdir -p "$out/share/icons/hicolor/''${size}x''${size}/apps"
convert ${pkgs.brave}/share/icons/hicolor/''${size}x''${size}/apps/brave-browser.png \
-modulate 100,100,270 \
"$out/share/icons/hicolor/''${size}x''${size}/apps/amnesiac-brave.png"
done
'';
in
{
packages.amnesiac-brave = pkgs.symlinkJoin {
name = "amnesiac-brave";
paths = [
brave-launcher
brave-policy
brave-desktop
amnesiac-brave-icon
pkgs.brave
];
postBuild = ''
brave_bin="$(readlink -f "$out/bin/brave")"
amnesiac_desktop="$out/share/applications/amnesiac-brave.desktop"
if [ -L "$amnesiac_desktop" ]; then
cp --remove-destination "$(readlink "$amnesiac_desktop")" "$amnesiac_desktop"
fi
sed -i \
"s|@BRAVE_WRAPPER@|$brave_bin|g" \
"$amnesiac_desktop"
rm -f "$out/share/applications/brave-browser.desktop"
rm -f "$out/share/applications/com.brave.Browser.desktop"
rm -f "$out/share/icons/hicolor/"*/apps/brave-browser.png
'';
};
};
}

215
packages/claude-desktop.nix Normal file
View file

@ -0,0 +1,215 @@
{ inputs, ... }:
{
perSystem =
{ system, ... }:
let
pkgs = import inputs.nixpkgs {
inherit system;
config.allowUnfree = true;
};
pname = "claude-desktop";
version = "1.0.1768";
srcs.x86_64-linux = pkgs.fetchurl {
url = "https://downloads.claude.ai/releases/win32/x64/1.0.1768/Claude-67d01376d0e9d08b328455f6db9e63b0d603506a.exe";
hash = "sha256-x76Qav38ya3ObpWIq3dDowo79LgvVquMfaZeH8M1LUk=;";
};
src =
srcs.${pkgs.stdenv.hostPlatform.system} or (throw "Unsupported system: ${pkgs.stdenv.hostPlatform.system}");
claudeNativeStub = ''
// Stub implementation of claude-native using KeyboardKey enum values
const KeyboardKey = {
Backspace: 43, Tab: 280, Enter: 261, Shift: 272, Control: 61, Alt: 40,
CapsLock: 56, Escape: 85, Space: 276, PageUp: 251, PageDown: 250,
End: 83, Home: 154, LeftArrow: 175, UpArrow: 282, RightArrow: 262,
DownArrow: 81, Delete: 79, Meta: 187
};
Object.freeze(KeyboardKey);
module.exports = {
getWindowsVersion: () => "10.0.0",
setWindowEffect: () => {},
removeWindowEffect: () => {},
getIsMaximized: () => false,
flashFrame: () => {},
clearFlashFrame: () => {},
showNotification: () => {},
setProgressBar: () => {},
clearProgressBar: () => {},
setOverlayIcon: () => {},
clearOverlayIcon: () => {},
KeyboardKey
};
'';
in
{
packages.claude-desktop = pkgs.stdenv.mkDerivation rec {
inherit pname version src;
nativeBuildInputs = with pkgs; [
makeWrapper
copyDesktopItems
p7zip
unzip
nodejs
graphicsmagick
];
buildInputs = [ pkgs.electron ];
desktopItems = [
(pkgs.makeDesktopItem {
name = "claude-desktop";
desktopName = "Claude";
comment = "AI assistant from Anthropic";
exec = "claude-desktop %u";
icon = "claude-desktop";
categories = [
"Network"
"Chat"
"Office"
];
mimeTypes = [ "x-scheme-handler/claude" ];
startupNotify = true;
startupWMClass = "Claude";
})
];
unpackPhase = ''
runHook preUnpack
# Extract the Windows installer - use -y to auto-overwrite
7z x -y $src -o./extracted
# The installer contains a NuGet package
if [ -f ./extracted/AnthropicClaude-*-full.nupkg ]; then
echo "Found NuGet package, extracting..."
# NuGet packages are just zip files
unzip -q ./extracted/AnthropicClaude-*-full.nupkg -d ./nupkg
# Extract app.asar to modify it
if [ -f ./nupkg/lib/net45/resources/app.asar ]; then
echo "Extracting app.asar..."
${pkgs.asar}/bin/asar extract ./nupkg/lib/net45/resources/app.asar ./app
# Also copy the unpacked resources
if [ -d ./nupkg/lib/net45/resources/app.asar.unpacked ]; then
cp -r ./nupkg/lib/net45/resources/app.asar.unpacked/* ./app/
fi
# Copy additional resources
mkdir -p ./app/resources
mkdir -p ./app/resources/i18n
cp ./nupkg/lib/net45/resources/Tray* ./app/resources/ || true
cp ./nupkg/lib/net45/resources/*-*.json ./app/resources/i18n/ || true
fi
else
echo "NuGet package not found"
ls -la ./extracted/
exit 1
fi
runHook postUnpack
'';
buildPhase = ''
runHook preBuild
# Replace the Windows-specific claude-native module with a stub
if [ -d ./app/node_modules/claude-native ]; then
echo "Replacing claude-native module with Linux stub..."
rm -rf ./app/node_modules/claude-native/*.node
cat > ./app/node_modules/claude-native/index.js << 'EOF'
${claudeNativeStub}
EOF
fi
# Fix the title bar detection (from aaddrick script)
echo "Fixing title bar detection..."
SEARCH_BASE="./app/.vite/renderer/main_window/assets"
if [ -d "$SEARCH_BASE" ]; then
TARGET_FILE=$(find "$SEARCH_BASE" -type f -name "MainWindowPage-*.js" | head -1)
if [ -n "$TARGET_FILE" ]; then
echo "Found target file: $TARGET_FILE"
# Replace patterns like 'if(!VAR1 && VAR2)' with 'if(VAR1 && VAR2)'
sed -i -E 's/if\(!([a-zA-Z]+)[[:space:]]*&&[[:space:]]*([a-zA-Z]+)\)/if(\1 \&\& \2)/g' "$TARGET_FILE"
echo "Title bar fix applied"
fi
fi
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out/lib/claude-desktop
# Repack the modified app as app.asar
cd ./app
${pkgs.asar}/bin/asar pack . ../app.asar
cd ..
# Copy resources
mkdir -p $out/lib/claude-desktop/resources
cp ./app.asar $out/lib/claude-desktop/resources/
# Create app.asar.unpacked directory with the stub
mkdir -p $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native
cat > $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native/index.js << 'EOF'
${claudeNativeStub}
EOF
# Copy other resources
if [ -d ./nupkg/lib/net45/resources ]; then
cp ./nupkg/lib/net45/resources/*.png $out/lib/claude-desktop/resources/ 2>/dev/null || true
cp ./nupkg/lib/net45/resources/*.ico $out/lib/claude-desktop/resources/ 2>/dev/null || true
cp ./nupkg/lib/net45/resources/*.json $out/lib/claude-desktop/resources/ 2>/dev/null || true
fi
# Create wrapper script
makeWrapper ${pkgs.electron}/bin/electron $out/bin/claude-desktop \
--add-flags "$out/lib/claude-desktop/resources/app.asar" \
--set DISABLE_AUTOUPDATER 1 \
--set NODE_ENV production
# Extract and install icons in multiple sizes
if [ -f ./extracted/setupIcon.ico ]; then
echo "Converting and installing icons..."
# Count frames in the ICO file and extract each one
frame_count=$(gm identify ./extracted/setupIcon.ico | wc -l)
for i in $(seq 0 $((frame_count - 1))); do
gm convert "./extracted/setupIcon.ico[$i]" "./extracted/setupIcon-$i.png" 2>/dev/null || true
done
# Loop through converted icons and install them by size
for img in ./extracted/setupIcon-*.png; do
if [ -f "$img" ]; then
size=$(gm identify -format "%wx%h" "$img")
# Skip smallest icons (16x16 and 32x32) as they're too low quality
if [ "$size" != "16x16" ] && [ "$size" != "32x32" ]; then
mkdir -p "$out/share/icons/hicolor/$size/apps"
cp "$img" "$out/share/icons/hicolor/$size/apps/claude-desktop.png"
fi
fi
done
fi
runHook postInstall
'';
meta = with pkgs.lib; {
description = "Claude Desktop - AI assistant from Anthropic";
homepage = "https://claude.ai";
license = licenses.unfree;
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
maintainers = [ ];
platforms = [ "x86_64-linux" ];
mainProgram = "claude-desktop";
};
};
};
}

6
packages/fastfetch.nix
View file

@ -36,10 +36,6 @@
type = "cpu"; type = "cpu";
keyWidth = 11; keyWidth = 11;
} }
{
type = "gpu";
keyWidth = 11;
}
{ {
type = "memory"; type = "memory";
keyWidth = 11; keyWidth = 11;
@ -83,6 +79,6 @@
); );
in in
{ {
packages.fastfetch = pkgs.writeShellScriptBin "fastfetch" ''exec ${lib.getExe pkgs.fastfetch} --config ${fastfetch-config} --logo-type auto --logo ${fastfetch-logo} --logo-padding-right 1 --logo-width 36 "$@" ''; packages.fastfetch = pkgs.writeShellScriptBin "fastfetch" ''exec ${lib.getExe pkgs.fastfetch} --config ${fastfetch-config} --logo-type kitty --logo ${fastfetch-logo} --logo-padding-right 1 --logo-width 36 "$@" '';
}; };
} }

2
packages/hm-cli.nix
View file

@ -5,6 +5,8 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
packages.hm-cli = pkgs.writeShellScriptBin "hm" '' packages.hm-cli = pkgs.writeShellScriptBin "hm" ''
set -e
HM="${pkgs.lib.getExe pkgs.home-manager}" HM="${pkgs.lib.getExe pkgs.home-manager}"
FLAKE_PATH="''${HM_PATH:-$HOME/.config/home-manager}" FLAKE_PATH="''${HM_PATH:-$HOME/.config/home-manager}"
FLAKE_OUTPUT="''${HM_USER:-$(whoami)@$(hostname)}" FLAKE_OUTPUT="''${HM_USER:-$(whoami)@$(hostname)}"

19
packages/overlays.nix
View file

@ -4,20 +4,19 @@ let
packageDir = builtins.readDir ./.; packageDir = builtins.readDir ./.;
# Filter to .nix files, excluding overlays.nix # Filter to .nix files, excluding overlays.nix
isPackageFile = name: name != "overlays.nix" && builtins.match ".*\\.nix$" name != null; isPackageFile = name:
name != "overlays.nix" && builtins.match ".*\\.nix$" name != null;
# Extract package name from filename (e.g., "foo-bar.nix" -> "foo-bar") # Extract package name from filename (e.g., "foo-bar.nix" -> "foo-bar")
toPackageName = filename: builtins.head (builtins.match "(.+)\\.nix$" filename); toPackageName = filename:
builtins.head (builtins.match "(.+)\\.nix$" filename);
packageNames = map toPackageName (builtins.filter isPackageFile (builtins.attrNames packageDir)); packageNames = map toPackageName (builtins.filter isPackageFile (builtins.attrNames packageDir));
in in
{ {
flake.overlays.default = flake.overlays.default = final: prev:
final: prev: builtins.listToAttrs (map (name: {
builtins.listToAttrs ( inherit name;
map (name: { value = inputs.self.packages.${final.system}.${name};
inherit name; }) packageNames);
value = inputs.self.packages.${final.system}.${name};
}) packageNames
);
} }

130
readme.md
View file

@ -1,73 +1,87 @@
# NixOS Flake Configuration # Nix Configuration
Modular NixOS configuration using flake-parts with the [dendritic](https://github.com/gytis-ivaskevicius/dendritic) pattern. My personal Nix configuration for multiple NixOS hosts, home-manager users, miscellaneous resources... too many things to list. If I could put my life in a flake I would.
## Structure
```
.
├── aspects/ # Reusable NixOS/home-manager modules (dendritic)
│ ├── base/ # Base system configuration
│ ├── hosts/ # Host-specific configurations
│ │ ├── _alexandria/
│ │ ├── _io/
│ │ ├── _rotterdam/
│ │ └── _trantor/
│ ├── systems/ # System type modules (desktop, server, cli, gaming)
│ └── users/ # User account configurations
├── data/ # Shared host/service definitions
├── packages/ # Custom packages and overlays
├── shells/ # Shell configurations
└── terranix/ # Terraform configurations for cloud resources
```
## Hosts ## Hosts
| Host | Architecture | Type | Description | ### Desktop Systems
|------|--------------|------|-------------| - **rotterdam** - Main desktop workstation (x86_64)
| trantor | aarch64-linux | server | ARM server running Forgejo | - Features: Desktop, AI tools, Bluetooth, Dev environment, Gaming, Virtualization (libvirtd), Podman
| alexandria | x86_64-linux | server | x86 server (Kanidm, Vaultwarden, Nextcloud, Jellyfin) | - Storage: Ephemeral root with LUKS encryption
| rotterdam | x86_64-linux | desktop | Main workstation setup for gaming |
| io | x86_64-linux | desktop | Workstation | - **io** - Laptop workstation (x86_64)
- Features: Desktop, AI tools, Bluetooth, Dev environment, Podman
- Storage: Ephemeral root with LUKS encryption
### Servers
- **alexandria** - Home server (x86_64)
- Hosts: Nextcloud, Vaultwarden, Jellyfin, Kanidm
- **trantor** - Cloud server (aarch64)
- Hosts: Forgejo
- Cloud provider: Oracle Cloud Infrastructure
- Storage: Ephemeral root with btrfs
## Home Manager Configurations
- **user@rotterdam** - Full desktop setup with gaming, OBS, and complete development environment
- **user@io** - Lightweight desktop setup
Both configurations include:
- btop, direnv, helix, starship, tmux
- Stylix theme management
- Fish shell with custom configurations
## Terranix Configurations
Infrastructure as code using Terranix (NixOS + Terraform/OpenTofu):
- **oci-trantor** - Oracle Cloud Infrastructure provisioning for Trantor server
- **cloudflare-baduhaidev** - DNS and CDN configuration for baduhai.dev domain
- **tailscale-tailnet** - Tailscale network ACL and device management
## Services ## Services
- **git.baduhai.dev** (Forgejo) - Publicly accessible on trantor All services are accessible via custom domains under baduhai.dev:
Other services (LAN/Tailscale only): Vaultwarden, Nextcloud, Jellyfin - **Kanidm** (auth.baduhai.dev) - Identity and access management
- **Vaultwarden** (pass.baduhai.dev) - Password manager
- **Forgejo** (git.baduhai.dev) - Git forge (publicly accessible)
- **Nextcloud** (cloud.baduhai.dev) - File sync and collaboration
- **Jellyfin** (jellyfin.baduhai.dev) - Media server
## Features Services are accessible via:
- LAN for alexandria-hosted services
- Tailscale VPN for all services
- Public internet for Forgejo only
- **Ephemeral root**: Automatic btrfs subvolume rollover with impermanence ## Notable Features
- **Secrets**: Managed via agenix with age encryption
- **Disk management**: disko for declarative disk partitioning
- **Modular architecture**: Each aspect is a separate module imported via import-tree
- **Dendritic pattern**: Aspects are imported as a unified flake module
## Building ### Ephemeral Root
Rotterdam, io, and trantor use an ephemeral root filesystem that resets on every boot:
- Root filesystem is automatically rolled back using btrfs snapshots
- Old snapshots retained for 30 days
- Persistent data stored in dedicated subvolumes
- Implements truly stateless systems
```bash ### Custom DNS Architecture
# Build specific host - Unbound DNS servers on both alexandria and trantor
nix build .#nixosConfigurations.trantor.config.system.build.toplevel - Service routing based on visibility flags (public/LAN/Tailscale)
- Split-horizon DNS for optimal access paths
# Rebuild host (if using nixos-cli on the host) ### Security
sudo nixos apply - LUKS full-disk encryption on desktop systems
``` - Fail2ban on public-facing servers
- agenix for secrets management
- Tailscale for secure remote access
## Terranix ### Desktop Environment
- Custom Niri window manager (Wayland compositor)
- Using forked version with auto-centering feature
- Stylix for consistent theming
Terraform configurations for cloud infrastructure managed via terranix: ### Development Setup
- Nix flakes for reproducible builds
- baduhai.dev DNS on CloudFlare - deploy-rs for automated deployments
- VPS provisioning on OCI - Podman for containerization
- Tailscale subnet routers - Complete AI tooling integration
## Key Dependencies
- nixpkgs (nixos-unstable for workstations, nixos for servers)
- home-manager
- agenix
- disko
- impermanence
- nix-flatpak
- nixos-cli

9
secrets/miniflux-admincreds.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 Kfdnog QEq4A011oVny6vo1+wOcQNnpkf77216PZXJqK4rGTGY
FPeASmXRirxeF2T2jXhA/tEaO0p1CZJ6D3lv3p2KTX0
-> ssh-ed25519 8YSAiw gxuXAt2nG6qXhWwAAiFwNCNYJV2VGKnDNkjU61NOJ2o
xncp+M4lVixiTmXQU5QrtdQ860t/1JpvOcO4YXAy3to
-> ssh-ed25519 J6tVTA Mr0XrEFP/o7nFWBKal+ehzMiejWpVDIBiiMqWzdOzEM
0DTqm2LyMMlVZlTk67Y3hTiVjcJG9gprnXj6QjYxrJw
--- FXUNp6O7vuibJj0RI3SZN3IBK1Hx5ouUij2ah05lCYA
ÔX*÷“µ¬0¬²øÇBŒ<42>3Îð«jbœÍ<C593>S§Vÿ΀Äb¹BcÈi—øD.ïÇ5\é`&`越-Ui"gХȊ`OÒ µG<C2B5>cõ¥øÊæ'»Îºø«@qn[

12
secrets/pocket-id.key.age
View file

@ -1,12 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 Kfdnog qboolDmhXaGgkzTGQFWjOUrcE7yxsHmzjmlkYB3OqFY
v6wpMePziJX95NVo+LEU6u2bWw7LMr1KK62neiyVAP8
-> ssh-ed25519 SP9f6A 3UGwGpY0J/GI6VB97Rm/BTBjeb0B1TdbWVVxmY432Ck
wo7nnTtTIxYtgSZkpK1Q/k6WR9SrbS1YJifgTjPjulY
-> ssh-ed25519 8YSAiw C0uNO0b3nnWhlBtX+DfAmCYWb4cECQ81ttDUefVeKUI
Mrs9C7U5no0wWy6sgMscE5BXa4Hn3PW+oLiKjJh8o3E
-> ssh-ed25519 Qt3Q+A SwF17bx4NVjMDw6wvwWraStm0HmlA3sSHwCrV6CL+T4
eX4fPztSm7UMbioLiT3X1FGmOoyOk3nmEwZ9bFwQhe8
--- ykTk2TBfeUk5azrysf12t2FRTZ68K8To3DFZoV1vlTY
²'8òÑ$pK,´û./ªŠ
IÜÞ%6Þ˜€ï^ óÛŸ¸&cy&‡ˆšXÜÐ/N`LÞê»LÛÈp7àRRˆp»„fDÕþÑ7VØ%—üÁŒî

10
secrets/secrets.nix
View file

@ -32,14 +32,4 @@ in
rotterdam-user rotterdam-user
trantor trantor
]; ];
"pocket-id.key.age".publicKeys = [
io-user
rotterdam-user
trantor
];
"miniflux-admincreds.age".publicKeys = [
io-user
rotterdam-user
alexandria
];
} }

2
shells/default.nix
View file

@ -6,7 +6,7 @@
{ {
devShells.default = pkgs.mkShell { devShells.default = pkgs.mkShell {
packages = with pkgs; [ packages = with pkgs; [
inputs.agenix.packages.${stdenv.hostPlatform.system}.default inputs.agenix.packages.${system}.default
nil nil
nixfmt nixfmt
]; ];

9
terranix/kernelpanic.space.nix
View file

@ -8,12 +8,9 @@
terranix.terranixConfigurations.cloudflare-kernelpanicspace = { terranix.terranixConfigurations.cloudflare-kernelpanicspace = {
terraformWrapper.package = pkgs.opentofu; terraformWrapper.package = pkgs.opentofu;
modules = [ modules = [
( ({ config, ... }: {
{ config, ... }: # Terraform config goes here
{ })
# Terraform config goes here
}
)
]; ];
}; };
}; };

9
terranix/terminus.nix
View file

@ -8,12 +8,9 @@
terranix.terranixConfigurations.oci-terminus = { terranix.terranixConfigurations.oci-terminus = {
terraformWrapper.package = pkgs.opentofu; terraformWrapper.package = pkgs.opentofu;
modules = [ modules = [
( ({ config, ... }: {
{ config, ... }: # Terraform config goes here
{ })
# Terraform config goes here
}
)
]; ];
}; };
}; };