baduhai/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: baduhai:master
Branches Tags
baduhai:master
baduhai:dendritic-light
baduhai:dendritic
baduhai:terranix
baduhai:refactor
baduhai:dms
baduhai:vim
baduhai:ansible
baduhai:niri
baduhai:hyprland
..
compare: baduhai:dendritic-light
Branches Tags
baduhai:master
baduhai:dendritic-light
baduhai:dendritic
baduhai:terranix
baduhai:refactor
baduhai:dms
baduhai:vim
baduhai:ansible
baduhai:niri
baduhai:hyprland

No commits in common. "master" and "dendritic-light" have entirely different histories.
master ... dendritic-

82 changed files with 2151 additions and 1638 deletions
Download patch file Download diff file Expand all files Collapse all files

17
aspects/ai.nix
View file

@ -1,19 +1,12 @@
{ ... }:
{
flake.modules.nixos.ai =
{ inputs, pkgs, ... }:
{
flake.modules.nixos.ai = { inputs, pkgs, ... }: {
environment.systemPackages =
(with pkgs; [ ])
++ (with inputs.nix-ai-tools.packages.${pkgs.stdenv.hostPlatform.system}; [
(with pkgs; [claude-desktop]) ++
(with inputs.nix-ai-tools.packages.${pkgs.system}; [
claude-code
claudebox
opencode
]);
nix.settings = {
extra-substituters = [ "https://cache.numtide.com" ];
extra-trusted-public-keys = [
"niks3.numtide.com-1:DTx8wZduET09hRmMtKdQDxNNthLQETkc/yaX7M4qK0g="
];
};
};
}

16
aspects/base/bash.nix
View file

@ -1,16 +0,0 @@
{ ... }:
{
flake.modules.homeManager.bash =
{
config,
lib,
pkgs,
...
}:
{
programs.bash = {
enable = true;
historyFile = "~/.cache/bash_history";
};
};
}

23
aspects/base/boot.nix
View file

@ -1,23 +0,0 @@
{ ... }:
{
flake.modules.nixos.boot =
{ pkgs, ... }:
{
boot = {
loader = {
timeout = 1;
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
editor = false;
consoleMode = "max";
sortKey = "aa";
netbootxyz = {
enable = true;
sortKey = "zz";
};
};
};
};
};
}

11
aspects/base/console.nix
View file

@ -1,11 +0,0 @@
{ ... }:
{
flake.modules.nixos.console =
{ ... }:
{
console = {
useXkbConfig = true;
earlySetup = true;
};
};
}

11
aspects/base/firewall.nix
View file

@ -1,11 +0,0 @@
{ ... }:
{
flake.modules.nixos.firewall =
{ ... }:
{
networking = {
firewall.enable = true;
nftables.enable = true;
};
};
}

47
aspects/base/fish.nix
View file

@ -1,47 +0,0 @@
{ ... }:
{
flake.modules = {
nixos.fish =
{ ... }:
{
programs.fish.enable = true;
};
homeManager.fish =
{
config,
lib,
pkgs,
...
}:
{
programs.fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting
${lib.getExe pkgs.nix-your-shell} fish | source
'';
loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source";
plugins = [
{
name = "bang-bang";
src = pkgs.fetchFromGitHub {
owner = "oh-my-fish";
repo = "plugin-bang-bang";
rev = "f969c618301163273d0a03d002614d9a81952c1e";
sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ=";
};
}
{
name = "z";
src = pkgs.fetchFromGitHub {
owner = "jethrokuan";
repo = "z";
rev = "067e867debee59aee231e789fc4631f80fa5788e";
sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU=";
};
}
];
};
};
};
}

24
aspects/base/locale.nix
View file

@ -1,24 +0,0 @@
{ ... }:
{
flake.modules.nixos.locale =
{ ... }:
{
time.timeZone = "America/Bahia";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "pt_BR.utf8";
LC_COLLATE = "pt_BR.utf8";
LC_IDENTIFICATION = "pt_BR.utf8";
LC_MEASUREMENT = "pt_BR.utf8";
LC_MONETARY = "pt_BR.utf8";
LC_NAME = "pt_BR.utf8";
LC_NUMERIC = "pt_BR.utf8";
LC_PAPER = "pt_BR.utf8";
LC_TELEPHONE = "pt_BR.utf8";
LC_TIME = "en_IE.utf8";
};
};
};
}

51
aspects/base/nix.nix
View file

@ -1,51 +0,0 @@
{ ... }:
{
flake.modules.nixos.nix =
{ inputs, pkgs, ... }:
{
imports = [ inputs.nixos-cli.nixosModules.nixos-cli ];
nix = {
settings = {
auto-optimise-store = true;
connect-timeout = 10;
log-lines = 25;
min-free = 128000000;
max-free = 1000000000;
trusted-users = [ "@wheel" ];
};
extraOptions = "experimental-features = nix-command flakes";
gc = {
automatic = true;
options = "--delete-older-than 8d";
};
};
nixpkgs.config = {
allowUnfree = true;
enableParallelBuilding = true;
buildManPages = false;
buildDocs = false;
};
services.nixos-cli = {
enable = true;
config = {
use_nvd = true;
ignore_dirty_tree = true;
apply = {
reexec_as_root = true;
use_nom = true;
};
confirmation.empty = "default-yes";
};
};
environment.systemPackages = with pkgs; [
nix-output-monitor
nvd
];
system.stateVersion = "22.11";
};
}

32
aspects/base/ssh.nix
View file

@ -1,32 +0,0 @@
{ ... }:
{
flake.modules.nixos.ssh =
{ ... }:
{
services.openssh = {
enable = true;
settings.PermitRootLogin = "no";
extraConfig = ''
PrintLastLog no
'';
};
programs = {
bash.interactiveShellInit = ''
if [ -n "$SSH_CONNECTION" ] && [ -z "$IN_NIX_SHELL" ] && [ -z "$TMUX" ]; then
export TERM=xterm-256color
clear
fastfetch
fi
'';
fish.interactiveShellInit = ''
set fish_greeting
if set -q SSH_CONNECTION; and not set -q IN_NIX_SHELL; and not set -q TMUX
export TERM=xterm-256color
clear
fastfetch
end
'';
};
};
}

14
aspects/bluetooth.nix
View file

@ -1,16 +1,6 @@
{ ... }:
{
flake.modules.nixos.bluetooth =
{
config,
lib,
pkgs,
...
}:
{
hardware.bluetooth = {
enable = true;
powerOnBoot = false;
};
flake.modules.nixos.bluetooth = { config, lib, pkgs, ... }: {
hardware.bluetooth.enable = true;
};
}

17
aspects/cli/btop.nix
View file

@ -1,20 +1,6 @@
{ ... }:
{
flake.modules = {
nixos.btop =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ btop ];
};
homeManager.btop =
{
config,
lib,
pkgs,
...
}:
{
flake.modules.homeManager.cli-btop = { config, lib, pkgs, ... }: {
programs.btop = {
enable = true;
settings = {
@ -24,5 +10,4 @@
};
};
};
};
}

10
aspects/cli/comma.nix
View file

@ -1,14 +1,6 @@
{ ... }:
{
flake.modules.homeManager.comma =
{
config,
lib,
pkgs,
inputs,
...
}:
{
flake.modules.homeManager.cli-comma = { config, lib, pkgs, inputs, ... }: {
imports = [ inputs.nix-index-database.homeModules.nix-index ];
programs.nix-index-database.comma.enable = true;

9
aspects/cli/direnv.nix
View file

@ -1,13 +1,6 @@
{ ... }:
{
flake.modules.homeManager.direnv =
{
config,
lib,
pkgs,
...
}:
{
flake.modules.homeManager.cli-direnv = { config, lib, pkgs, ... }: {
programs.direnv = {
enable = true;
nix-direnv.enable = true;

19
aspects/cli/helix.nix
View file

@ -1,22 +1,6 @@
{ ... }:
{
flake.modules = {
nixos.helix =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
helix
];
};
homeManager.helix =
{
config,
lib,
pkgs,
...
}:
{
flake.modules.homeManager.cli-helix = { config, lib, pkgs, ... }: {
home.sessionVariables = {
EDITOR = "hx";
};
@ -63,5 +47,4 @@
};
};
};
};
}

9
aspects/cli/hm-cli.nix
View file

@ -1,13 +1,6 @@
{ ... }:
{
flake.modules.homeManager.hm-cli =
{
config,
lib,
pkgs,
...
}:
{
flake.modules.homeManager.cli-base = { config, lib, pkgs, ... }: {
home = {
packages = with pkgs; [ hm-cli ];
sessionVariables = {

9
aspects/cli/starship.nix
View file

@ -1,13 +1,6 @@
{ ... }:
{
flake.modules.homeManager.starship =
{
config,
lib,
pkgs,
...
}:
{
flake.modules.homeManager.cli-starship = { config, lib, pkgs, ... }: {
programs.starship = {
enable = true;
enableBashIntegration = true;

19
aspects/cli/tmux.nix
View file

@ -1,22 +1,6 @@
{ ... }:
{
flake.modules = {
nixos.tmux =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
tmux
];
};
homeManager.tmux =
{
config,
lib,
pkgs,
...
}:
{
flake.modules.homeManager.cli-tmux = { config, lib, pkgs, ... }: {
programs.tmux = {
enable = true;
clock24 = true;
@ -25,5 +9,4 @@
keyMode = "vi";
};
};
};
}

21
aspects/common/boot.nix Normal file
View file

@ -0,0 +1,21 @@
{ ... }:
{
flake.modules.nixos.common-boot = { pkgs, ... }: {
boot = {
loader = {
timeout = 1;
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
editor = false;
consoleMode = "max";
sortKey = "aa";
netbootxyz = {
enable = true;
sortKey = "zz";
};
};
};
};
};
}

9
aspects/common/console.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
flake.modules.nixos.common-console = { ... }: {
console = {
useXkbConfig = true;
earlySetup = true;
};
};
}

9
aspects/common/firewall.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
flake.modules.nixos.common-firewall = { ... }: {
networking = {
firewall.enable = true;
nftables.enable = true;
};
};
}

22
aspects/common/locale.nix Normal file
View file

@ -0,0 +1,22 @@
{ ... }:
{
flake.modules.nixos.common-locale = { ... }: {
time.timeZone = "America/Bahia";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "pt_BR.utf8";
LC_COLLATE = "pt_BR.utf8";
LC_IDENTIFICATION = "pt_BR.utf8";
LC_MEASUREMENT = "pt_BR.utf8";
LC_MONETARY = "pt_BR.utf8";
LC_NAME = "pt_BR.utf8";
LC_NUMERIC = "pt_BR.utf8";
LC_PAPER = "pt_BR.utf8";
LC_TELEPHONE = "pt_BR.utf8";
LC_TIME = "en_IE.utf8";
};
};
};
}

39
aspects/common/nix.nix Normal file
View file

@ -0,0 +1,39 @@
{ ... }:
{
flake.modules.nixos.common-nix = { inputs, ... }: {
imports = [ inputs.nixos-cli.nixosModules.nixos-cli ];
nix = {
settings = {
auto-optimise-store = true;
connect-timeout = 10;
log-lines = 25;
min-free = 128000000;
max-free = 1000000000;
trusted-users = [ "@wheel" ];
};
extraOptions = "experimental-features = nix-command flakes";
gc = {
automatic = true;
options = "--delete-older-than 8d";
};
};
nixpkgs.config = {
allowUnfree = true;
enableParallelBuilding = true;
buildManPages = false;
buildDocs = false;
};
services.nixos-cli = {
enable = true;
config = {
use_nvd = true;
ignore_dirty_tree = true;
};
};
system.stateVersion = "22.11";
};
}

12
aspects/common/openssh.nix Normal file
View file

@ -0,0 +1,12 @@
{ ... }:
{
flake.modules.nixos.common-openssh = { ... }: {
services.openssh = {
enable = true;
settings.PermitRootLogin = "no";
extraConfig = ''
PrintLastLog no
'';
};
};
}

43
aspects/common/programs.nix Normal file
View file

@ -0,0 +1,43 @@
{ ... }:
{
flake.modules.nixos.common-programs =
{ lib, pkgs, ... }:
{
environment = {
systemPackages = with pkgs; [
### Dev Tools ###
git
### System Utilities ###
btop
fastfetch
helix
nixos-firewall-tool
nvd
sysz
tmux
wget
yazi
];
shellAliases = {
cat = "${lib.getExe pkgs.bat} --paging=never --style=plain";
ls = "${lib.getExe pkgs.eza} --git --icons --group-directories-first";
tree = "ls --tree";
};
};
programs = {
command-not-found.enable = false;
fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting
if set -q SSH_CONNECTION
export TERM=xterm-256color
clear
fastfetch
end
'';
};
};
};
}

2
aspects/base/security.nix → aspects/common/security.nix
View file

@ -1,6 +1,6 @@
{ ... }:
{
flake.modules.nixos.security =
flake.modules.nixos.common-security =
{ ... }:
{
security.sudo = {

10
aspects/common/services.nix Normal file
View file

@ -0,0 +1,10 @@
{ ... }:
{
flake.modules.nixos.common-services = { ... }: {
services = {
dbus.implementation = "broker";
irqbalance.enable = true;
fstrim.enable = true;
};
};
}

9
aspects/common/tailscale.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
flake.modules.nixos.common-tailscale = { ... }: {
services.tailscale = {
enable = true;
extraUpFlags = [ "--operator=user" ];
};
};
}

108
aspects/constants.nix
View file

@ -1,9 +1,4 @@
{
inputs,
lib,
config,
...
}:
{ lib, config, ... }:
let
# Host submodule type
@ -59,15 +54,12 @@ let
sharedData = import ../data/services.nix;
# Enrich services with host IP information
enrichServices =
hosts: services:
map (
svc:
enrichServices = hosts: services:
map (svc:
let
hostInfo = hosts.${svc.host} or { };
hostInfo = hosts.${svc.host} or {};
in
svc
// {
svc // {
lanIP = hostInfo.lanIP or null;
tailscaleIP = hostInfo.tailscaleIP or null;
}
@ -78,19 +70,19 @@ in
options.flake = {
hosts = lib.mkOption {
type = lib.types.attrsOf hostType;
default = { };
default = {};
description = "Host definitions with IP addresses";
};
services = lib.mkOption {
type = lib.types.listOf serviceType;
default = [ ];
default = [];
description = "Service definitions with enriched host information";
};
lib = lib.mkOption {
type = lib.types.attrsOf lib.types.raw;
default = { };
default = {};
description = "Utility functions for flake configuration";
};
};
@ -102,11 +94,9 @@ in
lib = {
# Nginx virtual host utilities
mkNginxVHosts =
{ domains }:
mkNginxVHosts = { domains }:
let
mkVHostConfig =
domain: vhostConfig:
mkVHostConfig = domain: vhostConfig:
lib.recursiveUpdate {
useACMEHost = domain;
forceSSL = true;
@ -117,8 +107,7 @@ in
# Split DNS utilities for unbound
# Generates unbound view config from a list of DNS entries
mkSplitDNS =
entries:
mkSplitDNS = entries:
let
tailscaleData = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') entries;
lanData = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') entries;
@ -137,81 +126,6 @@ in
local-data = lanData;
}
];
# Generates flake.homeConfigurations
mkHomeConfiguration =
{
user,
hostname,
system ? "x86_64-linux",
stateVersion ? "22.05",
nixpkgs ? inputs.nixpkgs, # override with e.g. inputs.nixpkgs-stable
userModules ? [ ],
overlays ? [ inputs.self.overlays.default ],
homeManagerModules ? with inputs.self.modules.homeManager; [
base
cli
],
userDirectory ? "/home/${user}",
}:
inputs.home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.${system};
extraSpecialArgs = {
inherit inputs hostname;
};
modules = [
{ nixpkgs.overlays = overlays; }
{
home = {
username = user;
homeDirectory = userDirectory;
inherit stateVersion;
};
}
((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p))
"/${inputs.self}/aspects/users/_${user}"
)
]
++ homeManagerModules
++ userModules;
};
# Generates flake.nixosConfigurations
mkHost =
{
hostname,
system ? "x86_64-linux",
nixpkgs ? inputs.nixpkgs,
overlays ? [
inputs.agenix.overlays.default
inputs.self.overlays.default
],
ephemeralRootDev ? null, # pass rootDevice string to enable, e.g. ephemeralephemeralRootDev = "/dev/mapper/cryptroot"
nixosModules ? with inputs.self.modules.nixos; [
base
cli
user
root
],
extraModules ? [ ],
}:
nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs; };
modules = [
inputs.agenix.nixosModules.default
{ networking.hostName = hostname; }
{ nixpkgs.overlays = overlays; }
((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p))
"${inputs.self}/aspects/hosts/_${hostname}"
)
]
++ (lib.optional (ephemeralRootDev != null) (
inputs.self.factory.ephemeral { rootDevice = ephemeralRootDev; }
))
++ nixosModules
++ extraModules;
};
};
};
}

27
aspects/desktop/boot.nix Normal file
View file

@ -0,0 +1,27 @@
{ ... }:
{
flake.modules.nixos.desktop-boot = { config, lib, pkgs, ... }: {
boot = {
plymouth.enable = true;
initrd.systemd.enable = true;
loader.efi.efiSysMountPoint = "/boot/efi";
kernelPackages = pkgs.linuxPackages_xanmod_latest;
extraModprobeConfig = ''
options bluetooth disable_ertm=1
'';
kernel.sysctl = {
"net.ipv4.tcp_mtu_probing" = 1;
};
kernelParams = [
"quiet"
"splash"
"i2c-dev"
"i2c-piix4"
"loglevel=3"
"udev.log_priority=3"
"rd.udev.log_level=3"
"rd.systemd.show_status=false"
];
};
};
}

292
aspects/desktop/desktop.nix Normal file
View file

@ -0,0 +1,292 @@
{
inputs,
...
}:
{
flake.modules = {
nixos.desktop-desktop = { config, lib, pkgs, ... }: {
imports = [
inputs.niri-flake.nixosModules.niri
inputs.nix-flatpak.nixosModules.nix-flatpak
];
environment = {
sessionVariables = {
KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir
NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland
};
systemPackages = with pkgs; [
### Web ###
bitwarden-desktop
fragments
nextcloud-client
tor-browser
vesktop
inputs.zen-browser.packages."${system}".default
### Office & Productivity ###
aspell
aspellDicts.de
aspellDicts.en
aspellDicts.en-computers
aspellDicts.pt_BR
papers
presenterm
rnote
### Graphics & Design ###
gimp
inkscape
plasticity
### System Utilities ###
adwaita-icon-theme
ghostty
gnome-disk-utility
junction
libfido2
mission-center
nautilus
p7zip
rclone
toggleaudiosink
unrar
### Media ###
decibels
loupe
obs-studio
showtime
];
};
services = {
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
wireplumber.enable = true;
};
greetd = {
enable = true;
settings = {
default_session = {
command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session";
user = "greeter";
};
}
// lib.optionalAttrs (config.networking.hostName == "io") {
initial_session = {
command = "${config.programs.niri.package}/bin/niri-session";
user = "user";
};
};
};
flatpak = {
enable = true;
packages = [
### Office & Productivity ###
"com.collabora.Office"
### Graphics & Design ###
"com.boxy_svg.BoxySVG"
rec {
appId = "io.github.softfever.OrcaSlicer";
sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1";
bundle = "${pkgs.fetchurl {
url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak";
inherit sha256;
}}";
}
### System Utilities ###
"com.github.tchx84.Flatseal"
"com.rustdesk.RustDesk"
];
uninstallUnmanaged = true;
update.auto.enable = true;
};
gvfs.enable = true;
};
security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority
users = {
users.greeter = {
isSystemUser = true;
group = "greeter";
};
groups.greeter = { };
};
programs = {
niri = {
enable = true;
package = inputs.niri.packages.${pkgs.system}.niri;
};
kdeconnect = {
enable = true;
package = pkgs.valent;
};
dconf.enable = true;
appimage = {
enable = true;
binfmt = true;
};
};
niri-flake.cache.enable = false;
fonts = {
fontDir.enable = true;
packages = with pkgs; [
corefonts
inter
nerd-fonts.fira-code
noto-fonts-cjk-sans
noto-fonts-color-emoji
roboto
];
};
xdg.portal = {
extraPortals = with pkgs; [
xdg-desktop-portal-gnome
xdg-desktop-portal-gtk
];
config = {
common.default = "*";
niri.default = [
"gtk"
"gnome"
];
};
};
};
homeManager.desktop-desktop = { config, lib, pkgs, inputs, ... }: {
imports = [ inputs.vicinae.homeManagerModules.default ];
fonts.fontconfig.enable = true;
home.packages = with pkgs; [ xwayland-satellite ];
services.vicinae = {
enable = true;
systemd = {
enable = true;
autoStart = true;
};
};
programs = {
ghostty = {
enable = true;
settings = {
cursor-style = "block";
shell-integration-features = "no-cursor";
cursor-style-blink = false;
custom-shader = "${builtins.fetchurl {
url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl";
sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41";
}}";
bell-features = "";
gtk-titlebar-style = "tabs";
keybind = [ "shift+enter=text:\\x1b\\r" ];
};
};
password-store = {
enable = true;
package = pkgs.pass-wayland;
};
};
xdg = {
enable = true;
userDirs.enable = true;
mimeApps = {
enable = true;
defaultApplications = {
"text/html" = [
"re.sonny.Junction.desktop"
"zen-browser.desktop"
"torbrowser.desktop"
];
"x-scheme-handler/http" = [
"re.sonny.Junction.desktop"
"zen-browser.desktop"
"torbrowser.desktop"
];
"x-scheme-handler/https" = [
"re.sonny.Junction.desktop"
"zen-browser.desktop"
"torbrowser.desktop"
];
"x-scheme-handler/about" = [
"re.sonny.Junction.desktop"
"zen-browser.desktop"
"torbrowser.desktop"
];
"x-scheme-handler/unknown" = [
"re.sonny.Junction.desktop"
"zen-browser.desktop"
"torbrowser.desktop"
];
"image/jpeg" = "org.gnome.Loupe.desktop";
"image/png" = "org.gnome.Loupe.desktop";
"image/gif" = "org.gnome.Loupe.desktop";
"image/webp" = "org.gnome.Loupe.desktop";
"image/bmp" = "org.gnome.Loupe.desktop";
"image/svg+xml" = "org.gnome.Loupe.desktop";
"image/tiff" = "org.gnome.Loupe.desktop";
"video/mp4" = "io.bassi.Showtime.desktop";
"video/x-matroska" = "io.bassi.Showtime.desktop";
"video/webm" = "io.bassi.Showtime.desktop";
"video/mpeg" = "io.bassi.Showtime.desktop";
"video/x-msvideo" = "io.bassi.Showtime.desktop";
"video/quicktime" = "io.bassi.Showtime.desktop";
"video/x-flv" = "io.bassi.Showtime.desktop";
"audio/mpeg" = "io.bassi.Showtime.desktop";
"audio/flac" = "io.bassi.Showtime.desktop";
"audio/ogg" = "io.bassi.Showtime.desktop";
"audio/wav" = "io.bassi.Showtime.desktop";
"audio/mp4" = "io.bassi.Showtime.desktop";
"audio/x-opus+ogg" = "io.bassi.Showtime.desktop";
"application/pdf" = [
"org.gnome.Papers.desktop"
"zen-browser.desktop"
];
"text/plain" = "Helix.desktop";
"text/markdown" = "Helix.desktop";
"text/x-log" = "Helix.desktop";
"application/x-shellscript" = "Helix.desktop";
"application/vnd.openxmlformats-officedocument.wordprocessingml.document" =
"com.collabora.Office.desktop"; # DOCX
"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" =
"com.collabora.Office.desktop"; # XLSX
"application/vnd.openxmlformats-officedocument.presentationml.presentation" =
"com.collabora.Office.desktop"; # PPTX
"application/vnd.oasis.opendocument.text" = "com.collabora.Office.desktop"; # ODT
"application/vnd.oasis.opendocument.spreadsheet" = "com.collabora.Office.desktop"; # ODS
"application/vnd.oasis.opendocument.presentation" = "com.collabora.Office.desktop"; # ODP
"application/msword" = "com.collabora.Office.desktop"; # DOC
"application/vnd.ms-excel" = "com.collabora.Office.desktop"; # XLS
"application/vnd.ms-powerpoint" = "com.collabora.Office.desktop"; # PPT
"application/zip" = "org.gnome.FileRoller.desktop";
"application/x-tar" = "org.gnome.FileRoller.desktop";
"application/x-compressed-tar" = "org.gnome.FileRoller.desktop";
"application/x-bzip-compressed-tar" = "org.gnome.FileRoller.desktop";
"application/x-xz-compressed-tar" = "org.gnome.FileRoller.desktop";
"application/x-7z-compressed" = "org.gnome.FileRoller.desktop";
"application/x-rar" = "org.gnome.FileRoller.desktop";
"application/gzip" = "org.gnome.FileRoller.desktop";
"application/x-bzip" = "org.gnome.FileRoller.desktop";
"inode/directory" = "org.gnome.Nautilus.desktop";
};
};
};
# Set Ghostty as default terminal
home.sessionVariables = {
TERMINAL = "ghostty";
};
};
};
}

56
aspects/desktop/niri.nix
View file

@ -1,29 +1,6 @@
{ ... }:
{
flake.modules = {
nixos.niri =
{
config,
lib,
pkgs,
...
}:
{
services.greetd.settings = {
default_session.command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session";
};
programs.niri.enable = true;
};
homeManager.niri =
{
config,
lib,
pkgs,
inputs,
hostname ? null,
...
}:
flake.modules.homeManager.desktop-niri = { config, lib, pkgs, inputs, hostname ? null, ... }:
let
isRotterdam = hostname == "rotterdam";
in
@ -48,7 +25,7 @@
home = {
packages = with pkgs; [
xwayland-satellite
inputs.noctalia.packages.${pkgs.stdenv.hostPlatform.system}.default
inputs.noctalia.packages.${pkgs.system}.default
];
sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3";
};
@ -81,27 +58,26 @@
focus-follows-mouse
}
output "LG Electronics LG ULTRAWIDE 206AZFM5E459" {
layout {
preset-column-widths {
proportion 0.33333
proportion 0.5
proportion 0.66667
}
default-column-width { proportion 0.33333; }
}
}
layout {
gaps 8
center-focused-column "never"
always-center-single-column
empty-workspace-above-first
auto-center-when-space-available
preset-column-widths {
${
if isRotterdam then
''
proportion 0.33333
proportion 0.5
proportion 0.66667
''
else
''
proportion 0.5
proportion 1.0
''
}
default-column-width { proportion 0.5; }
}
default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; }
focus-ring {
off
}
@ -123,7 +99,6 @@
}
spawn-at-startup "noctalia-shell" "-d"
spawn-at-startup "${lib.getExe pkgs.niri-auto-centre}"
layer-rule {
match namespace="^noctalia-overview*"
place-within-backdrop true
@ -242,5 +217,4 @@
}
'';
};
};
}

14
aspects/desktop/nix.nix Normal file
View file

@ -0,0 +1,14 @@
{ inputs, ... }:
{
flake.modules.nixos.desktop-nix = { config, lib, pkgs, ... }: {
environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath;
nix = {
registry.nixpkgs.flake = inputs.nixpkgs;
nixPath = [
"nixpkgs=${inputs.nixpkgs}"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
};
}

16
aspects/desktop/services.nix Normal file
View file

@ -0,0 +1,16 @@
{ ... }:
{
flake.modules.nixos.desktop-services = { config, lib, pkgs, ... }: {
services = {
printing.enable = true;
udev.packages = with pkgs; [ yubikey-personalization ];
keyd = {
enable = true;
keyboards.all = {
ids = [ "*" ];
settings.main.capslock = "overload(meta, esc)";
};
};
};
};
}

12
aspects/dev.nix
View file

@ -1,20 +1,16 @@
{ ... }:
{
flake.modules.nixos.dev =
{
config,
lib,
pkgs,
...
}:
{
flake.modules.nixos.dev = { config, lib, pkgs, ... }: {
environment.systemPackages = with pkgs; [
android-tools
bat
lazygit
fd
fzf
glow
nixfmt
nix-init
nix-output-monitor
ripgrep
];

23
aspects/ephemeral.nix
View file

@ -3,8 +3,7 @@
{ inputs, ... }:
{
# Base module with options (for external flakes or direct use)
flake.modules.nixos.ephemeral =
{ lib, config, ... }:
flake.modules.nixos.ephemeral = { lib, config, ... }:
let
cfg = config.ephemeral;
in
@ -90,19 +89,18 @@
# Factory function that generates configured modules
flake.factory.ephemeral =
{
rootDevice,
rootSubvolume ? "@root",
retentionDays ? 30,
persistentStoragePath ? "/persistent",
persistentFiles ? [
{ rootDevice
, rootSubvolume ? "@root"
, retentionDays ? 30
, persistentStoragePath ? "/persistent"
, persistentFiles ? [
"/etc/machine-id"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
],
persistentDirectories ? [
]
, persistentDirectories ? [
"/etc/NetworkManager/system-connections"
"/etc/nixos"
"/var/lib/bluetooth"
@ -113,10 +111,9 @@
"/var/lib/systemd/timers"
"/var/lib/tailscale"
"/var/log"
],
]
}:
{ ... }:
{
{ ... }: {
imports = [
inputs.impermanence.nixosModules.impermanence
inputs.self.modules.nixos.ephemeral

9
aspects/fwupd.nix
View file

@ -1,13 +1,6 @@
{ ... }:
{
flake.modules.nixos.fwupd =
{
config,
lib,
pkgs,
...
}:
{
flake.modules.nixos.fwupd = { config, lib, pkgs, ... }: {
services.fwupd.enable = true;
};
}

23
aspects/gaming/flatpak.nix Normal file
View file

@ -0,0 +1,23 @@
{ ... }:
{
flake.modules.nixos.gaming-flatpak = { pkgs, ... }: {
services.flatpak.packages = [
"com.github.k4zmu2a.spacecadetpinball"
"com.steamgriddb.SGDBoop"
"io.github.Foldex.AdwSteamGtk"
"io.itch.itch"
"io.mrarm.mcpelauncher"
"net.retrodeck.retrodeck"
"org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08"
rec {
appId = "com.hypixel.HytaleLauncher";
sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv";
bundle = "${pkgs.fetchurl {
url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak";
inherit sha256;
}}";
}
];
};
}

11
aspects/gaming/hardware.nix Normal file
View file

@ -0,0 +1,11 @@
{ ... }:
{
flake.modules.nixos.gaming-hardware = { ... }: {
hardware = {
xpadneo.enable = true;
steam-hardware.enable = true; # Allow steam client to manage controllers
graphics.enable32Bit = true; # For OpenGL games
};
};
}

11
aspects/gaming/launchers.nix Normal file
View file

@ -0,0 +1,11 @@
{ ... }:
{
flake.modules.nixos.gaming-launchers = { pkgs, ... }: {
environment.systemPackages = with pkgs; [
clonehero
heroic
prismlauncher
];
};
}

8
aspects/gaming/mangohud.nix
View file

@ -2,17 +2,13 @@
{
flake.modules = {
nixos.mangohud =
{ pkgs, ... }:
{
nixos.gaming-mangohud = { pkgs, ... }: {
environment.systemPackages = with pkgs; [
mangohud
];
};
homeManager.mangohud =
{ config, ... }:
{
homeManager.gaming-mangohud = { config, ... }: {
programs.mangohud = {
enable = true;
enableSessionWide = true;

9
aspects/gaming/steam.nix
View file

@ -1,9 +1,7 @@
{ ... }:
{
flake.modules.nixos.steam =
{ pkgs, ... }:
{
flake.modules.nixos.gaming-steam = { pkgs, ... }: {
environment.systemPackages = with pkgs; [
steam-run
];
@ -15,10 +13,5 @@
};
gamemode.enable = true;
};
services.flatpak.packages = [
"com.steamgriddb.SGDBoop"
"io.github.Foldex.AdwSteamGtk"
];
};
}

82
aspects/hosts/_alexandria/kanidm.nix Normal file
View file

@ -0,0 +1,82 @@
{
config,
lib,
inputs,
pkgs,
...
}:
let
mkNginxVHosts = inputs.self.lib.mkNginxVHosts;
kanidmCertDir = "/var/lib/kanidm/certs";
in
{
services.kanidm = {
enableServer = true;
enableClient = true;
package = pkgs.kanidm;
serverSettings = {
domain = "auth.baduhai.dev";
origin = "https://auth.baduhai.dev";
bindaddress = "127.0.0.1:8443";
ldapbindaddress = "127.0.0.1:636";
trust_x_forward_for = true;
# Use self-signed certificates for internal TLS
tls_chain = "${kanidmCertDir}/cert.pem";
tls_key = "${kanidmCertDir}/key.pem";
};
clientSettings = {
uri = "https://auth.baduhai.dev";
};
};
services.nginx.virtualHosts = mkNginxVHosts {
domains."auth.baduhai.dev" = {
locations."/" = {
proxyPass = "https://127.0.0.1:8443";
extraConfig = ''
proxy_ssl_verify off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
'';
};
};
};
networking.firewall.allowedTCPPorts = [ 636 ];
# Generate self-signed certificates for kanidm's internal TLS
systemd.services.kanidm-generate-certs = {
description = "Generate self-signed TLS certificates for Kanidm";
wantedBy = [ "multi-user.target" ];
before = [ "kanidm.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
mkdir -p ${kanidmCertDir}
if [ ! -f ${kanidmCertDir}/key.pem ]; then
${pkgs.openssl}/bin/openssl req -x509 -newkey rsa:4096 \
-keyout ${kanidmCertDir}/key.pem \
-out ${kanidmCertDir}/cert.pem \
-days 3650 -nodes \
-subj "/CN=localhost" \
-addext "subjectAltName=DNS:localhost,IP:127.0.0.1"
chown -R kanidm:kanidm ${kanidmCertDir}
chmod 600 ${kanidmCertDir}/key.pem
chmod 644 ${kanidmCertDir}/cert.pem
fi
'';
};
# Ensure certificate generation runs before kanidm starts
systemd.services.kanidm = {
after = [ "kanidm-generate-certs.service" ];
wants = [ "kanidm-generate-certs.service" ];
};
}

7
aspects/hosts/_alexandria/nextcloud.nix
View file

@ -1,7 +1,8 @@
{
lib,
config,
inputs,
pkgs,
inputs,
...
}:
@ -82,12 +83,12 @@ in
age.secrets = {
"nextcloud-secrets.json" = {
file = "${inputs.self}/secrets/nextcloud-secrets.json.age";
file = ../../../secrets/nextcloud-secrets.json.age;
owner = "nextcloud";
group = "nextcloud";
};
nextcloud-adminpass = {
file = "${inputs.self}/secrets/nextcloud-adminpass.age";
file = ../../../secrets/nextcloud-adminpass.age;
owner = "nextcloud";
group = "nextcloud";
};

2
aspects/hosts/_alexandria/nginx.nix
View file

@ -51,7 +51,7 @@ in
];
age.secrets.cloudflare = {
file = "${inputs.self}/secrets/cloudflare.age";
file = ../../../secrets/cloudflare.age;
owner = "nginx";
group = "nginx";
};

3
aspects/hosts/_alexandria/unbound.nix
View file

@ -34,7 +34,8 @@ in
# LAN-only DNS records
local-zone = ''"baduhai.dev." transparent'';
local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') (lib.filter (e: e.lanIP != null) services);
local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'')
(lib.filter (e: e.lanIP != null) services);
};
forward-zone = [

7
aspects/hosts/_trantor/forgejo.nix
View file

@ -21,8 +21,6 @@ in
ROOT_URL = "https://git.baduhai.dev";
OFFLINE_MODE = true; # disable use of CDNs
SSH_DOMAIN = "git.baduhai.dev";
SSH_USER = "forgejo";
SSH_PORT = lib.head config.services.openssh.ports;
};
log.LEVEL = "Warn";
mailer.ENABLED = false;
@ -69,8 +67,5 @@ in
};
# Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories
systemd.services.forgejo.serviceConfig = {
PrivateMounts = lib.mkForce false;
ProtectSystem = lib.mkForce false;
};
systemd.services.forgejo.serviceConfig.PrivateMounts = lib.mkForce false;
}

8
aspects/hosts/_trantor/nginx.nix
View file

@ -8,8 +8,12 @@
let
services = inputs.self.services;
localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "trantor") services));
# Get all unique domains from shared services on trantor (host = "trantor")
localDomains = lib.unique (
map (s: s.domain) (lib.filter (s: s.host == "trantor") services)
);
# Generate ACME cert configs for all local domains
acmeCerts = lib.genAttrs localDomains (domain: {
group = "nginx";
});
@ -49,7 +53,7 @@ in
];
age.secrets.cloudflare = {
file = "${inputs.self}/secrets/cloudflare.age";
file = ../../../secrets/cloudflare.age;
owner = "nginx";
group = "nginx";
};

61
aspects/hosts/alexandria.nix
View file

@ -1,19 +1,50 @@
{ inputs, ... }:
let
mkHost = inputs.self.lib.mkHost;
in
{ inputs, self, ... }:
{
flake.nixosConfigurations.alexandria = mkHost {
hostname = "alexandria";
nixpkgs = inputs.nixpkgs-stable;
extraModules = with inputs.self.modules.nixos; [
# base aspects
server
# other aspects
fwupd
libvirtd
flake.nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
inputs.agenix.nixosModules.default
{ networking.hostName = "alexandria"; }
{
nixpkgs.overlays = [
inputs.agenix.overlays.default
inputs.self.overlays.default
];
}
# Common aspects (always included)
inputs.self.modules.nixos.common-boot
inputs.self.modules.nixos.common-console
inputs.self.modules.nixos.common-firewall
inputs.self.modules.nixos.common-locale
inputs.self.modules.nixos.common-nix
inputs.self.modules.nixos.common-openssh
inputs.self.modules.nixos.common-programs
inputs.self.modules.nixos.common-security
inputs.self.modules.nixos.common-services
inputs.self.modules.nixos.common-tailscale
# User aspects
inputs.self.modules.nixos.user
inputs.self.modules.nixos.root
# Server aspects
inputs.self.modules.nixos.server-boot
inputs.self.modules.nixos.server-nix
inputs.self.modules.nixos.server-tailscale
# Other aspects based on tags
inputs.self.modules.nixos.fwupd
# Host-specific files (from _alexandria/)
./_alexandria/hardware-configuration.nix
./_alexandria/jellyfin.nix
./_alexandria/kanidm.nix
./_alexandria/nextcloud.nix
./_alexandria/nginx.nix
./_alexandria/unbound.nix
./_alexandria/vaultwarden.nix
];
};
}

75
aspects/hosts/io.nix
View file

@ -1,24 +1,59 @@
{ inputs, ... }:
let
mkHost = inputs.self.lib.mkHost;
in
{ inputs, self, ... }:
{
flake.nixosConfigurations.io = mkHost {
hostname = "io";
ephemeralRootDev = "/dev/mapper/cryptroot";
extraModules = with inputs.self.modules.nixos; [
# base aspects
desktop
# other aspects
ai
bluetooth
dev
libvirtd
networkmanager
niri
podman
flake.nixosConfigurations.io = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
inputs.agenix.nixosModules.default
{ networking.hostName = "io"; }
{
nixpkgs.overlays = [
inputs.agenix.overlays.default
inputs.self.overlays.default
];
}
# Common aspects (always included)
inputs.self.modules.nixos.common-boot
inputs.self.modules.nixos.common-console
inputs.self.modules.nixos.common-firewall
inputs.self.modules.nixos.common-locale
inputs.self.modules.nixos.common-nix
inputs.self.modules.nixos.common-openssh
inputs.self.modules.nixos.common-programs
inputs.self.modules.nixos.common-security
inputs.self.modules.nixos.common-services
inputs.self.modules.nixos.common-tailscale
# User aspects
inputs.self.modules.nixos.user
inputs.self.modules.nixos.root
# Desktop aspects
inputs.self.modules.nixos.desktop-boot
inputs.self.modules.nixos.desktop-desktop
inputs.self.modules.nixos.desktop-nix
inputs.self.modules.nixos.desktop-services
# Other aspects based on tags
inputs.self.modules.nixos.ai
inputs.self.modules.nixos.bluetooth
inputs.self.modules.nixos.dev
inputs.self.modules.nixos.libvirtd
inputs.self.modules.nixos.networkmanager
inputs.self.modules.nixos.podman
# Factory-generated ephemeral module
(inputs.self.factory.ephemeral {
rootDevice = "/dev/mapper/cryptroot";
})
# Host-specific files (from _io/)
./_io/hardware-configuration.nix
./_io/disko.nix
./_io/boot.nix
./_io/programs.nix
./_io/services.nix
];
};
}

80
aspects/hosts/rotterdam.nix
View file

@ -1,26 +1,64 @@
{ inputs, ... }:
let
mkHost = inputs.self.lib.mkHost;
in
{
flake.nixosConfigurations.rotterdam = mkHost {
hostname = "rotterdam";
ephemeralRootDev = "/dev/mapper/cryptroot";
extraModules = with inputs.self.modules.nixos; [
# base aspects
desktop
gaming
# other aspects
ai
bluetooth
dev
fwupd
libvirtd
networkmanager
niri
podman
flake.nixosConfigurations.rotterdam = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
inputs.agenix.nixosModules.default
{ networking.hostName = "rotterdam"; }
{
nixpkgs.overlays = [
inputs.agenix.overlays.default
inputs.self.overlays.default
];
}
# Common aspects (always included)
inputs.self.modules.nixos.common-boot
inputs.self.modules.nixos.common-console
inputs.self.modules.nixos.common-firewall
inputs.self.modules.nixos.common-locale
inputs.self.modules.nixos.common-nix
inputs.self.modules.nixos.common-openssh
inputs.self.modules.nixos.common-programs
inputs.self.modules.nixos.common-security
inputs.self.modules.nixos.common-services
inputs.self.modules.nixos.common-tailscale
# User aspects
inputs.self.modules.nixos.user
inputs.self.modules.nixos.root
# Desktop aspects
inputs.self.modules.nixos.desktop-boot
inputs.self.modules.nixos.desktop-desktop
inputs.self.modules.nixos.desktop-nix
inputs.self.modules.nixos.desktop-services
# Other aspects based on tags
inputs.self.modules.nixos.ai
inputs.self.modules.nixos.bluetooth
inputs.self.modules.nixos.dev
inputs.self.modules.nixos.fwupd
inputs.self.modules.nixos.gaming-steam
inputs.self.modules.nixos.gaming-hardware
inputs.self.modules.nixos.gaming-flatpak
inputs.self.modules.nixos.gaming-launchers
inputs.self.modules.nixos.libvirtd
inputs.self.modules.nixos.networkmanager
inputs.self.modules.nixos.podman
# Factory-generated ephemeral module
(inputs.self.factory.ephemeral {
rootDevice = "/dev/mapper/cryptroot";
})
# Host-specific files (from _rotterdam/)
./_rotterdam/hardware-configuration.nix
./_rotterdam/boot.nix
./_rotterdam/hardware.nix
./_rotterdam/programs.nix
./_rotterdam/services.nix
];
};
}

62
aspects/hosts/trantor.nix
View file

@ -1,18 +1,54 @@
{ inputs, ... }:
let
mkHost = inputs.self.lib.mkHost;
in
{ inputs, self, ... }:
{
flake.nixosConfigurations.trantor = mkHost {
hostname = "trantor";
flake.nixosConfigurations.trantor = inputs.nixpkgs-stable.lib.nixosSystem {
system = "aarch64-linux";
nixpkgs = inputs.nixpkgs-stable;
ephemeralRootDev = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2";
extraModules = with inputs.self.modules.nixos; [
# base aspects
server
specialArgs = { inherit inputs; };
modules = [
inputs.agenix.nixosModules.default
{ networking.hostName = "trantor"; }
{
nixpkgs.overlays = [
inputs.agenix.overlays.default
inputs.self.overlays.default
];
}
# Common aspects (always included)
inputs.self.modules.nixos.common-boot
inputs.self.modules.nixos.common-console
inputs.self.modules.nixos.common-firewall
inputs.self.modules.nixos.common-locale
inputs.self.modules.nixos.common-nix
inputs.self.modules.nixos.common-openssh
inputs.self.modules.nixos.common-programs
inputs.self.modules.nixos.common-security
inputs.self.modules.nixos.common-services
inputs.self.modules.nixos.common-tailscale
# User aspects
inputs.self.modules.nixos.user
inputs.self.modules.nixos.root
# Server aspects
inputs.self.modules.nixos.server-boot
inputs.self.modules.nixos.server-nix
inputs.self.modules.nixos.server-tailscale
# Factory-generated ephemeral module
(inputs.self.factory.ephemeral {
rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2";
})
# Host-specific files (from _trantor/)
./_trantor/hardware-configuration.nix
./_trantor/disko.nix
./_trantor/boot.nix
./_trantor/fail2ban.nix
./_trantor/forgejo.nix
./_trantor/networking.nix
./_trantor/nginx.nix
./_trantor/openssh.nix
./_trantor/unbound.nix
];
};
}

11
aspects/libvirtd.nix
View file

@ -1,13 +1,6 @@
{ ... }:
{
flake.modules.nixos.libvirtd =
{
config,
lib,
pkgs,
...
}:
{
flake.modules.nixos.libvirtd = { config, lib, pkgs, ... }: {
virtualisation = {
libvirtd.enable = true;
spiceUSBRedirection.enable = true;
@ -15,8 +8,6 @@
programs.virt-manager.enable = true;
environment.systemPackages = with pkgs; [ lima ];
networking.firewall.trustedInterfaces = [ "virbr0" ];
users.users.user.extraGroups = [

22
aspects/lxc.nix
View file

@ -1,22 +0,0 @@
{ ... }:
{
flake.modules.nixos.lxc =
{
config,
lib,
pkgs,
...
}:
{
virtualisation = {
lxc = {
enable = true;
unprivilegedContainers = true;
};
incus.enable = true;
};
users.users.user.extraGroups = [ "incus-admin" ];
};
}

9
aspects/networkmanager.nix
View file

@ -1,13 +1,6 @@
{ ... }:
{
flake.modules.nixos.networkmanager =
{
config,
lib,
pkgs,
...
}:
{
flake.modules.nixos.networkmanager = { config, lib, pkgs, ... }: {
networking.networkmanager = {
enable = true;
wifi.backend = "iwd";

2
aspects/desktop/graphics.nix → aspects/programs/graphics.nix
View file

@ -1,7 +1,7 @@
{ ... }:
{
flake.modules.nixos.graphics =
flake.modules.nixos.programs-graphics =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [

4
aspects/desktop/media.nix → aspects/programs/media.nix
View file

@ -2,7 +2,7 @@
{
flake.modules = {
nixos.media =
nixos.programs-media =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
@ -13,7 +13,7 @@
];
};
homeManager.media =
homeManager.programs-media =
{ pkgs, ... }:
{
programs.obs-studio = {

3
aspects/desktop/office.nix → aspects/programs/office.nix
View file

@ -1,7 +1,7 @@
{ ... }:
{
flake.modules.nixos.office =
flake.modules.nixos.programs-office =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
@ -10,7 +10,6 @@
aspellDicts.en
aspellDicts.en-computers
aspellDicts.pt_BR
glow
papers
presenterm
rnote

62
aspects/programs/utilities.nix Normal file
View file

@ -0,0 +1,62 @@
{ ... }:
{
flake.modules = {
nixos.programs-utilities =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
ghostty
gnome-disk-utility
mission-center
nautilus
p7zip
rclone
unrar
# Desktop Integration
adwaita-icon-theme
junction
libfido2
toggleaudiosink
# Xwayland Support
xwayland-satellite
];
services.flatpak.packages = [
"com.github.tchx84.Flatseal"
"com.rustdesk.RustDesk"
];
};
homeManager.programs-utilities =
{ pkgs, ... }:
{
programs = {
ghostty = {
enable = true;
settings = {
cursor-style = "block";
shell-integration-features = "no-cursor";
cursor-style-blink = false;
custom-shader = "${builtins.fetchurl {
url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl";
sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41";
}}";
bell-features = "";
gtk-titlebar-style = "tabs";
keybind = [ "shift+enter=text:\\x1b\\r" ];
};
};
password-store = {
enable = true;
package = pkgs.pass-wayland;
};
};
home.sessionVariables = {
TERMINAL = "ghostty";
};
};
};
}

7
aspects/desktop/web.nix → aspects/programs/web.nix
View file

@ -1,21 +1,20 @@
{ ... }:
{
flake.modules.nixos.web =
flake.modules.nixos.programs-web =
{
inputs,
pkgs,
system,
...
}:
{
environment.systemPackages = with pkgs; [
inputs.zen-browser.packages."${pkgs.stdenv.hostPlatform.system}".default
beeper
inputs.zen-browser.packages."${system}".default
bitwarden-desktop
fragments
nextcloud-client
tor-browser
ungoogled-chromium
vesktop
];
};

7
aspects/server/boot.nix Normal file
View file

@ -0,0 +1,7 @@
# aspects/server/boot.nix
{ ... }:
{
flake.modules.nixos.server-boot = { config, lib, pkgs, ... }: {
boot.kernelPackages = pkgs.linuxPackages_hardened;
};
}

15
aspects/server/nix.nix Normal file
View file

@ -0,0 +1,15 @@
# aspects/server/nix.nix
{ inputs, ... }:
{
flake.modules.nixos.server-nix = { config, lib, pkgs, ... }: {
environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath;
nix = {
registry.nixpkgs.flake = inputs.nixpkgs-stable;
nixPath = [
"nixpkgs=/etc/channels/nixpkgs"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
};
}

15
aspects/server/tailscale.nix Normal file
View file

@ -0,0 +1,15 @@
# aspects/server/tailscale.nix
{ ... }:
{
flake.modules.nixos.server-tailscale = { config, lib, pkgs, ... }: {
services.tailscale = {
extraSetFlags = [ "--advertise-exit-node" ];
useRoutingFeatures = "server";
};
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
};
}

9
aspects/shell/bash.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
flake.modules.homeManager.shell-bash = { config, lib, pkgs, ... }: {
programs.bash = {
enable = true;
historyFile = "~/.cache/bash_history";
};
};
}

33
aspects/shell/fish.nix Normal file
View file

@ -0,0 +1,33 @@
{ ... }:
{
flake.modules.homeManager.shell-fish = { config, lib, pkgs, ... }: {
programs.fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting
${lib.getExe pkgs.nix-your-shell} fish | source
'';
loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source";
plugins = [
{
name = "bang-bang";
src = pkgs.fetchFromGitHub {
owner = "oh-my-fish";
repo = "plugin-bang-bang";
rev = "f969c618301163273d0a03d002614d9a81952c1e";
sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ=";
};
}
{
name = "z";
src = pkgs.fetchFromGitHub {
owner = "jethrokuan";
repo = "z";
rev = "067e867debee59aee231e789fc4631f80fa5788e";
sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU=";
};
}
];
};
};
}

15
aspects/stylix.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
flake.modules = {
nixos.stylix =
@ -16,7 +15,10 @@
...
}:
{
imports = [ inputs.stylix.homeModules.stylix ];
imports = [
inputs.stylix.homeModules.stylix
inputs.zen-browser.homeModules.beta
];
stylix = {
enable = true;
@ -63,6 +65,15 @@
terminal = 12;
};
};
targets.zen-browser = {
enable = true;
profileNames = [ "william" ];
};
};
programs.zen-browser = {
enable = true;
profiles.william = { };
};
};
};

55
aspects/systems/base.nix
View file

@ -1,55 +0,0 @@
{ inputs, ... }:
{
flake.modules = {
nixos.base =
{ lib, pkgs, ... }:
{
imports = with inputs.self.modules.nixos; [
boot
console
firewall
fish
locale
nix
security
ssh
];
environment = {
systemPackages = with pkgs; [
git
fastfetch
nixos-firewall-tool
sysz
wget
yazi
];
shellAliases = {
cat = "${lib.getExe pkgs.bat} --paging=never --style=plain";
ls = "${lib.getExe pkgs.eza} --git --icons --group-directories-first";
tree = "ls --tree";
};
};
programs.command-not-found.enable = false;
services = {
dbus.implementation = "broker";
irqbalance.enable = true;
fstrim.enable = true;
tailscale = {
enable = true;
extraUpFlags = [ "--operator=user" ];
};
};
};
homeManager.base =
{ ... }:
{
imports = with inputs.self.modules.homeManager; [
bash
fish
];
};
};
}

33
aspects/systems/cli.nix
View file

@ -1,33 +0,0 @@
{ inputs, ... }:
{
flake.modules = {
nixos.cli =
{ pkgs, ... }:
{
imports = with inputs.self.modules.nixos; [
btop
helix
tmux
];
environment.systemPackages = with pkgs; [
p7zip
rclone
];
};
homeManager.cli =
{ ... }:
{
imports = with inputs.self.modules.homeManager; [
btop
comma
direnv
helix
hm-cli
starship
tmux
];
};
};
}

210
aspects/systems/desktop.nix
View file

@ -1,210 +0,0 @@
{
inputs,
...
}:
{
flake.modules = {
nixos.desktop =
{
config,
lib,
pkgs,
...
}:
{
imports = [
inputs.nix-flatpak.nixosModules.nix-flatpak
]
++ (with inputs.self.modules.nixos; [
graphics
media
office
web
]);
boot = {
plymouth.enable = true;
initrd.systemd.enable = true;
loader.efi.efiSysMountPoint = "/boot/efi";
kernelPackages = pkgs.linuxPackages_xanmod_latest;
extraModprobeConfig = ''
options bluetooth disable_ertm=1
'';
kernel.sysctl = {
"net.ipv4.tcp_mtu_probing" = 1;
};
kernelParams = [
"quiet"
"splash"
"i2c-dev"
"i2c-piix4"
"loglevel=3"
"udev.log_priority=3"
"rd.udev.log_level=3"
"rd.systemd.show_status=false"
];
};
nix = {
registry.nixpkgs.flake = inputs.nixpkgs;
nixPath = [
"nixpkgs=${inputs.nixpkgs}"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
environment = {
etc."channels/nixpkgs".source = inputs.nixpkgs.outPath;
sessionVariables = {
KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir
NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland
};
systemPackages = with pkgs; [
adwaita-icon-theme
ghostty
gnome-disk-utility
junction
libfido2
mission-center
nautilus
toggleaudiosink
unrar
];
};
services = {
printing.enable = true;
udev.packages = with pkgs; [ yubikey-personalization ];
keyd = {
enable = true;
keyboards.all = {
ids = [ "*" ];
settings.main.capslock = "overload(meta, esc)";
};
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
wireplumber.enable = true;
};
greetd = {
enable = true;
settings.default_session.user = "greeter";
};
flatpak = {
enable = true;
packages = [
"com.github.tchx84.Flatseal"
"com.rustdesk.RustDesk"
];
uninstallUnmanaged = true;
update.auto.enable = true;
};
gvfs.enable = true;
};
security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority
users = {
users.greeter = {
isSystemUser = true;
group = "greeter";
};
groups.greeter = { };
};
programs = {
kdeconnect = {
enable = true;
package = pkgs.valent;
};
dconf.enable = true;
appimage = {
enable = true;
binfmt = true;
};
};
fonts = {
fontDir.enable = true;
packages = with pkgs; [
corefonts
inter
nerd-fonts.fira-code
noto-fonts-cjk-sans
noto-fonts-color-emoji
roboto
];
};
xdg.portal = {
extraPortals = with pkgs; [
xdg-desktop-portal-gnome
xdg-desktop-portal-gtk
];
config.common.default = "*";
};
};
homeManager.desktop =
{
config,
lib,
pkgs,
inputs,
...
}:
{
imports = [
inputs.vicinae.homeManagerModules.default
]
++ (with inputs.self.modules.homeManager; [ media ]);
fonts.fontconfig.enable = true;
home = {
packages = with pkgs; [ xwayland-satellite ];
sessionVariables.TERMINAL = "ghostty";
};
services.vicinae = {
enable = true;
systemd = {
enable = true;
autoStart = true;
};
};
programs = {
ghostty = {
enable = true;
settings = {
cursor-style = "block";
shell-integration-features = "no-cursor";
cursor-style-blink = false;
custom-shader = "${builtins.fetchurl {
url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl";
sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41";
}}";
bell-features = "";
gtk-titlebar-style = "tabs";
keybind = [ "shift+enter=text:\\x1b\\r" ];
};
};
password-store = {
enable = true;
package = pkgs.pass-wayland;
};
};
xdg = {
enable = true;
userDirs.enable = true;
};
};
};
}

48
aspects/systems/gaming.nix
View file

@ -1,48 +0,0 @@
{ inputs, ... }:
{
flake.modules = {
nixos.gaming =
{ pkgs, ... }:
{
imports = with inputs.self.modules.nixos; [
mangohud
steam
];
hardware = {
xpadneo.enable = true;
steam-hardware.enable = true; # Allow steam client to manage controllers
graphics.enable32Bit = true; # For OpenGL games
};
services.flatpak.packages = [
"com.github.k4zmu2a.spacecadetpinball"
"io.itch.itch"
"io.mrarm.mcpelauncher"
"net.retrodeck.retrodeck"
"org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08"
rec {
appId = "com.hypixel.HytaleLauncher";
sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv";
bundle = "${pkgs.fetchurl {
url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak";
inherit sha256;
}}";
}
];
environment.systemPackages = with pkgs; [
clonehero
heroic
prismlauncher
];
};
homeManager.gaming =
{ ... }:
{
imports = with inputs.self.modules.homeManager; [
mangohud
];
};
};
}

36
aspects/systems/server.nix
View file

@ -1,36 +0,0 @@
{ inputs, ... }:
{
flake.modules.nixos.server =
{
config,
lib,
pkgs,
...
}:
{
boot = {
kernelPackages = pkgs.linuxPackages_hardened;
kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
};
environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath;
nix = {
registry.nixpkgs.flake = inputs.nixpkgs-stable;
nixPath = [
"nixpkgs=/etc/channels/nixpkgs"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
services.tailscale = {
extraSetFlags = [ "--advertise-exit-node" ];
useRoutingFeatures = "server";
};
};
}

2
aspects/users/_user/git.nix
View file

@ -1,4 +1,4 @@
{ ... }:
{ pkgs, ... }:
{
programs = {

113
aspects/users/user.nix
View file

@ -1,8 +1,4 @@
{ inputs, ... }:
let
mkHomeConfiguration = inputs.self.lib.mkHomeConfiguration;
in
{ inputs, self, ... }:
{
flake = {
@ -24,30 +20,97 @@ in
hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0";
};
};
homeConfigurations = {
"user@rotterdam" = mkHomeConfiguration {
user = "user";
hostname = "rotterdam";
userModules = with inputs.self.modules.homeManager; [
# system aspects
desktop
gaming
# other aspects
stylix
niri
homeConfigurations = {
"user@rotterdam" = inputs.home-manager.lib.homeManagerConfiguration {
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = {
inherit inputs;
hostname = "rotterdam";
};
modules = [
{ nixpkgs.overlays = [ inputs.self.overlays.default ]; }
# CLI aspects (common module included)
inputs.self.modules.homeManager.cli-base
inputs.self.modules.homeManager.cli-btop
inputs.self.modules.homeManager.cli-comma
inputs.self.modules.homeManager.cli-direnv
inputs.self.modules.homeManager.cli-helix
inputs.self.modules.homeManager.cli-starship
inputs.self.modules.homeManager.cli-tmux
# Shell
inputs.self.modules.homeManager.shell-fish
inputs.self.modules.homeManager.shell-bash
# Desktop
inputs.self.modules.homeManager.desktop-desktop
inputs.self.modules.homeManager.desktop-niri
# Gaming
inputs.self.modules.homeManager.gaming-mangohud
# Programs
inputs.self.modules.homeManager.programs-media # for obs-studio
# Stylix
inputs.self.modules.homeManager.stylix
# User-specific (from _user/)
./_user/git.nix
# Home configuration
{
home = {
username = "user";
homeDirectory = "/home/user";
stateVersion = "22.05";
};
}
];
};
"user@io" = mkHomeConfiguration {
user = "user";
hostname = "io";
userModules = with inputs.self.modules.homeManager; [
# system aspects
desktop
# other aspects
stylix
niri
"user@io" = inputs.home-manager.lib.homeManagerConfiguration {
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = {
inherit inputs;
hostname = "io";
};
modules = [
{ nixpkgs.overlays = [ inputs.self.overlays.default ]; }
# CLI aspects (common module included)
inputs.self.modules.homeManager.cli-base
inputs.self.modules.homeManager.cli-btop
inputs.self.modules.homeManager.cli-comma
inputs.self.modules.homeManager.cli-direnv
inputs.self.modules.homeManager.cli-helix
inputs.self.modules.homeManager.cli-starship
inputs.self.modules.homeManager.cli-tmux
# Shell
inputs.self.modules.homeManager.shell-fish
inputs.self.modules.homeManager.shell-bash
# Desktop
inputs.self.modules.homeManager.desktop-desktop
inputs.self.modules.homeManager.desktop-niri
# Stylix
inputs.self.modules.homeManager.stylix
# User-specific (from _user/)
./_user/git.nix
# Home configuration
{
home = {
username = "user";
homeDirectory = "/home/user";
stateVersion = "22.05";
};
}
];
};
};

386
flake.lock generated
View file

@ -10,11 +10,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1770165109,
"narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=",
"lastModified": 1762618334,
"narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
"owner": "ryantm",
"repo": "agenix",
"rev": "b027ee29d959fda4b60b57566d64c98a202e0feb",
"rev": "fcdea223397448d35d9b31f798479227e80183f6",
"type": "github"
},
"original": {
@ -100,11 +100,11 @@
"systems": "systems_2"
},
"locked": {
"lastModified": 1771437256,
"narHash": "sha256-bLqwib+rtyBRRVBWhMuBXPCL/OThfokA+j6+uH7jDGU=",
"lastModified": 1767386128,
"narHash": "sha256-BJDu7dIMauO2nYRSL4aI8wDNtEm2KOb7lDKP3hxdrpo=",
"owner": "numtide",
"repo": "blueprint",
"rev": "06ee7190dc2620ea98af9eb225aa9627b68b0e33",
"rev": "0ed984d51a3031065925ab08812a5434f40b93d4",
"type": "github"
},
"original": {
@ -140,11 +140,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1769524058,
"narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
"lastModified": 1768923567,
"narHash": "sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q=",
"owner": "nix-community",
"repo": "disko",
"rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
"rev": "00395d188e3594a1507f214a2f15d4ce5c07cb28",
"type": "github"
},
"original": {
@ -206,11 +206,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1769996383,
"narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
"lastModified": 1768135262,
"narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
"rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac",
"type": "github"
},
"original": {
@ -342,11 +342,11 @@
]
},
"locked": {
"lastModified": 1770915843,
"narHash": "sha256-ZwU5wXKNqpOQvjNz6aBp1j5peiBZow1++6pLnk5VAhs=",
"lastModified": 1768927746,
"narHash": "sha256-zyMpWHqcpKVmRc1W2NEK7DAuyVJZV62Jdjqudg70b1k=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "6a1f7101d2c3ee87d485a87880d73b4665c6a4bd",
"rev": "63a87808f5f9b6e4195a1d33f6ea25d23f4aa0df",
"type": "github"
},
"original": {
@ -385,11 +385,11 @@
]
},
"locked": {
"lastModified": 1769872935,
"narHash": "sha256-07HMIGQ/WJeAQJooA7Kkg1SDKxhAiV6eodvOwTX6WKI=",
"lastModified": 1768434960,
"narHash": "sha256-cJbFn17oyg6qAraLr+NVeNJrXsrzJdrudkzI4H2iTcg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "f4ad5068ee8e89e4a7c2e963e10dd35cd77b37b7",
"rev": "b4d88c9ac42ae1a745283f6547701da43b6e9f9b",
"type": "github"
},
"original": {
@ -404,11 +404,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1769548169,
"narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=",
"lastModified": 1768835187,
"narHash": "sha256-6nY0ixjGjPQCL+/sUC1B1MRiO1LOI3AkRSIywm3i3bE=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "7b1d382faf603b6d264f58627330f9faa5cba149",
"rev": "0d633a69480bb3a3e2f18c080d34a8fa81da6395",
"type": "github"
},
"original": {
@ -432,18 +432,94 @@
"type": "github"
}
},
"niri": {
"inputs": {
"nixpkgs": "nixpkgs_3",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1760963745,
"narHash": "sha256-FVf9YFw2wQnMAxvMxEk+vFakXhPQUSapDpGmlLzAxjg=",
"owner": "baduhai",
"repo": "niri",
"rev": "dd3e3d1009991ecd87ab7253c9e7696acf2bc943",
"type": "github"
},
"original": {
"owner": "baduhai",
"ref": "auto-center-when-space-available",
"repo": "niri",
"type": "github"
}
},
"niri-flake": {
"inputs": {
"niri-stable": "niri-stable",
"niri-unstable": "niri-unstable",
"nixpkgs": "nixpkgs_4",
"nixpkgs-stable": "nixpkgs-stable",
"xwayland-satellite-stable": "xwayland-satellite-stable",
"xwayland-satellite-unstable": "xwayland-satellite-unstable"
},
"locked": {
"lastModified": 1768877436,
"narHash": "sha256-ct4qxmFJeJbaJKiOnXOZmRmVmk7TpT+lohuTgTr+kYQ=",
"owner": "sodiboo",
"repo": "niri-flake",
"rev": "6581f5458309233622c1b73c8902dcaea7be16eb",
"type": "github"
},
"original": {
"owner": "sodiboo",
"repo": "niri-flake",
"type": "github"
}
},
"niri-stable": {
"flake": false,
"locked": {
"lastModified": 1756556321,
"narHash": "sha256-RLD89dfjN0RVO86C/Mot0T7aduCygPGaYbog566F0Qo=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "01be0e65f4eb91a9cd624ac0b76aaeab765c7294",
"type": "github"
},
"original": {
"owner": "YaLTeR",
"ref": "v25.08",
"repo": "niri",
"type": "github"
}
},
"niri-unstable": {
"flake": false,
"locked": {
"lastModified": 1768678265,
"narHash": "sha256-Ub8eed4DsfIDWyg30xEe+8bSxL/z5Af/gCjmvJ0V/Hs=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "d7184a04b904e07113f4623610775ae78d32394c",
"type": "github"
},
"original": {
"owner": "YaLTeR",
"repo": "niri",
"type": "github"
}
},
"nix-ai-tools": {
"inputs": {
"blueprint": "blueprint",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_5",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1771816560,
"narHash": "sha256-q5Wsb1573qDfIPJctG9CBZP0NMniejoB7SmBLZIVAHg=",
"lastModified": 1768922080,
"narHash": "sha256-gFoGvnW2YDWsxKD56kdiXbhh9vBPAU3yusssbXF0UMo=",
"owner": "numtide",
"repo": "llm-agents.nix",
"rev": "db94a329058a1a37b49d3209af85708b3338559a",
"rev": "78f3fdc13ef903475aa5bfc0f85eeefaa36af837",
"type": "github"
},
"original": {
@ -475,11 +551,11 @@
]
},
"locked": {
"lastModified": 1770315571,
"narHash": "sha256-hy0gcAgAcxrnSWKGuNO+Ob0x6jQ2xkR6hoaR0qJBHYs=",
"lastModified": 1765267181,
"narHash": "sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "2684bb8080a6f2ca5f9d494de5ef875bc1c4ecdb",
"rev": "82befcf7dc77c909b0f2a09f5da910ec95c5b78f",
"type": "github"
},
"original": {
@ -492,15 +568,15 @@
"inputs": {
"flake-compat": "flake-compat",
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_6",
"optnix": "optnix"
},
"locked": {
"lastModified": 1770862985,
"narHash": "sha256-TFRhwVzPg3ly388J3CYYvjrma/dWjsBVpNE437bWeHk=",
"lastModified": 1768778579,
"narHash": "sha256-6w1Mhg6+46LlaheCa1O/jIk02ukerZ7DdUf9GlQVGxc=",
"owner": "nix-community",
"repo": "nixos-cli",
"rev": "9a2e97e8832b211df22c5cb21a55ebf1c3eb2be1",
"rev": "5e79001c7a8b556c3c61d4ef38f0f0fa1187ee90",
"type": "github"
},
"original": {
@ -511,11 +587,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1769330179,
"narHash": "sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv+6jcvA212M=",
"lastModified": 1768661221,
"narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "48698d12cc10555a4f3e3222d9c669b884a49dfe",
"rev": "3327b113f2ef698d380df83fbccefad7e83d7769",
"type": "github"
},
"original": {
@ -527,11 +603,11 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1769909678,
"narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=",
"lastModified": 1765674936,
"narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "72716169fe93074c333e8d0173151350670b824c",
"rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
"type": "github"
},
"original": {
@ -557,11 +633,27 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1770770419,
"narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=",
"lastModified": 1768773494,
"narHash": "sha256-XsM7GP3jHlephymxhDE+/TKKO1Q16phz/vQiLBGhpF4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "77ef7a29d276c6d8303aece3444d61118ef71ac2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1768773494,
"narHash": "sha256-XsM7GP3jHlephymxhDE+/TKKO1Q16phz/vQiLBGhpF4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a",
"rev": "77ef7a29d276c6d8303aece3444d61118ef71ac2",
"type": "github"
},
"original": {
@ -571,6 +663,38 @@
"type": "github"
}
},
"nixpkgs_10": {
"locked": {
"lastModified": 1762111121,
"narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_11": {
"locked": {
"lastModified": 1768127708,
"narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1768564909,
@ -589,11 +713,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1771207753,
"narHash": "sha256-b9uG8yN50DRQ6A7JdZBfzq718ryYrlmGgqkRm9OOwCE=",
"lastModified": 1757967192,
"narHash": "sha256-/aA9A/OBmnuOMgwfzdsXRusqzUpd8rQnQY8jtrHK+To=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d1c15b7d5806069da59e819999d70e1cec0760bf",
"rev": "0d7c15863b251a7a50265e57c1dca1a7add2e291",
"type": "github"
},
"original": {
@ -604,6 +728,38 @@
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1768564909,
"narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1768783163,
"narHash": "sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo+w8KsY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bde09022887110deb780067364a0818e89258968",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1767151656,
"narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=",
@ -619,7 +775,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_7": {
"locked": {
"lastModified": 1759070547,
"narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=",
@ -635,13 +791,13 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_8": {
"locked": {
"lastModified": 1770562336,
"narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=",
"lastModified": 1768564909,
"narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d6c71932130818840fc8fe9509cf50be8c64634f",
"rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
"type": "github"
},
"original": {
@ -651,7 +807,7 @@
"type": "github"
}
},
"nixpkgs_7": {
"nixpkgs_9": {
"locked": {
"lastModified": 1767767207,
"narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=",
@ -667,38 +823,6 @@
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1762111121,
"narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1769461804,
"narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"noctalia": {
"inputs": {
"nixpkgs": [
@ -706,11 +830,11 @@
]
},
"locked": {
"lastModified": 1770922006,
"narHash": "sha256-xg40mnp5KKBepACmvlPzmn5iPyUBxktfv50saSVUn0M=",
"lastModified": 1768924718,
"narHash": "sha256-T4H/VMjGwBuHEIrPYWfXQ73XV0foCuFGgH7k3SNSJDo=",
"owner": "noctalia-dev",
"repo": "noctalia-shell",
"rev": "d87364964948b9d691f8363f85a5e23bee154df9",
"rev": "1ef5c0eb307e8a4f30dfa6bcc75cf90ae8c6af46",
"type": "github"
},
"original": {
@ -747,7 +871,7 @@
"optnix": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": "nixpkgs_5"
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1765418479,
@ -771,12 +895,14 @@
"home-manager": "home-manager_2",
"impermanence": "impermanence",
"import-tree": "import-tree",
"niri": "niri",
"niri-flake": "niri-flake",
"nix-ai-tools": "nix-ai-tools",
"nix-flatpak": "nix-flatpak",
"nix-index-database": "nix-index-database",
"nixos-cli": "nixos-cli",
"nixpkgs": "nixpkgs_6",
"nixpkgs-stable": "nixpkgs-stable",
"nixpkgs": "nixpkgs_8",
"nixpkgs-stable": "nixpkgs-stable_2",
"noctalia": "noctalia",
"stylix": "stylix",
"terranix": "terranix",
@ -784,6 +910,27 @@
"zen-browser": "zen-browser"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"niri",
"nixpkgs"
]
},
"locked": {
"lastModified": 1757989933,
"narHash": "sha256-9cpKYWWPCFhgwQTww8S94rTXgg8Q8ydFv9fXM6I8xQM=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "8249aa3442fb9b45e615a35f39eca2fe5510d7c3",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"stylix": {
"inputs": {
"base16": "base16",
@ -793,7 +940,7 @@
"firefox-gnome-theme": "firefox-gnome-theme",
"flake-parts": "flake-parts_3",
"gnome-shell": "gnome-shell",
"nixpkgs": "nixpkgs_7",
"nixpkgs": "nixpkgs_9",
"nur": "nur",
"systems": "systems_3",
"tinted-foot": "tinted-foot",
@ -803,11 +950,11 @@
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1770914701,
"narHash": "sha256-QHFYyngohNhih4w+3IqQty5DV+p1txsx1kkk6XJWar8=",
"lastModified": 1768744881,
"narHash": "sha256-3+h7OxqfrPIB/tRsiZXWE9sCbTm7NQN5Ie428p+S6BA=",
"owner": "danth",
"repo": "stylix",
"rev": "db03fed72e5ca02be34e1d24789345a943329738",
"rev": "06684f00cfbee14da96fd4307b966884de272d3a",
"type": "github"
},
"original": {
@ -1002,11 +1149,11 @@
]
},
"locked": {
"lastModified": 1770228511,
"narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=",
"lastModified": 1768158989,
"narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "337a4fe074be1042a35086f15481d763b8ddc0e7",
"rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca",
"type": "github"
},
"original": {
@ -1017,15 +1164,15 @@
},
"vicinae": {
"inputs": {
"nixpkgs": "nixpkgs_8",
"nixpkgs": "nixpkgs_10",
"systems": "systems_5"
},
"locked": {
"lastModified": 1770912475,
"narHash": "sha256-21lurBRyHgJbVD3E0/i7Fhxi4rBUxyznGfKpdGVtEdc=",
"lastModified": 1768856963,
"narHash": "sha256-u5bWDuwk6oieTnvm1YjNotcYK8iJSddH5+S68+X4TSc=",
"owner": "vicinaehq",
"repo": "vicinae",
"rev": "0c70267ab7e07d7972012fcf8ae58808a32a2e86",
"rev": "934bc0ad47be6dbd6498a0dac655c4613fd0ab27",
"type": "github"
},
"original": {
@ -1034,17 +1181,50 @@
"type": "github"
}
},
"xwayland-satellite-stable": {
"flake": false,
"locked": {
"lastModified": 1755491097,
"narHash": "sha256-m+9tUfsmBeF2Gn4HWa6vSITZ4Gz1eA1F5Kh62B0N4oE=",
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"rev": "388d291e82ffbc73be18169d39470f340707edaa",
"type": "github"
},
"original": {
"owner": "Supreeeme",
"ref": "v0.7",
"repo": "xwayland-satellite",
"type": "github"
}
},
"xwayland-satellite-unstable": {
"flake": false,
"locked": {
"lastModified": 1768765571,
"narHash": "sha256-C1JbyJ3ftogmN3vmLNfyPtnJw2wY64TiUTIhFtk1Leg=",
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"rev": "ed1cef792b4def3321ff9ab5479df09609f17a69",
"type": "github"
},
"original": {
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"type": "github"
}
},
"zen-browser": {
"inputs": {
"home-manager": "home-manager_4",
"nixpkgs": "nixpkgs_9"
"nixpkgs": "nixpkgs_11"
},
"locked": {
"lastModified": 1771000521,
"narHash": "sha256-5UDaXr770MaDac9HcFvGlUjsqyOoNbFdHArmjmtHcVk=",
"lastModified": 1768919538,
"narHash": "sha256-w10iy/aqd5LtD78NDWWG+eKGzkb+cGhAAo7PVciLbWE=",
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"rev": "80ce62fd26af1934454f405bcb2510ceeea8d3a2",
"rev": "37149a5b77e8fd2b5332e8cec9edf39ca5b8e8bc",
"type": "github"
},
"original": {

4
flake.nix
View file

@ -26,6 +26,7 @@
stylix.url = "github:danth/stylix";
# nixos/hm program modules
niri-flake.url = "github:sodiboo/niri-flake";
nix-ai-tools.url = "github:numtide/llm-agents.nix";
nix-index-database = {
url = "github:nix-community/nix-index-database";
@ -43,6 +44,9 @@
url = "github:terranix/terranix";
inputs.nixpkgs.follows = "nixpkgs";
};
# others
niri.url = "github:baduhai/niri/auto-center-when-space-available";
};
outputs =

215
packages/claude-desktop.nix Normal file
View file

@ -0,0 +1,215 @@
{ inputs, ... }:
{
perSystem =
{ system, ... }:
let
pkgs = import inputs.nixpkgs {
inherit system;
config.allowUnfree = true;
};
pname = "claude-desktop";
version = "1.0.1768";
srcs.x86_64-linux = pkgs.fetchurl {
url = "https://downloads.claude.ai/releases/win32/x64/1.0.1768/Claude-67d01376d0e9d08b328455f6db9e63b0d603506a.exe";
hash = "sha256-x76Qav38ya3ObpWIq3dDowo79LgvVquMfaZeH8M1LUk=;";
};
src =
srcs.${pkgs.stdenv.hostPlatform.system} or (throw "Unsupported system: ${pkgs.stdenv.hostPlatform.system}");
claudeNativeStub = ''
// Stub implementation of claude-native using KeyboardKey enum values
const KeyboardKey = {
Backspace: 43, Tab: 280, Enter: 261, Shift: 272, Control: 61, Alt: 40,
CapsLock: 56, Escape: 85, Space: 276, PageUp: 251, PageDown: 250,
End: 83, Home: 154, LeftArrow: 175, UpArrow: 282, RightArrow: 262,
DownArrow: 81, Delete: 79, Meta: 187
};
Object.freeze(KeyboardKey);
module.exports = {
getWindowsVersion: () => "10.0.0",
setWindowEffect: () => {},
removeWindowEffect: () => {},
getIsMaximized: () => false,
flashFrame: () => {},
clearFlashFrame: () => {},
showNotification: () => {},
setProgressBar: () => {},
clearProgressBar: () => {},
setOverlayIcon: () => {},
clearOverlayIcon: () => {},
KeyboardKey
};
'';
in
{
packages.claude-desktop = pkgs.stdenv.mkDerivation rec {
inherit pname version src;
nativeBuildInputs = with pkgs; [
makeWrapper
copyDesktopItems
p7zip
unzip
nodejs
graphicsmagick
];
buildInputs = [ pkgs.electron ];
desktopItems = [
(pkgs.makeDesktopItem {
name = "claude-desktop";
desktopName = "Claude";
comment = "AI assistant from Anthropic";
exec = "claude-desktop %u";
icon = "claude-desktop";
categories = [
"Network"
"Chat"
"Office"
];
mimeTypes = [ "x-scheme-handler/claude" ];
startupNotify = true;
startupWMClass = "Claude";
})
];
unpackPhase = ''
runHook preUnpack
# Extract the Windows installer - use -y to auto-overwrite
7z x -y $src -o./extracted
# The installer contains a NuGet package
if [ -f ./extracted/AnthropicClaude-*-full.nupkg ]; then
echo "Found NuGet package, extracting..."
# NuGet packages are just zip files
unzip -q ./extracted/AnthropicClaude-*-full.nupkg -d ./nupkg
# Extract app.asar to modify it
if [ -f ./nupkg/lib/net45/resources/app.asar ]; then
echo "Extracting app.asar..."
${pkgs.asar}/bin/asar extract ./nupkg/lib/net45/resources/app.asar ./app
# Also copy the unpacked resources
if [ -d ./nupkg/lib/net45/resources/app.asar.unpacked ]; then
cp -r ./nupkg/lib/net45/resources/app.asar.unpacked/* ./app/
fi
# Copy additional resources
mkdir -p ./app/resources
mkdir -p ./app/resources/i18n
cp ./nupkg/lib/net45/resources/Tray* ./app/resources/ || true
cp ./nupkg/lib/net45/resources/*-*.json ./app/resources/i18n/ || true
fi
else
echo "NuGet package not found"
ls -la ./extracted/
exit 1
fi
runHook postUnpack
'';
buildPhase = ''
runHook preBuild
# Replace the Windows-specific claude-native module with a stub
if [ -d ./app/node_modules/claude-native ]; then
echo "Replacing claude-native module with Linux stub..."
rm -rf ./app/node_modules/claude-native/*.node
cat > ./app/node_modules/claude-native/index.js << 'EOF'
${claudeNativeStub}
EOF
fi
# Fix the title bar detection (from aaddrick script)
echo "Fixing title bar detection..."
SEARCH_BASE="./app/.vite/renderer/main_window/assets"
if [ -d "$SEARCH_BASE" ]; then
TARGET_FILE=$(find "$SEARCH_BASE" -type f -name "MainWindowPage-*.js" | head -1)
if [ -n "$TARGET_FILE" ]; then
echo "Found target file: $TARGET_FILE"
# Replace patterns like 'if(!VAR1 && VAR2)' with 'if(VAR1 && VAR2)'
sed -i -E 's/if\(!([a-zA-Z]+)[[:space:]]*&&[[:space:]]*([a-zA-Z]+)\)/if(\1 \&\& \2)/g' "$TARGET_FILE"
echo "Title bar fix applied"
fi
fi
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out/lib/claude-desktop
# Repack the modified app as app.asar
cd ./app
${pkgs.asar}/bin/asar pack . ../app.asar
cd ..
# Copy resources
mkdir -p $out/lib/claude-desktop/resources
cp ./app.asar $out/lib/claude-desktop/resources/
# Create app.asar.unpacked directory with the stub
mkdir -p $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native
cat > $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native/index.js << 'EOF'
${claudeNativeStub}
EOF
# Copy other resources
if [ -d ./nupkg/lib/net45/resources ]; then
cp ./nupkg/lib/net45/resources/*.png $out/lib/claude-desktop/resources/ 2>/dev/null || true
cp ./nupkg/lib/net45/resources/*.ico $out/lib/claude-desktop/resources/ 2>/dev/null || true
cp ./nupkg/lib/net45/resources/*.json $out/lib/claude-desktop/resources/ 2>/dev/null || true
fi
# Create wrapper script
makeWrapper ${pkgs.electron}/bin/electron $out/bin/claude-desktop \
--add-flags "$out/lib/claude-desktop/resources/app.asar" \
--set DISABLE_AUTOUPDATER 1 \
--set NODE_ENV production
# Extract and install icons in multiple sizes
if [ -f ./extracted/setupIcon.ico ]; then
echo "Converting and installing icons..."
# Count frames in the ICO file and extract each one
frame_count=$(gm identify ./extracted/setupIcon.ico | wc -l)
for i in $(seq 0 $((frame_count - 1))); do
gm convert "./extracted/setupIcon.ico[$i]" "./extracted/setupIcon-$i.png" 2>/dev/null || true
done
# Loop through converted icons and install them by size
for img in ./extracted/setupIcon-*.png; do
if [ -f "$img" ]; then
size=$(gm identify -format "%wx%h" "$img")
# Skip smallest icons (16x16 and 32x32) as they're too low quality
if [ "$size" != "16x16" ] && [ "$size" != "32x32" ]; then
mkdir -p "$out/share/icons/hicolor/$size/apps"
cp "$img" "$out/share/icons/hicolor/$size/apps/claude-desktop.png"
fi
fi
done
fi
runHook postInstall
'';
meta = with pkgs.lib; {
description = "Claude Desktop - AI assistant from Anthropic";
homepage = "https://claude.ai";
license = licenses.unfree;
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
maintainers = [ ];
platforms = [ "x86_64-linux" ];
mainProgram = "claude-desktop";
};
};
};
}

2
packages/hm-cli.nix
View file

@ -5,6 +5,8 @@
{ pkgs, ... }:
{
packages.hm-cli = pkgs.writeShellScriptBin "hm" ''
set -e
HM="${pkgs.lib.getExe pkgs.home-manager}"
FLAKE_PATH="''${HM_PATH:-$HOME/.config/home-manager}"
FLAKE_OUTPUT="''${HM_USER:-$(whoami)@$(hostname)}"

32
packages/niri-auto-centre.nix
View file

@ -1,32 +0,0 @@
{ ... }:
{
perSystem =
{ pkgs, ... }:
{
packages.niri-auto-centre = pkgs.writeShellApplication {
name = "niri-auto-centre";
runtimeInputs = [ pkgs.jq ];
text = ''
while true; do
ACTIVE_WORKSPACE=$(niri msg --json workspaces | jq -r '.[] | select(.is_active == true)')
WORKSPACE_ID=$(echo "$ACTIVE_WORKSPACE" | jq -r '.id')
OUTPUT_NAME=$(echo "$ACTIVE_WORKSPACE" | jq -r '.output')
MONITOR_WIDTH=$(niri msg --json outputs | jq -r ".\"$OUTPUT_NAME\".logical.width")
SUMMED_TILE_WIDTH=$(niri msg --json windows | jq --argjson wid "$WORKSPACE_ID" -r '
[.[] | select(.workspace_id == $wid) | {col: .layout.pos_in_scrolling_layout[0], width: .layout.tile_size[0]}]
| group_by(.col) | map(first.width) | add
')
if awk "BEGIN {exit !($SUMMED_TILE_WIDTH < $MONITOR_WIDTH)}"; then
niri msg action center-visible-columns
fi
sleep 0.1
done
'';
};
};
}

15
packages/overlays.nix
View file

@ -4,20 +4,19 @@ let
packageDir = builtins.readDir ./.;
# Filter to .nix files, excluding overlays.nix
isPackageFile = name: name != "overlays.nix" && builtins.match ".*\\.nix$" name != null;
isPackageFile = name:
name != "overlays.nix" && builtins.match ".*\\.nix$" name != null;
# Extract package name from filename (e.g., "foo-bar.nix" -> "foo-bar")
toPackageName = filename: builtins.head (builtins.match "(.+)\\.nix$" filename);
toPackageName = filename:
builtins.head (builtins.match "(.+)\\.nix$" filename);
packageNames = map toPackageName (builtins.filter isPackageFile (builtins.attrNames packageDir));
in
{
flake.overlays.default =
final: prev:
builtins.listToAttrs (
map (name: {
flake.overlays.default = final: prev:
builtins.listToAttrs (map (name: {
inherit name;
value = inputs.self.packages.${final.system}.${name};
}) packageNames
);
}) packageNames);
}

130
readme.md
View file

@ -1,73 +1,87 @@
# NixOS Flake Configuration
# Nix Configuration
Modular NixOS configuration using flake-parts with the [dendritic](https://github.com/gytis-ivaskevicius/dendritic) pattern.
## Structure
```
.
├── aspects/ # Reusable NixOS/home-manager modules (dendritic)
│ ├── base/ # Base system configuration
│ ├── hosts/ # Host-specific configurations
│ │ ├── _alexandria/
│ │ ├── _io/
│ │ ├── _rotterdam/
│ │ └── _trantor/
│ ├── systems/ # System type modules (desktop, server, cli, gaming)
│ └── users/ # User account configurations
├── data/ # Shared host/service definitions
├── packages/ # Custom packages and overlays
├── shells/ # Shell configurations
└── terranix/ # Terraform configurations for cloud resources
```
My personal Nix configuration for multiple NixOS hosts, home-manager users, miscellaneous resources... too many things to list. If I could put my life in a flake I would.
## Hosts
| Host | Architecture | Type | Description |
|------|--------------|------|-------------|
| trantor | aarch64-linux | server | ARM server running Forgejo |
| alexandria | x86_64-linux | server | x86 server (Kanidm, Vaultwarden, Nextcloud, Jellyfin) |
| rotterdam | x86_64-linux | desktop | Main workstation setup for gaming |
| io | x86_64-linux | desktop | Workstation |
### Desktop Systems
- **rotterdam** - Main desktop workstation (x86_64)
- Features: Desktop, AI tools, Bluetooth, Dev environment, Gaming, Virtualization (libvirtd), Podman
- Storage: Ephemeral root with LUKS encryption
- **io** - Laptop workstation (x86_64)
- Features: Desktop, AI tools, Bluetooth, Dev environment, Podman
- Storage: Ephemeral root with LUKS encryption
### Servers
- **alexandria** - Home server (x86_64)
- Hosts: Nextcloud, Vaultwarden, Jellyfin, Kanidm
- **trantor** - Cloud server (aarch64)
- Hosts: Forgejo
- Cloud provider: Oracle Cloud Infrastructure
- Storage: Ephemeral root with btrfs
## Home Manager Configurations
- **user@rotterdam** - Full desktop setup with gaming, OBS, and complete development environment
- **user@io** - Lightweight desktop setup
Both configurations include:
- btop, direnv, helix, starship, tmux
- Stylix theme management
- Fish shell with custom configurations
## Terranix Configurations
Infrastructure as code using Terranix (NixOS + Terraform/OpenTofu):
- **oci-trantor** - Oracle Cloud Infrastructure provisioning for Trantor server
- **cloudflare-baduhaidev** - DNS and CDN configuration for baduhai.dev domain
- **tailscale-tailnet** - Tailscale network ACL and device management
## Services
- **git.baduhai.dev** (Forgejo) - Publicly accessible on trantor
All services are accessible via custom domains under baduhai.dev:
Other services (LAN/Tailscale only): Vaultwarden, Nextcloud, Jellyfin
- **Kanidm** (auth.baduhai.dev) - Identity and access management
- **Vaultwarden** (pass.baduhai.dev) - Password manager
- **Forgejo** (git.baduhai.dev) - Git forge (publicly accessible)
- **Nextcloud** (cloud.baduhai.dev) - File sync and collaboration
- **Jellyfin** (jellyfin.baduhai.dev) - Media server
## Features
Services are accessible via:
- LAN for alexandria-hosted services
- Tailscale VPN for all services
- Public internet for Forgejo only
- **Ephemeral root**: Automatic btrfs subvolume rollover with impermanence
- **Secrets**: Managed via agenix with age encryption
- **Disk management**: disko for declarative disk partitioning
- **Modular architecture**: Each aspect is a separate module imported via import-tree
- **Dendritic pattern**: Aspects are imported as a unified flake module
## Notable Features
## Building
### Ephemeral Root
Rotterdam, io, and trantor use an ephemeral root filesystem that resets on every boot:
- Root filesystem is automatically rolled back using btrfs snapshots
- Old snapshots retained for 30 days
- Persistent data stored in dedicated subvolumes
- Implements truly stateless systems
```bash
# Build specific host
nix build .#nixosConfigurations.trantor.config.system.build.toplevel
### Custom DNS Architecture
- Unbound DNS servers on both alexandria and trantor
- Service routing based on visibility flags (public/LAN/Tailscale)
- Split-horizon DNS for optimal access paths
# Rebuild host (if using nixos-cli on the host)
sudo nixos apply
```
### Security
- LUKS full-disk encryption on desktop systems
- Fail2ban on public-facing servers
- agenix for secrets management
- Tailscale for secure remote access
## Terranix
### Desktop Environment
- Custom Niri window manager (Wayland compositor)
- Using forked version with auto-centering feature
- Stylix for consistent theming
Terraform configurations for cloud infrastructure managed via terranix:
- baduhai.dev DNS on CloudFlare
- VPS provisioning on OCI
- Tailscale subnet routers
## Key Dependencies
- nixpkgs (nixos-unstable for workstations, nixos for servers)
- home-manager
- agenix
- disko
- impermanence
- nix-flatpak
- nixos-cli
### Development Setup
- Nix flakes for reproducible builds
- deploy-rs for automated deployments
- Podman for containerization
- Complete AI tooling integration

2
shells/default.nix
View file

@ -6,7 +6,7 @@
{
devShells.default = pkgs.mkShell {
packages = with pkgs; [
inputs.agenix.packages.${stdenv.hostPlatform.system}.default
inputs.agenix.packages.${system}.default
nil
nixfmt
];

7
terranix/kernelpanic.space.nix
View file

@ -8,12 +8,9 @@
terranix.terranixConfigurations.cloudflare-kernelpanicspace = {
terraformWrapper.package = pkgs.opentofu;
modules = [
(
{ config, ... }:
{
({ config, ... }: {
# Terraform config goes here
}
)
})
];
};
};

7
terranix/terminus.nix
View file

@ -8,12 +8,9 @@
terranix.terranixConfigurations.oci-terminus = {
terraformWrapper.package = pkgs.opentofu;
modules = [
(
{ config, ... }:
{
({ config, ... }: {
# Terraform config goes here
}
)
})
];
};
};