baduhai/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: baduhai:master
Branches Tags
baduhai:master
baduhai:dendritic-light
baduhai:dendritic
baduhai:terranix
baduhai:refactor
baduhai:dms
baduhai:vim
baduhai:ansible
baduhai:niri
baduhai:hyprland
..
compare: baduhai:dendritic-light
Branches Tags
baduhai:master
baduhai:dendritic-light
baduhai:dendritic
baduhai:terranix
baduhai:refactor
baduhai:dms
baduhai:vim
baduhai:ansible
baduhai:niri
baduhai:hyprland

No commits in common. "master" and "dendritic-light" have entirely different histories.
master ... dendritic-

90 changed files with 2243 additions and 1902 deletions
Download patch file Download diff file Expand all files Collapse all files

32
aspects/ai.nix
View file

@ -1,34 +1,12 @@
{ ... }:
{
flake.modules = {
nixos.ai =
{ inputs, pkgs, ... }:
{
flake.modules.nixos.ai = { inputs, pkgs, ... }: {
environment.systemPackages =
(with pkgs; [ ])
++ (with inputs.nix-ai-tools.packages.${pkgs.stdenv.hostPlatform.system}; [
ccusage-opencode
(with pkgs; [claude-desktop]) ++
(with inputs.nix-ai-tools.packages.${pkgs.system}; [
claude-code
claudebox
opencode
]);
nix.settings = {
extra-substituters = [ "https://cache.numtide.com" ];
extra-trusted-public-keys = [
"niks3.numtide.com-1:DTx8wZduET09hRmMtKdQDxNNthLQETkc/yaX7M4qK0g="
];
};
};
homeManager.ai =
{ inputs, pkgs, ... }:
{
programs.opencode = {
enable = true;
package = inputs.nix-ai-tools.packages.${pkgs.stdenv.hostPlatform.system}.opencode;
settings = {
theme = "system";
autoupdate = false;
};
};
};
};
}

16
aspects/base/bash.nix
View file

@ -1,16 +0,0 @@
{ ... }:
{
flake.modules.homeManager.bash =
{
config,
lib,
pkgs,
...
}:
{
programs.bash = {
enable = true;
historyFile = "~/.cache/bash_history";
};
};
}

23
aspects/base/boot.nix
View file

@ -1,23 +0,0 @@
{ ... }:
{
flake.modules.nixos.boot =
{ pkgs, ... }:
{
boot = {
loader = {
timeout = 1;
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
editor = false;
consoleMode = "max";
sortKey = "aa";
netbootxyz = {
enable = true;
sortKey = "zz";
};
};
};
};
};
}

11
aspects/base/console.nix
View file

@ -1,11 +0,0 @@
{ ... }:
{
flake.modules.nixos.console =
{ ... }:
{
console = {
useXkbConfig = true;
earlySetup = true;
};
};
}

11
aspects/base/firewall.nix
View file

@ -1,11 +0,0 @@
{ ... }:
{
flake.modules.nixos.firewall =
{ ... }:
{
networking = {
firewall.enable = true;
nftables.enable = true;
};
};
}

47
aspects/base/fish.nix
View file

@ -1,47 +0,0 @@
{ ... }:
{
flake.modules = {
nixos.fish =
{ ... }:
{
programs.fish.enable = true;
};
homeManager.fish =
{
config,
lib,
pkgs,
...
}:
{
programs.fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting
${lib.getExe pkgs.nix-your-shell} fish | source
'';
loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source";
plugins = [
{
name = "bang-bang";
src = pkgs.fetchFromGitHub {
owner = "oh-my-fish";
repo = "plugin-bang-bang";
rev = "f969c618301163273d0a03d002614d9a81952c1e";
sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ=";
};
}
{
name = "z";
src = pkgs.fetchFromGitHub {
owner = "jethrokuan";
repo = "z";
rev = "067e867debee59aee231e789fc4631f80fa5788e";
sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU=";
};
}
];
};
};
};
}

24
aspects/base/locale.nix
View file

@ -1,24 +0,0 @@
{ ... }:
{
flake.modules.nixos.locale =
{ ... }:
{
time.timeZone = "America/Bahia";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "pt_BR.utf8";
LC_COLLATE = "pt_BR.utf8";
LC_IDENTIFICATION = "pt_BR.utf8";
LC_MEASUREMENT = "pt_BR.utf8";
LC_MONETARY = "pt_BR.utf8";
LC_NAME = "pt_BR.utf8";
LC_NUMERIC = "pt_BR.utf8";
LC_PAPER = "pt_BR.utf8";
LC_TELEPHONE = "pt_BR.utf8";
LC_TIME = "en_IE.utf8";
};
};
};
}

63
aspects/base/nix.nix
View file

@ -1,63 +0,0 @@
{ ... }:
{
flake.modules.nixos.nix =
{
inputs,
pkgs,
lib,
...
}:
{
imports = [ inputs.nixos-cli.nixosModules.nixos-cli ];
nix = {
settings = {
auto-optimise-store = true;
connect-timeout = 10;
log-lines = 25;
min-free = 128000000;
max-free = 1000000000;
trusted-users = [ "@wheel" ];
};
extraOptions = "experimental-features = nix-command flakes";
gc = {
automatic = true;
options = "--delete-older-than 8d";
};
};
nixpkgs.config = {
allowUnfree = true;
enableParallelBuilding = true;
buildManPages = false;
buildDocs = false;
};
services.nixos-cli = {
enable = true;
config = {
ignore_dirty_tree = true;
apply = {
reexec_as_root = true;
use_nom = true;
};
confirmation.empty = "default-yes";
differ = {
command = [
"${lib.getExe pkgs.nvd}"
"diff"
];
tool = "command";
};
};
};
environment.systemPackages = with pkgs; [
nix-output-monitor
];
documentation.nixos.enable = false;
system.stateVersion = "22.11";
};
}

32
aspects/base/ssh.nix
View file

@ -1,32 +0,0 @@
{ ... }:
{
flake.modules.nixos.ssh =
{ ... }:
{
services.openssh = {
enable = true;
settings.PermitRootLogin = "no";
extraConfig = ''
PrintLastLog no
'';
};
programs = {
bash.interactiveShellInit = ''
if [ -n "$SSH_CONNECTION" ] && [ -z "$IN_NIX_SHELL" ] && [ -z "$TMUX" ]; then
export TERM=xterm-256color
clear
fastfetch
fi
'';
fish.interactiveShellInit = ''
set fish_greeting
if set -q SSH_CONNECTION; and not set -q IN_NIX_SHELL; and not set -q TMUX
export TERM=xterm-256color
clear
fastfetch
end
'';
};
};
}

66
aspects/base/zsh.nix
View file

@ -1,66 +0,0 @@
{ ... }:
{
flake.modules = {
nixos.zsh =
{ ... }:
{
programs.zsh.enable = true;
};
homeManager.zsh =
{
config,
lib,
pkgs,
...
}:
{
programs.zsh = {
enable = true;
dotDir = "${config.xdg.configHome}/zsh";
autosuggestion = {
enable = true;
strategy = [
"match_prev_cmd"
"completion"
];
};
enableCompletion = true;
syntaxHighlighting.enable = true;
initExtra = ''
unsetopt beep
${lib.getExe pkgs.nix-your-shell} zsh | source /dev/stdin
# Expand !! and !$ on space (Fish-style)
bindkey ' ' magic-space
setopt HIST_VERIFY
# Fish-style Ctrl+Backspace: delete one path segment at a time
function backward-kill-path-component() {
if [[ "$LBUFFER" == */ ]]; then
LBUFFER="''${LBUFFER%/}"
fi
if [[ "$LBUFFER" == */* ]]; then
LBUFFER="''${LBUFFER%/*}/"
else
zle backward-kill-word
fi
}
zle -N backward-kill-path-component
bindkey '^H' backward-kill-path-component
# Ctrl+Arrow Keys to move back and forward by a word
bindkey "^[[1;5D" backward-word
bindkey "^[[1;5C" forward-word
'';
loginExtra = "${lib.getExe pkgs.nix-your-shell} zsh | source /dev/stdin";
history = {
size = 10000;
save = 10000;
share = true;
};
initExtraBeforeCompInit = ''
zstyle ':completion:*' menu select
zstyle ':completion:*' matcher-list 'm:{a-zA-Z}={A-Za-z}'
'';
};
};
};
}

14
aspects/bluetooth.nix
View file

@ -1,16 +1,6 @@
{ ... }:
{
flake.modules.nixos.bluetooth =
{
config,
lib,
pkgs,
...
}:
{
hardware.bluetooth = {
enable = true;
powerOnBoot = false;
};
flake.modules.nixos.bluetooth = { config, lib, pkgs, ... }: {
hardware.bluetooth.enable = true;
};
}

17
aspects/cli/btop.nix
View file

@ -1,20 +1,6 @@
{ ... }:
{
flake.modules = {
nixos.btop =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ btop ];
};
homeManager.btop =
{
config,
lib,
pkgs,
...
}:
{
flake.modules.homeManager.cli-btop = { config, lib, pkgs, ... }: {
programs.btop = {
enable = true;
settings = {
@ -24,5 +10,4 @@
};
};
};
};
}

10
aspects/cli/comma.nix
View file

@ -1,14 +1,6 @@
{ ... }:
{
flake.modules.homeManager.comma =
{
config,
lib,
pkgs,
inputs,
...
}:
{
flake.modules.homeManager.cli-comma = { config, lib, pkgs, inputs, ... }: {
imports = [ inputs.nix-index-database.homeModules.nix-index ];
programs.nix-index-database.comma.enable = true;

9
aspects/cli/direnv.nix
View file

@ -1,13 +1,6 @@
{ ... }:
{
flake.modules.homeManager.direnv =
{
config,
lib,
pkgs,
...
}:
{
flake.modules.homeManager.cli-direnv = { config, lib, pkgs, ... }: {
programs.direnv = {
enable = true;
nix-direnv.enable = true;

26
aspects/cli/helix.nix
View file

@ -1,36 +1,13 @@
{ ... }:
{
flake.modules = {
nixos.helix =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
helix
];
};
homeManager.helix =
{
config,
lib,
pkgs,
...
}:
{
flake.modules.homeManager.cli-helix = { config, lib, pkgs, ... }: {
home.sessionVariables = {
EDITOR = "hx";
};
programs.helix = {
enable = true;
themes = {
base16_terminal_transparent = {
inherits = "base16_terminal";
"ui.background" = { };
};
};
settings = {
theme = "base16_terminal_transparent";
editor = {
file-picker.hidden = false;
idle-timeout = 0;
@ -70,5 +47,4 @@
};
};
};
};
}

9
aspects/cli/hm-cli.nix
View file

@ -1,13 +1,6 @@
{ ... }:
{
flake.modules.homeManager.hm-cli =
{
config,
lib,
pkgs,
...
}:
{
flake.modules.homeManager.cli-base = { config, lib, pkgs, ... }: {
home = {
packages = with pkgs; [ hm-cli ];
sessionVariables = {

9
aspects/cli/starship.nix
View file

@ -1,13 +1,6 @@
{ ... }:
{
flake.modules.homeManager.starship =
{
config,
lib,
pkgs,
...
}:
{
flake.modules.homeManager.cli-starship = { config, lib, pkgs, ... }: {
programs.starship = {
enable = true;
enableBashIntegration = true;

19
aspects/cli/tmux.nix
View file

@ -1,22 +1,6 @@
{ ... }:
{
flake.modules = {
nixos.tmux =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
tmux
];
};
homeManager.tmux =
{
config,
lib,
pkgs,
...
}:
{
flake.modules.homeManager.cli-tmux = { config, lib, pkgs, ... }: {
programs.tmux = {
enable = true;
clock24 = true;
@ -25,5 +9,4 @@
keyMode = "vi";
};
};
};
}

21
aspects/common/boot.nix Normal file
View file

@ -0,0 +1,21 @@
{ ... }:
{
flake.modules.nixos.common-boot = { pkgs, ... }: {
boot = {
loader = {
timeout = 1;
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
editor = false;
consoleMode = "max";
sortKey = "aa";
netbootxyz = {
enable = true;
sortKey = "zz";
};
};
};
};
};
}

9
aspects/common/console.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
flake.modules.nixos.common-console = { ... }: {
console = {
useXkbConfig = true;
earlySetup = true;
};
};
}

9
aspects/common/firewall.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
flake.modules.nixos.common-firewall = { ... }: {
networking = {
firewall.enable = true;
nftables.enable = true;
};
};
}

22
aspects/common/locale.nix Normal file
View file

@ -0,0 +1,22 @@
{ ... }:
{
flake.modules.nixos.common-locale = { ... }: {
time.timeZone = "America/Bahia";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "pt_BR.utf8";
LC_COLLATE = "pt_BR.utf8";
LC_IDENTIFICATION = "pt_BR.utf8";
LC_MEASUREMENT = "pt_BR.utf8";
LC_MONETARY = "pt_BR.utf8";
LC_NAME = "pt_BR.utf8";
LC_NUMERIC = "pt_BR.utf8";
LC_PAPER = "pt_BR.utf8";
LC_TELEPHONE = "pt_BR.utf8";
LC_TIME = "en_IE.utf8";
};
};
};
}

39
aspects/common/nix.nix Normal file
View file

@ -0,0 +1,39 @@
{ ... }:
{
flake.modules.nixos.common-nix = { inputs, ... }: {
imports = [ inputs.nixos-cli.nixosModules.nixos-cli ];
nix = {
settings = {
auto-optimise-store = true;
connect-timeout = 10;
log-lines = 25;
min-free = 128000000;
max-free = 1000000000;
trusted-users = [ "@wheel" ];
};
extraOptions = "experimental-features = nix-command flakes";
gc = {
automatic = true;
options = "--delete-older-than 8d";
};
};
nixpkgs.config = {
allowUnfree = true;
enableParallelBuilding = true;
buildManPages = false;
buildDocs = false;
};
services.nixos-cli = {
enable = true;
config = {
use_nvd = true;
ignore_dirty_tree = true;
};
};
system.stateVersion = "22.11";
};
}

12
aspects/common/openssh.nix Normal file
View file

@ -0,0 +1,12 @@
{ ... }:
{
flake.modules.nixos.common-openssh = { ... }: {
services.openssh = {
enable = true;
settings.PermitRootLogin = "no";
extraConfig = ''
PrintLastLog no
'';
};
};
}

43
aspects/common/programs.nix Normal file
View file

@ -0,0 +1,43 @@
{ ... }:
{
flake.modules.nixos.common-programs =
{ lib, pkgs, ... }:
{
environment = {
systemPackages = with pkgs; [
### Dev Tools ###
git
### System Utilities ###
btop
fastfetch
helix
nixos-firewall-tool
nvd
sysz
tmux
wget
yazi
];
shellAliases = {
cat = "${lib.getExe pkgs.bat} --paging=never --style=plain";
ls = "${lib.getExe pkgs.eza} --git --icons --group-directories-first";
tree = "ls --tree";
};
};
programs = {
command-not-found.enable = false;
fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting
if set -q SSH_CONNECTION
export TERM=xterm-256color
clear
fastfetch
end
'';
};
};
};
}

2
aspects/base/security.nix → aspects/common/security.nix
View file

@ -1,6 +1,6 @@
{ ... }:
{
flake.modules.nixos.security =
flake.modules.nixos.common-security =
{ ... }:
{
security.sudo = {

10
aspects/common/services.nix Normal file
View file

@ -0,0 +1,10 @@
{ ... }:
{
flake.modules.nixos.common-services = { ... }: {
services = {
dbus.implementation = "broker";
irqbalance.enable = true;
fstrim.enable = true;
};
};
}

9
aspects/common/tailscale.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
flake.modules.nixos.common-tailscale = { ... }: {
services.tailscale = {
enable = true;
extraUpFlags = [ "--operator=user" ];
};
};
}

108
aspects/constants.nix
View file

@ -1,9 +1,4 @@
{
inputs,
lib,
config,
...
}:
{ lib, config, ... }:
let
# Host submodule type
@ -59,15 +54,12 @@ let
sharedData = import ../data/services.nix;
# Enrich services with host IP information
enrichServices =
hosts: services:
map (
svc:
enrichServices = hosts: services:
map (svc:
let
hostInfo = hosts.${svc.host} or { };
hostInfo = hosts.${svc.host} or {};
in
svc
// {
svc // {
lanIP = hostInfo.lanIP or null;
tailscaleIP = hostInfo.tailscaleIP or null;
}
@ -78,19 +70,19 @@ in
options.flake = {
hosts = lib.mkOption {
type = lib.types.attrsOf hostType;
default = { };
default = {};
description = "Host definitions with IP addresses";
};
services = lib.mkOption {
type = lib.types.listOf serviceType;
default = [ ];
default = [];
description = "Service definitions with enriched host information";
};
lib = lib.mkOption {
type = lib.types.attrsOf lib.types.raw;
default = { };
default = {};
description = "Utility functions for flake configuration";
};
};
@ -102,11 +94,9 @@ in
lib = {
# Nginx virtual host utilities
mkNginxVHosts =
{ domains }:
mkNginxVHosts = { domains }:
let
mkVHostConfig =
domain: vhostConfig:
mkVHostConfig = domain: vhostConfig:
lib.recursiveUpdate {
useACMEHost = domain;
forceSSL = true;
@ -117,8 +107,7 @@ in
# Split DNS utilities for unbound
# Generates unbound view config from a list of DNS entries
mkSplitDNS =
entries:
mkSplitDNS = entries:
let
tailscaleData = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') entries;
lanData = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') entries;
@ -137,81 +126,6 @@ in
local-data = lanData;
}
];
# Generates flake.homeConfigurations
mkHomeConfiguration =
{
user,
hostname,
system ? "x86_64-linux",
stateVersion ? "22.05",
nixpkgs ? inputs.nixpkgs, # override with e.g. inputs.nixpkgs-stable
userModules ? [ ],
overlays ? [ inputs.self.overlays.default ],
homeManagerModules ? with inputs.self.modules.homeManager; [
base
cli
],
userDirectory ? "/home/${user}",
}:
inputs.home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.${system};
extraSpecialArgs = {
inherit inputs hostname;
};
modules = [
{ nixpkgs.overlays = overlays; }
{
home = {
username = user;
homeDirectory = userDirectory;
inherit stateVersion;
};
}
((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p))
"/${inputs.self}/aspects/users/_${user}"
)
]
++ homeManagerModules
++ userModules;
};
# Generates flake.nixosConfigurations
mkHost =
{
hostname,
system ? "x86_64-linux",
nixpkgs ? inputs.nixpkgs,
overlays ? [
inputs.agenix.overlays.default
inputs.self.overlays.default
],
ephemeralRootDev ? null, # pass rootDevice string to enable, e.g. ephemeralephemeralRootDev = "/dev/mapper/cryptroot"
nixosModules ? with inputs.self.modules.nixos; [
base
cli
user
root
],
extraModules ? [ ],
}:
nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs; };
modules = [
inputs.agenix.nixosModules.default
{ networking.hostName = hostname; }
{ nixpkgs.overlays = overlays; }
((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p))
"${inputs.self}/aspects/hosts/_${hostname}"
)
]
++ (lib.optional (ephemeralRootDev != null) (
inputs.self.factory.ephemeral { rootDevice = ephemeralRootDev; }
))
++ nixosModules
++ extraModules;
};
};
};
}

27
aspects/desktop/boot.nix Normal file
View file

@ -0,0 +1,27 @@
{ ... }:
{
flake.modules.nixos.desktop-boot = { config, lib, pkgs, ... }: {
boot = {
plymouth.enable = true;
initrd.systemd.enable = true;
loader.efi.efiSysMountPoint = "/boot/efi";
kernelPackages = pkgs.linuxPackages_xanmod_latest;
extraModprobeConfig = ''
options bluetooth disable_ertm=1
'';
kernel.sysctl = {
"net.ipv4.tcp_mtu_probing" = 1;
};
kernelParams = [
"quiet"
"splash"
"i2c-dev"
"i2c-piix4"
"loglevel=3"
"udev.log_priority=3"
"rd.udev.log_level=3"
"rd.systemd.show_status=false"
];
};
};
}

292
aspects/desktop/desktop.nix Normal file
View file

@ -0,0 +1,292 @@
{
inputs,
...
}:
{
flake.modules = {
nixos.desktop-desktop = { config, lib, pkgs, ... }: {
imports = [
inputs.niri-flake.nixosModules.niri
inputs.nix-flatpak.nixosModules.nix-flatpak
];
environment = {
sessionVariables = {
KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir
NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland
};
systemPackages = with pkgs; [
### Web ###
bitwarden-desktop
fragments
nextcloud-client
tor-browser
vesktop
inputs.zen-browser.packages."${system}".default
### Office & Productivity ###
aspell
aspellDicts.de
aspellDicts.en
aspellDicts.en-computers
aspellDicts.pt_BR
papers
presenterm
rnote
### Graphics & Design ###
gimp
inkscape
plasticity
### System Utilities ###
adwaita-icon-theme
ghostty
gnome-disk-utility
junction
libfido2
mission-center
nautilus
p7zip
rclone
toggleaudiosink
unrar
### Media ###
decibels
loupe
obs-studio
showtime
];
};
services = {
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
wireplumber.enable = true;
};
greetd = {
enable = true;
settings = {
default_session = {
command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session";
user = "greeter";
};
}
// lib.optionalAttrs (config.networking.hostName == "io") {
initial_session = {
command = "${config.programs.niri.package}/bin/niri-session";
user = "user";
};
};
};
flatpak = {
enable = true;
packages = [
### Office & Productivity ###
"com.collabora.Office"
### Graphics & Design ###
"com.boxy_svg.BoxySVG"
rec {
appId = "io.github.softfever.OrcaSlicer";
sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1";
bundle = "${pkgs.fetchurl {
url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak";
inherit sha256;
}}";
}
### System Utilities ###
"com.github.tchx84.Flatseal"
"com.rustdesk.RustDesk"
];
uninstallUnmanaged = true;
update.auto.enable = true;
};
gvfs.enable = true;
};
security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority
users = {
users.greeter = {
isSystemUser = true;
group = "greeter";
};
groups.greeter = { };
};
programs = {
niri = {
enable = true;
package = inputs.niri.packages.${pkgs.system}.niri;
};
kdeconnect = {
enable = true;
package = pkgs.valent;
};
dconf.enable = true;
appimage = {
enable = true;
binfmt = true;
};
};
niri-flake.cache.enable = false;
fonts = {
fontDir.enable = true;
packages = with pkgs; [
corefonts
inter
nerd-fonts.fira-code
noto-fonts-cjk-sans
noto-fonts-color-emoji
roboto
];
};
xdg.portal = {
extraPortals = with pkgs; [
xdg-desktop-portal-gnome
xdg-desktop-portal-gtk
];
config = {
common.default = "*";
niri.default = [
"gtk"
"gnome"
];
};
};
};
homeManager.desktop-desktop = { config, lib, pkgs, inputs, ... }: {
imports = [ inputs.vicinae.homeManagerModules.default ];
fonts.fontconfig.enable = true;
home.packages = with pkgs; [ xwayland-satellite ];
services.vicinae = {
enable = true;
systemd = {
enable = true;
autoStart = true;
};
};
programs = {
ghostty = {
enable = true;
settings = {
cursor-style = "block";
shell-integration-features = "no-cursor";
cursor-style-blink = false;
custom-shader = "${builtins.fetchurl {
url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl";
sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41";
}}";
bell-features = "";
gtk-titlebar-style = "tabs";
keybind = [ "shift+enter=text:\\x1b\\r" ];
};
};
password-store = {
enable = true;
package = pkgs.pass-wayland;
};
};
xdg = {
enable = true;
userDirs.enable = true;
mimeApps = {
enable = true;
defaultApplications = {
"text/html" = [
"re.sonny.Junction.desktop"
"zen-browser.desktop"
"torbrowser.desktop"
];
"x-scheme-handler/http" = [
"re.sonny.Junction.desktop"
"zen-browser.desktop"
"torbrowser.desktop"
];
"x-scheme-handler/https" = [
"re.sonny.Junction.desktop"
"zen-browser.desktop"
"torbrowser.desktop"
];
"x-scheme-handler/about" = [
"re.sonny.Junction.desktop"
"zen-browser.desktop"
"torbrowser.desktop"
];
"x-scheme-handler/unknown" = [
"re.sonny.Junction.desktop"
"zen-browser.desktop"
"torbrowser.desktop"
];
"image/jpeg" = "org.gnome.Loupe.desktop";
"image/png" = "org.gnome.Loupe.desktop";
"image/gif" = "org.gnome.Loupe.desktop";
"image/webp" = "org.gnome.Loupe.desktop";
"image/bmp" = "org.gnome.Loupe.desktop";
"image/svg+xml" = "org.gnome.Loupe.desktop";
"image/tiff" = "org.gnome.Loupe.desktop";
"video/mp4" = "io.bassi.Showtime.desktop";
"video/x-matroska" = "io.bassi.Showtime.desktop";
"video/webm" = "io.bassi.Showtime.desktop";
"video/mpeg" = "io.bassi.Showtime.desktop";
"video/x-msvideo" = "io.bassi.Showtime.desktop";
"video/quicktime" = "io.bassi.Showtime.desktop";
"video/x-flv" = "io.bassi.Showtime.desktop";
"audio/mpeg" = "io.bassi.Showtime.desktop";
"audio/flac" = "io.bassi.Showtime.desktop";
"audio/ogg" = "io.bassi.Showtime.desktop";
"audio/wav" = "io.bassi.Showtime.desktop";
"audio/mp4" = "io.bassi.Showtime.desktop";
"audio/x-opus+ogg" = "io.bassi.Showtime.desktop";
"application/pdf" = [
"org.gnome.Papers.desktop"
"zen-browser.desktop"
];
"text/plain" = "Helix.desktop";
"text/markdown" = "Helix.desktop";
"text/x-log" = "Helix.desktop";
"application/x-shellscript" = "Helix.desktop";
"application/vnd.openxmlformats-officedocument.wordprocessingml.document" =
"com.collabora.Office.desktop"; # DOCX
"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" =
"com.collabora.Office.desktop"; # XLSX
"application/vnd.openxmlformats-officedocument.presentationml.presentation" =
"com.collabora.Office.desktop"; # PPTX
"application/vnd.oasis.opendocument.text" = "com.collabora.Office.desktop"; # ODT
"application/vnd.oasis.opendocument.spreadsheet" = "com.collabora.Office.desktop"; # ODS
"application/vnd.oasis.opendocument.presentation" = "com.collabora.Office.desktop"; # ODP
"application/msword" = "com.collabora.Office.desktop"; # DOC
"application/vnd.ms-excel" = "com.collabora.Office.desktop"; # XLS
"application/vnd.ms-powerpoint" = "com.collabora.Office.desktop"; # PPT
"application/zip" = "org.gnome.FileRoller.desktop";
"application/x-tar" = "org.gnome.FileRoller.desktop";
"application/x-compressed-tar" = "org.gnome.FileRoller.desktop";
"application/x-bzip-compressed-tar" = "org.gnome.FileRoller.desktop";
"application/x-xz-compressed-tar" = "org.gnome.FileRoller.desktop";
"application/x-7z-compressed" = "org.gnome.FileRoller.desktop";
"application/x-rar" = "org.gnome.FileRoller.desktop";
"application/gzip" = "org.gnome.FileRoller.desktop";
"application/x-bzip" = "org.gnome.FileRoller.desktop";
"inode/directory" = "org.gnome.Nautilus.desktop";
};
};
};
# Set Ghostty as default terminal
home.sessionVariables = {
TERMINAL = "ghostty";
};
};
};
}

60
aspects/desktop/kde.nix
View file

@ -1,60 +0,0 @@
{ ... }:
{
flake.modules = {
nixos.kde =
{ pkgs, ... }:
{
services = {
displayManager = {
autoLogin = {
enable = true;
user = "user";
};
plasma-login-manager.enable = true;
};
desktopManager.plasma6.enable = true;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
wireplumber.enable = true;
};
};
xdg.portal = {
enable = true;
xdgOpenUsePortal = true;
extraPortals = with pkgs; [
kdePackages.xdg-desktop-portal-kde
xdg-desktop-portal-gtk
xdg-desktop-portal-gnome
];
config.common.default = "*";
};
environment = {
systemPackages = with pkgs; [
kara
kdePackages.karousel
kde-rounded-corners
];
plasma6.excludePackages = with pkgs.kdePackages; [
elisa
gwenview
kate
khelpcenter
];
};
programs = {
kdeconnect.enable = true;
partition-manager.enable = true;
};
};
homeManager.kde =
{ pkgs, ... }:
{
};
};
}

220
aspects/desktop/niri.nix Normal file
View file

@ -0,0 +1,220 @@
{ ... }:
{
flake.modules.homeManager.desktop-niri = { config, lib, pkgs, inputs, hostname ? null, ... }:
let
isRotterdam = hostname == "rotterdam";
in
{
imports = [ inputs.noctalia.homeModules.default ];
services.kanshi = {
enable = true;
settings = [
{
profile.name = "default";
profile.outputs = [
{
criteria = "*";
scale = 1.0;
}
];
}
];
};
home = {
packages = with pkgs; [
xwayland-satellite
inputs.noctalia.packages.${pkgs.system}.default
];
sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3";
};
xdg.configFile."niri/config.kdl".text = ''
input {
keyboard {
xkb {
layout "us"
variant "altgr-intl"
}
}
touchpad {
tap
dwt
drag true
drag-lock
natural-scroll
accel-speed 0.2
accel-profile "flat"
scroll-method "two-finger"
middle-emulation
}
mouse {
natural-scroll
accel-speed 0.2
accel-profile "flat"
}
warp-mouse-to-focus mode="center-xy"
focus-follows-mouse
}
layout {
gaps 8
center-focused-column "never"
auto-center-when-space-available
preset-column-widths {
${
if isRotterdam then
''
proportion 0.33333
proportion 0.5
proportion 0.66667
''
else
''
proportion 0.5
proportion 1.0
''
}
}
default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; }
focus-ring {
off
}
border {
width 4
active-color "#ffc87f"
inactive-color "#505050"
urgent-color "#9b0000"
}
tab-indicator {
width 4
gap 4
place-within-column
}
}
overview {
zoom 0.65
}
spawn-at-startup "noctalia-shell" "-d"
layer-rule {
match namespace="^noctalia-overview*"
place-within-backdrop true
}
hotkey-overlay {
skip-at-startup
}
prefer-no-csd
screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png"
animations {
slowdown 0.3
}
window-rule {
match app-id="zen"
default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; }
}
window-rule {
geometry-corner-radius 12
clip-to-geometry true
}
config-notification {
disable-failed
}
binds {
Alt+Space repeat=false { spawn "vicinae" "toggle"; }
XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; }
XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; }
XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; }
XF86MonBrightnessUp allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "increase"; }
XF86MonBrightnessDown allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "decrease"; }
XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; }
XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; }
XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; }
XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; }
Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; }
Mod+Shift+L repeat=false { spawn "noctalia-shell" "ipc" "call" "lockScreen" "lock"; }
Mod+Return { spawn "ghostty"; }
Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; }
Mod+W repeat=false { toggle-overview; }
Mod+Q { close-window; }
Alt+Shift+Q { close-window;}
Mod+Shift+Q { close-window; }
Alt+F4 { close-window; }
Mod+Left { focus-column-left; }
Mod+Down { focus-window-or-workspace-down; }
Mod+Up { focus-window-or-workspace-up; }
Mod+Right { focus-column-right; }
Mod+H { focus-column-left; }
Mod+L { focus-column-right; }
Mod+J { focus-window-or-workspace-down; }
Mod+K { focus-window-or-workspace-up; }
Mod+Ctrl+Left { move-column-left; }
Mod+Ctrl+Down { move-window-down-or-to-workspace-down; }
Mod+Ctrl+Up { move-window-up-or-to-workspace-up; }
Mod+Ctrl+Right { move-column-right; }
Mod+Ctrl+H { move-column-left; }
Mod+Ctrl+J { move-window-down-or-to-workspace-down; }
Mod+Ctrl+K { move-window-up-or-to-workspace-up; }
Mod+Ctrl+L { move-column-right; }
Mod+Home { focus-column-first; }
Mod+End { focus-column-last; }
Mod+Ctrl+Home { move-column-to-first; }
Mod+Ctrl+End { move-column-to-last; }
Mod+Alt+Left { focus-monitor-left; }
Mod+Alt+Down { focus-monitor-down; }
Mod+Alt+Up { focus-monitor-up; }
Mod+Alt+Right { focus-monitor-right; }
Mod+Alt+H { focus-monitor-left; }
Mod+Alt+J { focus-monitor-down; }
Mod+Alt+K { focus-monitor-up; }
Mod+Alt+L { focus-monitor-right; }
Mod+Alt+Ctrl+Left { move-column-to-monitor-left; }
Mod+Alt+Ctrl+Down { move-column-to-monitor-down; }
Mod+Alt+Ctrl+Up { move-column-to-monitor-up; }
Mod+Alt+Ctrl+Right { move-column-to-monitor-right; }
Mod+Alt+Ctrl+H { move-column-to-monitor-left; }
Mod+Alt+Ctrl+J { move-column-to-monitor-down; }
Mod+Alt+Ctrl+K { move-column-to-monitor-up; }
Mod+Alt+Ctrl+L { move-column-to-monitor-right; }
Mod+Ctrl+U { move-workspace-down; }
Mod+Ctrl+I { move-workspace-up; }
Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; }
Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; }
Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; }
Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; }
Mod+Shift+WheelScrollDown { focus-column-right; }
Mod+Shift+WheelScrollUp { focus-column-left; }
Mod+Ctrl+Shift+WheelScrollDown { move-column-right; }
Mod+Ctrl+Shift+WheelScrollUp { move-column-left; }
Mod+BracketLeft { consume-or-expel-window-left; }
Mod+BracketRight { consume-or-expel-window-right; }
Mod+Comma { consume-window-into-column; }
Mod+Period { expel-window-from-column; }
Mod+R { switch-preset-column-width; }
Mod+F { maximize-column; }
Mod+Ctrl+F { fullscreen-window; }
Mod+C { center-visible-columns; }
Mod+Ctrl+C { center-column; }
Mod+Space { toggle-window-floating; }
Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; }
Mod+T { toggle-column-tabbed-display; }
Print { screenshot-screen; }
Mod+Print { screenshot; }
Ctrl+Print { screenshot-window; }
Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; }
Mod+Alt+E { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; }
Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; }
Mod+Ctrl+P { power-off-monitors; }
}
'';
};
}

14
aspects/desktop/nix.nix Normal file
View file

@ -0,0 +1,14 @@
{ inputs, ... }:
{
flake.modules.nixos.desktop-nix = { config, lib, pkgs, ... }: {
environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath;
nix = {
registry.nixpkgs.flake = inputs.nixpkgs;
nixPath = [
"nixpkgs=${inputs.nixpkgs}"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
};
}

16
aspects/desktop/services.nix Normal file
View file

@ -0,0 +1,16 @@
{ ... }:
{
flake.modules.nixos.desktop-services = { config, lib, pkgs, ... }: {
services = {
printing.enable = true;
udev.packages = with pkgs; [ yubikey-personalization ];
keyd = {
enable = true;
keyboards.all = {
ids = [ "*" ];
settings.main.capslock = "overload(meta, esc)";
};
};
};
};
}

12
aspects/dev.nix
View file

@ -1,20 +1,16 @@
{ ... }:
{
flake.modules.nixos.dev =
{
config,
lib,
pkgs,
...
}:
{
flake.modules.nixos.dev = { config, lib, pkgs, ... }: {
environment.systemPackages = with pkgs; [
android-tools
bat
lazygit
fd
fzf
glow
nixfmt
nix-init
nix-output-monitor
ripgrep
];

23
aspects/ephemeral.nix
View file

@ -3,8 +3,7 @@
{ inputs, ... }:
{
# Base module with options (for external flakes or direct use)
flake.modules.nixos.ephemeral =
{ lib, config, ... }:
flake.modules.nixos.ephemeral = { lib, config, ... }:
let
cfg = config.ephemeral;
in
@ -90,19 +89,18 @@
# Factory function that generates configured modules
flake.factory.ephemeral =
{
rootDevice,
rootSubvolume ? "@root",
retentionDays ? 30,
persistentStoragePath ? "/persistent",
persistentFiles ? [
{ rootDevice
, rootSubvolume ? "@root"
, retentionDays ? 30
, persistentStoragePath ? "/persistent"
, persistentFiles ? [
"/etc/machine-id"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
],
persistentDirectories ? [
]
, persistentDirectories ? [
"/etc/NetworkManager/system-connections"
"/etc/nixos"
"/var/lib/bluetooth"
@ -113,10 +111,9 @@
"/var/lib/systemd/timers"
"/var/lib/tailscale"
"/var/log"
],
]
}:
{ ... }:
{
{ ... }: {
imports = [
inputs.impermanence.nixosModules.impermanence
inputs.self.modules.nixos.ephemeral

9
aspects/fwupd.nix
View file

@ -1,13 +1,6 @@
{ ... }:
{
flake.modules.nixos.fwupd =
{
config,
lib,
pkgs,
...
}:
{
flake.modules.nixos.fwupd = { config, lib, pkgs, ... }: {
services.fwupd.enable = true;
};
}

23
aspects/gaming/flatpak.nix Normal file
View file

@ -0,0 +1,23 @@
{ ... }:
{
flake.modules.nixos.gaming-flatpak = { pkgs, ... }: {
services.flatpak.packages = [
"com.github.k4zmu2a.spacecadetpinball"
"com.steamgriddb.SGDBoop"
"io.github.Foldex.AdwSteamGtk"
"io.itch.itch"
"io.mrarm.mcpelauncher"
"net.retrodeck.retrodeck"
"org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08"
rec {
appId = "com.hypixel.HytaleLauncher";
sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv";
bundle = "${pkgs.fetchurl {
url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak";
inherit sha256;
}}";
}
];
};
}

11
aspects/gaming/hardware.nix Normal file
View file

@ -0,0 +1,11 @@
{ ... }:
{
flake.modules.nixos.gaming-hardware = { ... }: {
hardware = {
xpadneo.enable = true;
steam-hardware.enable = true; # Allow steam client to manage controllers
graphics.enable32Bit = true; # For OpenGL games
};
};
}

11
aspects/gaming/launchers.nix Normal file
View file

@ -0,0 +1,11 @@
{ ... }:
{
flake.modules.nixos.gaming-launchers = { pkgs, ... }: {
environment.systemPackages = with pkgs; [
clonehero
heroic
prismlauncher
];
};
}

8
aspects/gaming/mangohud.nix
View file

@ -2,17 +2,13 @@
{
flake.modules = {
nixos.mangohud =
{ pkgs, ... }:
{
nixos.gaming-mangohud = { pkgs, ... }: {
environment.systemPackages = with pkgs; [
mangohud
];
};
homeManager.mangohud =
{ config, ... }:
{
homeManager.gaming-mangohud = { config, ... }: {
programs.mangohud = {
enable = true;
enableSessionWide = true;

9
aspects/gaming/steam.nix
View file

@ -1,9 +1,7 @@
{ ... }:
{
flake.modules.nixos.steam =
{ pkgs, ... }:
{
flake.modules.nixos.gaming-steam = { pkgs, ... }: {
environment.systemPackages = with pkgs; [
steam-run
];
@ -15,10 +13,5 @@
};
gamemode.enable = true;
};
services.flatpak.packages = [
"com.steamgriddb.SGDBoop"
"io.github.Foldex.AdwSteamGtk"
];
};
}

82
aspects/hosts/_alexandria/kanidm.nix Normal file
View file

@ -0,0 +1,82 @@
{
config,
lib,
inputs,
pkgs,
...
}:
let
mkNginxVHosts = inputs.self.lib.mkNginxVHosts;
kanidmCertDir = "/var/lib/kanidm/certs";
in
{
services.kanidm = {
enableServer = true;
enableClient = true;
package = pkgs.kanidm;
serverSettings = {
domain = "auth.baduhai.dev";
origin = "https://auth.baduhai.dev";
bindaddress = "127.0.0.1:8443";
ldapbindaddress = "127.0.0.1:636";
trust_x_forward_for = true;
# Use self-signed certificates for internal TLS
tls_chain = "${kanidmCertDir}/cert.pem";
tls_key = "${kanidmCertDir}/key.pem";
};
clientSettings = {
uri = "https://auth.baduhai.dev";
};
};
services.nginx.virtualHosts = mkNginxVHosts {
domains."auth.baduhai.dev" = {
locations."/" = {
proxyPass = "https://127.0.0.1:8443";
extraConfig = ''
proxy_ssl_verify off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
'';
};
};
};
networking.firewall.allowedTCPPorts = [ 636 ];
# Generate self-signed certificates for kanidm's internal TLS
systemd.services.kanidm-generate-certs = {
description = "Generate self-signed TLS certificates for Kanidm";
wantedBy = [ "multi-user.target" ];
before = [ "kanidm.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
mkdir -p ${kanidmCertDir}
if [ ! -f ${kanidmCertDir}/key.pem ]; then
${pkgs.openssl}/bin/openssl req -x509 -newkey rsa:4096 \
-keyout ${kanidmCertDir}/key.pem \
-out ${kanidmCertDir}/cert.pem \
-days 3650 -nodes \
-subj "/CN=localhost" \
-addext "subjectAltName=DNS:localhost,IP:127.0.0.1"
chown -R kanidm:kanidm ${kanidmCertDir}
chmod 600 ${kanidmCertDir}/key.pem
chmod 644 ${kanidmCertDir}/cert.pem
fi
'';
};
# Ensure certificate generation runs before kanidm starts
systemd.services.kanidm = {
after = [ "kanidm-generate-certs.service" ];
wants = [ "kanidm-generate-certs.service" ];
};
}

31
aspects/hosts/_alexandria/miniflux.nix
View file

@ -1,31 +0,0 @@
{ config, inputs, ... }:
let
mkNginxVHosts = inputs.self.lib.mkNginxVHosts;
in
{
services = {
miniflux = {
enable = true;
config = {
LISTEN_ADDR = "localhost:8080";
CREATE_ADMIN = 1;
};
adminCredentialsFile = config.age.secrets.miniflux-admincreds.path;
createDatabaseLocally = true;
};
nginx.virtualHosts = mkNginxVHosts {
domains."rss.baduhai.dev" = {
locations."/".proxyPass = "http://${config.services.miniflux.config.LISTEN_ADDR}/";
};
};
};
age.secrets.miniflux-admincreds = {
file = "${inputs.self}/secrets/miniflux-admincreds.age";
owner = "miniflux";
group = "miniflux";
};
}

7
aspects/hosts/_alexandria/nextcloud.nix
View file

@ -1,7 +1,8 @@
{
lib,
config,
inputs,
pkgs,
inputs,
...
}:
@ -82,12 +83,12 @@ in
age.secrets = {
"nextcloud-secrets.json" = {
file = "${inputs.self}/secrets/nextcloud-secrets.json.age";
file = ../../../secrets/nextcloud-secrets.json.age;
owner = "nextcloud";
group = "nextcloud";
};
nextcloud-adminpass = {
file = "${inputs.self}/secrets/nextcloud-adminpass.age";
file = ../../../secrets/nextcloud-adminpass.age;
owner = "nextcloud";
group = "nextcloud";
};

2
aspects/hosts/_alexandria/nginx.nix
View file

@ -51,7 +51,7 @@ in
];
age.secrets.cloudflare = {
file = "${inputs.self}/secrets/cloudflare.age";
file = ../../../secrets/cloudflare.age;
owner = "nginx";
group = "nginx";
};

3
aspects/hosts/_alexandria/unbound.nix
View file

@ -34,7 +34,8 @@ in
# LAN-only DNS records
local-zone = ''"baduhai.dev." transparent'';
local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') (lib.filter (e: e.lanIP != null) services);
local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'')
(lib.filter (e: e.lanIP != null) services);
};
forward-zone = [

11
aspects/hosts/_rotterdam/services.nix Normal file
View file

@ -0,0 +1,11 @@
{
services.keyd = {
enable = true;
keyboards.main = {
ids = [ "5653:0001" ];
settings.main = {
esc = "overload(meta, esc)";
};
};
};
}

7
aspects/hosts/_trantor/forgejo.nix
View file

@ -21,8 +21,6 @@ in
ROOT_URL = "https://git.baduhai.dev";
OFFLINE_MODE = true; # disable use of CDNs
SSH_DOMAIN = "git.baduhai.dev";
SSH_USER = "forgejo";
SSH_PORT = lib.head config.services.openssh.ports;
};
log.LEVEL = "Warn";
mailer.ENABLED = false;
@ -69,8 +67,5 @@ in
};
# Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories
systemd.services.forgejo.serviceConfig = {
PrivateMounts = lib.mkForce false;
ProtectSystem = lib.mkForce false;
};
systemd.services.forgejo.serviceConfig.PrivateMounts = lib.mkForce false;
}

8
aspects/hosts/_trantor/nginx.nix
View file

@ -8,8 +8,12 @@
let
services = inputs.self.services;
localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "trantor") services));
# Get all unique domains from shared services on trantor (host = "trantor")
localDomains = lib.unique (
map (s: s.domain) (lib.filter (s: s.host == "trantor") services)
);
# Generate ACME cert configs for all local domains
acmeCerts = lib.genAttrs localDomains (domain: {
group = "nginx";
});
@ -49,7 +53,7 @@ in
];
age.secrets.cloudflare = {
file = "${inputs.self}/secrets/cloudflare.age";
file = ../../../secrets/cloudflare.age;
owner = "nginx";
group = "nginx";
};

61
aspects/hosts/alexandria.nix
View file

@ -1,19 +1,50 @@
{ inputs, ... }:
let
mkHost = inputs.self.lib.mkHost;
in
{ inputs, self, ... }:
{
flake.nixosConfigurations.alexandria = mkHost {
hostname = "alexandria";
nixpkgs = inputs.nixpkgs-stable;
extraModules = with inputs.self.modules.nixos; [
# base aspects
server
# other aspects
fwupd
podman
flake.nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
inputs.agenix.nixosModules.default
{ networking.hostName = "alexandria"; }
{
nixpkgs.overlays = [
inputs.agenix.overlays.default
inputs.self.overlays.default
];
}
# Common aspects (always included)
inputs.self.modules.nixos.common-boot
inputs.self.modules.nixos.common-console
inputs.self.modules.nixos.common-firewall
inputs.self.modules.nixos.common-locale
inputs.self.modules.nixos.common-nix
inputs.self.modules.nixos.common-openssh
inputs.self.modules.nixos.common-programs
inputs.self.modules.nixos.common-security
inputs.self.modules.nixos.common-services
inputs.self.modules.nixos.common-tailscale
# User aspects
inputs.self.modules.nixos.user
inputs.self.modules.nixos.root
# Server aspects
inputs.self.modules.nixos.server-boot
inputs.self.modules.nixos.server-nix
inputs.self.modules.nixos.server-tailscale
# Other aspects based on tags
inputs.self.modules.nixos.fwupd
# Host-specific files (from _alexandria/)
./_alexandria/hardware-configuration.nix
./_alexandria/jellyfin.nix
./_alexandria/kanidm.nix
./_alexandria/nextcloud.nix
./_alexandria/nginx.nix
./_alexandria/unbound.nix
./_alexandria/vaultwarden.nix
];
};
}

74
aspects/hosts/io.nix
View file

@ -1,23 +1,59 @@
{ inputs, ... }:
let
mkHost = inputs.self.lib.mkHost;
in
{ inputs, self, ... }:
{
flake.nixosConfigurations.io = mkHost {
hostname = "io";
ephemeralRootDev = "/dev/mapper/cryptroot";
extraModules = with inputs.self.modules.nixos; [
# base aspects
desktop
# other aspects
ai
bluetooth
dev
kde
networkmanager
podman
flake.nixosConfigurations.io = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
inputs.agenix.nixosModules.default
{ networking.hostName = "io"; }
{
nixpkgs.overlays = [
inputs.agenix.overlays.default
inputs.self.overlays.default
];
}
# Common aspects (always included)
inputs.self.modules.nixos.common-boot
inputs.self.modules.nixos.common-console
inputs.self.modules.nixos.common-firewall
inputs.self.modules.nixos.common-locale
inputs.self.modules.nixos.common-nix
inputs.self.modules.nixos.common-openssh
inputs.self.modules.nixos.common-programs
inputs.self.modules.nixos.common-security
inputs.self.modules.nixos.common-services
inputs.self.modules.nixos.common-tailscale
# User aspects
inputs.self.modules.nixos.user
inputs.self.modules.nixos.root
# Desktop aspects
inputs.self.modules.nixos.desktop-boot
inputs.self.modules.nixos.desktop-desktop
inputs.self.modules.nixos.desktop-nix
inputs.self.modules.nixos.desktop-services
# Other aspects based on tags
inputs.self.modules.nixos.ai
inputs.self.modules.nixos.bluetooth
inputs.self.modules.nixos.dev
inputs.self.modules.nixos.libvirtd
inputs.self.modules.nixos.networkmanager
inputs.self.modules.nixos.podman
# Factory-generated ephemeral module
(inputs.self.factory.ephemeral {
rootDevice = "/dev/mapper/cryptroot";
})
# Host-specific files (from _io/)
./_io/hardware-configuration.nix
./_io/disko.nix
./_io/boot.nix
./_io/programs.nix
./_io/services.nix
];
};
}

79
aspects/hosts/rotterdam.nix
View file

@ -1,25 +1,64 @@
{ inputs, ... }:
let
mkHost = inputs.self.lib.mkHost;
in
{
flake.nixosConfigurations.rotterdam = mkHost {
hostname = "rotterdam";
ephemeralRootDev = "/dev/mapper/cryptroot";
extraModules = with inputs.self.modules.nixos; [
# base aspects
desktop
gaming
# other aspects
ai
bluetooth
dev
fwupd
kde
networkmanager
podman
flake.nixosConfigurations.rotterdam = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
inputs.agenix.nixosModules.default
{ networking.hostName = "rotterdam"; }
{
nixpkgs.overlays = [
inputs.agenix.overlays.default
inputs.self.overlays.default
];
}
# Common aspects (always included)
inputs.self.modules.nixos.common-boot
inputs.self.modules.nixos.common-console
inputs.self.modules.nixos.common-firewall
inputs.self.modules.nixos.common-locale
inputs.self.modules.nixos.common-nix
inputs.self.modules.nixos.common-openssh
inputs.self.modules.nixos.common-programs
inputs.self.modules.nixos.common-security
inputs.self.modules.nixos.common-services
inputs.self.modules.nixos.common-tailscale
# User aspects
inputs.self.modules.nixos.user
inputs.self.modules.nixos.root
# Desktop aspects
inputs.self.modules.nixos.desktop-boot
inputs.self.modules.nixos.desktop-desktop
inputs.self.modules.nixos.desktop-nix
inputs.self.modules.nixos.desktop-services
# Other aspects based on tags
inputs.self.modules.nixos.ai
inputs.self.modules.nixos.bluetooth
inputs.self.modules.nixos.dev
inputs.self.modules.nixos.fwupd
inputs.self.modules.nixos.gaming-steam
inputs.self.modules.nixos.gaming-hardware
inputs.self.modules.nixos.gaming-flatpak
inputs.self.modules.nixos.gaming-launchers
inputs.self.modules.nixos.libvirtd
inputs.self.modules.nixos.networkmanager
inputs.self.modules.nixos.podman
# Factory-generated ephemeral module
(inputs.self.factory.ephemeral {
rootDevice = "/dev/mapper/cryptroot";
})
# Host-specific files (from _rotterdam/)
./_rotterdam/hardware-configuration.nix
./_rotterdam/boot.nix
./_rotterdam/hardware.nix
./_rotterdam/programs.nix
./_rotterdam/services.nix
];
};
}

62
aspects/hosts/trantor.nix
View file

@ -1,18 +1,54 @@
{ inputs, ... }:
let
mkHost = inputs.self.lib.mkHost;
in
{ inputs, self, ... }:
{
flake.nixosConfigurations.trantor = mkHost {
hostname = "trantor";
flake.nixosConfigurations.trantor = inputs.nixpkgs-stable.lib.nixosSystem {
system = "aarch64-linux";
nixpkgs = inputs.nixpkgs-stable;
ephemeralRootDev = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2";
extraModules = with inputs.self.modules.nixos; [
# base aspects
server
specialArgs = { inherit inputs; };
modules = [
inputs.agenix.nixosModules.default
{ networking.hostName = "trantor"; }
{
nixpkgs.overlays = [
inputs.agenix.overlays.default
inputs.self.overlays.default
];
}
# Common aspects (always included)
inputs.self.modules.nixos.common-boot
inputs.self.modules.nixos.common-console
inputs.self.modules.nixos.common-firewall
inputs.self.modules.nixos.common-locale
inputs.self.modules.nixos.common-nix
inputs.self.modules.nixos.common-openssh
inputs.self.modules.nixos.common-programs
inputs.self.modules.nixos.common-security
inputs.self.modules.nixos.common-services
inputs.self.modules.nixos.common-tailscale
# User aspects
inputs.self.modules.nixos.user
inputs.self.modules.nixos.root
# Server aspects
inputs.self.modules.nixos.server-boot
inputs.self.modules.nixos.server-nix
inputs.self.modules.nixos.server-tailscale
# Factory-generated ephemeral module
(inputs.self.factory.ephemeral {
rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2";
})
# Host-specific files (from _trantor/)
./_trantor/hardware-configuration.nix
./_trantor/disko.nix
./_trantor/boot.nix
./_trantor/fail2ban.nix
./_trantor/forgejo.nix
./_trantor/networking.nix
./_trantor/nginx.nix
./_trantor/openssh.nix
./_trantor/unbound.nix
];
};
}

9
aspects/libvirtd.nix
View file

@ -1,13 +1,6 @@
{ ... }:
{
flake.modules.nixos.libvirtd =
{
config,
lib,
pkgs,
...
}:
{
flake.modules.nixos.libvirtd = { config, lib, pkgs, ... }: {
virtualisation = {
libvirtd.enable = true;
spiceUSBRedirection.enable = true;

22
aspects/lxc.nix
View file

@ -1,22 +0,0 @@
{ ... }:
{
flake.modules.nixos.lxc =
{
config,
lib,
pkgs,
...
}:
{
virtualisation = {
lxc = {
enable = true;
unprivilegedContainers = true;
};
incus.enable = true;
};
users.users.user.extraGroups = [ "incus-admin" ];
};
}

14
aspects/networkmanager.nix
View file

@ -1,14 +1,10 @@
{ ... }:
{
flake.modules.nixos.networkmanager =
{
config,
lib,
pkgs,
...
}:
{
networking.networkmanager.enable = true;
flake.modules.nixos.networkmanager = { config, lib, pkgs, ... }: {
networking.networkmanager = {
enable = true;
wifi.backend = "iwd";
};
users.users.user.extraGroups = [ "networkmanager" ];
};

2
aspects/desktop/graphics.nix → aspects/programs/graphics.nix
View file

@ -1,7 +1,7 @@
{ ... }:
{
flake.modules.nixos.graphics =
flake.modules.nixos.programs-graphics =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [

9
aspects/desktop/media.nix → aspects/programs/media.nix
View file

@ -2,17 +2,18 @@
{
flake.modules = {
nixos.media =
nixos.programs-media =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
mpv
decibels
loupe
obs-studio
qview
showtime
];
};
homeManager.media =
homeManager.programs-media =
{ pkgs, ... }:
{
programs.obs-studio = {

5
aspects/desktop/office.nix → aspects/programs/office.nix
View file

@ -1,7 +1,7 @@
{ ... }:
{
flake.modules.nixos.office =
flake.modules.nixos.programs-office =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
@ -10,8 +10,7 @@
aspellDicts.en
aspellDicts.en-computers
aspellDicts.pt_BR
glow
kwrite
papers
presenterm
rnote
];

62
aspects/programs/utilities.nix Normal file
View file

@ -0,0 +1,62 @@
{ ... }:
{
flake.modules = {
nixos.programs-utilities =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
ghostty
gnome-disk-utility
mission-center
nautilus
p7zip
rclone
unrar
# Desktop Integration
adwaita-icon-theme
junction
libfido2
toggleaudiosink
# Xwayland Support
xwayland-satellite
];
services.flatpak.packages = [
"com.github.tchx84.Flatseal"
"com.rustdesk.RustDesk"
];
};
homeManager.programs-utilities =
{ pkgs, ... }:
{
programs = {
ghostty = {
enable = true;
settings = {
cursor-style = "block";
shell-integration-features = "no-cursor";
cursor-style-blink = false;
custom-shader = "${builtins.fetchurl {
url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl";
sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41";
}}";
bell-features = "";
gtk-titlebar-style = "tabs";
keybind = [ "shift+enter=text:\\x1b\\r" ];
};
};
password-store = {
enable = true;
package = pkgs.pass-wayland;
};
};
home.sessionVariables = {
TERMINAL = "ghostty";
};
};
};
}

10
aspects/desktop/web.nix → aspects/programs/web.nix
View file

@ -1,20 +1,20 @@
{ ... }:
{
flake.modules.nixos.web =
flake.modules.nixos.programs-web =
{
inputs,
pkgs,
system,
...
}:
{
environment.systemPackages = with pkgs; [
inputs.zen-browser.packages."${pkgs.stdenv.hostPlatform.system}".default
amnesiac-brave
beeper
inputs.zen-browser.packages."${system}".default
bitwarden-desktop
qbittorrent
fragments
nextcloud-client
tor-browser
vesktop
];
};

7
aspects/server/boot.nix Normal file
View file

@ -0,0 +1,7 @@
# aspects/server/boot.nix
{ ... }:
{
flake.modules.nixos.server-boot = { config, lib, pkgs, ... }: {
boot.kernelPackages = pkgs.linuxPackages_hardened;
};
}

15
aspects/server/nix.nix Normal file
View file

@ -0,0 +1,15 @@
# aspects/server/nix.nix
{ inputs, ... }:
{
flake.modules.nixos.server-nix = { config, lib, pkgs, ... }: {
environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath;
nix = {
registry.nixpkgs.flake = inputs.nixpkgs-stable;
nixPath = [
"nixpkgs=/etc/channels/nixpkgs"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
};
}

15
aspects/server/tailscale.nix Normal file
View file

@ -0,0 +1,15 @@
# aspects/server/tailscale.nix
{ ... }:
{
flake.modules.nixos.server-tailscale = { config, lib, pkgs, ... }: {
services.tailscale = {
extraSetFlags = [ "--advertise-exit-node" ];
useRoutingFeatures = "server";
};
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
};
}

9
aspects/shell/bash.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
flake.modules.homeManager.shell-bash = { config, lib, pkgs, ... }: {
programs.bash = {
enable = true;
historyFile = "~/.cache/bash_history";
};
};
}

33
aspects/shell/fish.nix Normal file
View file

@ -0,0 +1,33 @@
{ ... }:
{
flake.modules.homeManager.shell-fish = { config, lib, pkgs, ... }: {
programs.fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting
${lib.getExe pkgs.nix-your-shell} fish | source
'';
loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source";
plugins = [
{
name = "bang-bang";
src = pkgs.fetchFromGitHub {
owner = "oh-my-fish";
repo = "plugin-bang-bang";
rev = "f969c618301163273d0a03d002614d9a81952c1e";
sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ=";
};
}
{
name = "z";
src = pkgs.fetchFromGitHub {
owner = "jethrokuan";
repo = "z";
rev = "067e867debee59aee231e789fc4631f80fa5788e";
sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU=";
};
}
];
};
};
}

15
aspects/stylix.nix
View file

@ -1,5 +1,4 @@
{ ... }:
{
flake.modules = {
nixos.stylix =
@ -16,7 +15,10 @@
...
}:
{
imports = [ inputs.stylix.homeModules.stylix ];
imports = [
inputs.stylix.homeModules.stylix
inputs.zen-browser.homeModules.beta
];
stylix = {
enable = true;
@ -63,6 +65,15 @@
terminal = 12;
};
};
targets.zen-browser = {
enable = true;
profileNames = [ "william" ];
};
};
programs.zen-browser = {
enable = true;
profiles.william = { };
};
};
};

57
aspects/systems/base.nix
View file

@ -1,57 +0,0 @@
{ inputs, ... }:
{
flake.modules = {
nixos.base =
{ lib, pkgs, ... }:
{
imports = with inputs.self.modules.nixos; [
boot
console
firewall
fish
locale
nix
security
ssh
zsh
];
environment = {
systemPackages = with pkgs; [
git
fastfetch
nixos-firewall-tool
sysz
wget
];
shellAliases = {
cat = "${lib.getExe pkgs.bat} --paging=never --style=plain";
ls = "${lib.getExe pkgs.eza} --git --icons --group-directories-first";
la = "ls -hal";
tree = "ls --tree";
};
};
programs.command-not-found.enable = false;
services = {
dbus.implementation = "broker";
irqbalance.enable = true;
fstrim.enable = true;
tailscale = {
enable = true;
extraUpFlags = [ "--operator=user" ];
};
};
};
homeManager.base =
{ ... }:
{
imports = with inputs.self.modules.homeManager; [
bash
fish
zsh
];
};
};
}

38
aspects/systems/cli.nix
View file

@ -1,38 +0,0 @@
{ inputs, ... }:
{
flake.modules = {
nixos.cli =
{ pkgs, ... }:
{
imports = with inputs.self.modules.nixos; [
btop
helix
tmux
];
environment.systemPackages = with pkgs; [
p7zip
rclone
];
};
homeManager.cli =
{ ... }:
{
imports = with inputs.self.modules.homeManager; [
btop
comma
direnv
helix
hm-cli
starship
tmux
];
programs.zoxide = {
enable = true;
enableBashIntegration = true;
enableZshIntegration = true;
};
};
};
}

165
aspects/systems/desktop.nix
View file

@ -1,165 +0,0 @@
{
inputs,
...
}:
{
flake.modules = {
nixos.desktop =
{
config,
lib,
pkgs,
...
}:
{
imports = [
inputs.nix-flatpak.nixosModules.nix-flatpak
]
++ (with inputs.self.modules.nixos; [
graphics
media
office
web
]);
boot = {
plymouth.enable = true;
initrd.systemd.enable = true;
loader.efi.efiSysMountPoint = "/boot/efi";
kernelPackages = pkgs.linuxPackages_xanmod_latest;
extraModprobeConfig = ''
options bluetooth disable_ertm=1
'';
kernel.sysctl = {
"net.ipv4.tcp_mtu_probing" = 1;
};
kernelParams = [
"quiet"
"splash"
"i2c-dev"
"i2c-piix4"
"loglevel=3"
"udev.log_priority=3"
"rd.udev.log_level=3"
"rd.systemd.show_status=false"
];
};
nix = {
registry.nixpkgs.flake = inputs.nixpkgs;
nixPath = [
"nixpkgs=${inputs.nixpkgs}"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
environment = {
etc."channels/nixpkgs".source = inputs.nixpkgs.outPath;
sessionVariables = {
KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir
NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland
};
systemPackages = with pkgs; [
libfido2
mission-center
toggleaudiosink
unrar
];
};
services = {
printing.enable = true;
udev.packages = with pkgs; [ yubikey-personalization ];
keyd = {
enable = true;
keyboards = {
all = {
ids = [ "*" ];
settings.main.capslock = "overload(meta, esc)";
};
corne = {
ids = [ "5653:0001" ];
settings.main = {
esc = "overload(meta, esc)";
};
};
};
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
wireplumber.enable = true;
};
displayManager.autoLogin = {
enable = true;
user = "user";
};
flatpak = {
enable = true;
packages = [
"com.github.tchx84.Flatseal"
"com.rustdesk.RustDesk"
];
uninstallUnmanaged = true;
update.auto.enable = true;
};
gvfs.enable = true;
};
security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority
programs = {
dconf.enable = true;
appimage = {
enable = true;
binfmt = true;
};
};
fonts = {
fontDir.enable = true;
packages = with pkgs; [
corefonts
inter
nerd-fonts.fira-code
noto-fonts-cjk-sans
noto-fonts-color-emoji
roboto
];
};
};
homeManager.desktop =
{
config,
lib,
pkgs,
inputs,
...
}:
{
imports = [
inputs.vicinae.homeManagerModules.default
]
++ (with inputs.self.modules.homeManager; [ media ]);
fonts.fontconfig.enable = true;
services.vicinae = {
enable = true;
systemd = {
enable = true;
autoStart = true;
};
};
xdg = {
enable = true;
userDirs.enable = true;
};
};
};
}

48
aspects/systems/gaming.nix
View file

@ -1,48 +0,0 @@
{ inputs, ... }:
{
flake.modules = {
nixos.gaming =
{ pkgs, ... }:
{
imports = with inputs.self.modules.nixos; [
mangohud
steam
];
hardware = {
xpadneo.enable = true;
steam-hardware.enable = true; # Allow steam client to manage controllers
graphics.enable32Bit = true; # For OpenGL games
};
services.flatpak.packages = [
"com.github.k4zmu2a.spacecadetpinball"
"io.itch.itch"
"io.mrarm.mcpelauncher"
"net.retrodeck.retrodeck"
"org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08"
rec {
appId = "com.hypixel.HytaleLauncher";
sha256 = "uu7FA36M4wSqDXRF1fFNla8S5MjL1N1kZi4gwbpw1oY=";
bundle = "${pkgs.fetchurl {
url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak";
inherit sha256;
}}";
}
];
environment.systemPackages = with pkgs; [
clonehero
heroic
prismlauncher
];
};
homeManager.gaming =
{ ... }:
{
imports = with inputs.self.modules.homeManager; [
mangohud
];
};
};
}

36
aspects/systems/server.nix
View file

@ -1,36 +0,0 @@
{ inputs, ... }:
{
flake.modules.nixos.server =
{
config,
lib,
pkgs,
...
}:
{
boot = {
kernelPackages = pkgs.linuxPackages_hardened;
kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
};
environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath;
nix = {
registry.nixpkgs.flake = inputs.nixpkgs-stable;
nixPath = [
"nixpkgs=/etc/channels/nixpkgs"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
services.tailscale = {
extraSetFlags = [ "--advertise-exit-node" ];
useRoutingFeatures = "server";
};
};
}

2
aspects/users/_user/git.nix
View file

@ -1,4 +1,4 @@
{ ... }:
{ pkgs, ... }:
{
programs = {

115
aspects/users/user.nix
View file

@ -1,8 +1,4 @@
{ inputs, ... }:
let
mkHomeConfiguration = inputs.self.lib.mkHomeConfiguration;
in
{ inputs, self, ... }:
{
flake = {
@ -11,7 +7,7 @@ in
{
users.users.user = {
isNormalUser = true;
shell = pkgs.zsh;
shell = pkgs.fish;
extraGroups = [
"networkmanager"
"wheel"
@ -24,30 +20,97 @@ in
hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0";
};
};
homeConfigurations = {
"user@rotterdam" = mkHomeConfiguration {
user = "user";
hostname = "rotterdam";
userModules = with inputs.self.modules.homeManager; [
# system aspects
desktop
gaming
# other aspects
ai
kde
homeConfigurations = {
"user@rotterdam" = inputs.home-manager.lib.homeManagerConfiguration {
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = {
inherit inputs;
hostname = "rotterdam";
};
modules = [
{ nixpkgs.overlays = [ inputs.self.overlays.default ]; }
# CLI aspects (common module included)
inputs.self.modules.homeManager.cli-base
inputs.self.modules.homeManager.cli-btop
inputs.self.modules.homeManager.cli-comma
inputs.self.modules.homeManager.cli-direnv
inputs.self.modules.homeManager.cli-helix
inputs.self.modules.homeManager.cli-starship
inputs.self.modules.homeManager.cli-tmux
# Shell
inputs.self.modules.homeManager.shell-fish
inputs.self.modules.homeManager.shell-bash
# Desktop
inputs.self.modules.homeManager.desktop-desktop
inputs.self.modules.homeManager.desktop-niri
# Gaming
inputs.self.modules.homeManager.gaming-mangohud
# Programs
inputs.self.modules.homeManager.programs-media # for obs-studio
# Stylix
inputs.self.modules.homeManager.stylix
# User-specific (from _user/)
./_user/git.nix
# Home configuration
{
home = {
username = "user";
homeDirectory = "/home/user";
stateVersion = "22.05";
};
}
];
};
"user@io" = mkHomeConfiguration {
user = "user";
hostname = "io";
userModules = with inputs.self.modules.homeManager; [
# system aspects
desktop
# other aspects
ai
kde
"user@io" = inputs.home-manager.lib.homeManagerConfiguration {
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = {
inherit inputs;
hostname = "io";
};
modules = [
{ nixpkgs.overlays = [ inputs.self.overlays.default ]; }
# CLI aspects (common module included)
inputs.self.modules.homeManager.cli-base
inputs.self.modules.homeManager.cli-btop
inputs.self.modules.homeManager.cli-comma
inputs.self.modules.homeManager.cli-direnv
inputs.self.modules.homeManager.cli-helix
inputs.self.modules.homeManager.cli-starship
inputs.self.modules.homeManager.cli-tmux
# Shell
inputs.self.modules.homeManager.shell-fish
inputs.self.modules.homeManager.shell-bash
# Desktop
inputs.self.modules.homeManager.desktop-desktop
inputs.self.modules.homeManager.desktop-niri
# Stylix
inputs.self.modules.homeManager.stylix
# User-specific (from _user/)
./_user/git.nix
# Home configuration
{
home = {
username = "user";
homeDirectory = "/home/user";
stateVersion = "22.05";
};
}
];
};
};

10
data/services.nix
View file

@ -12,6 +12,11 @@
};
services = [
{
name = "kanidm";
domain = "auth.baduhai.dev";
host = "alexandria";
}
{
name = "vaultwarden";
domain = "pass.baduhai.dev";
@ -33,10 +38,5 @@
domain = "jellyfin.baduhai.dev";
host = "alexandria";
}
{
name = "miniflux";
domain = "rss.baduhai.dev";
host = "alexandria";
}
];
}

621
flake.lock generated
View file

@ -10,11 +10,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1770165109,
"narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=",
"lastModified": 1762618334,
"narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
"owner": "ryantm",
"repo": "agenix",
"rev": "b027ee29d959fda4b60b57566d64c98a202e0feb",
"rev": "fcdea223397448d35d9b31f798479227e80183f6",
"type": "github"
},
"original": {
@ -97,17 +97,14 @@
"nix-ai-tools",
"nixpkgs"
],
"systems": [
"nix-ai-tools",
"systems"
]
"systems": "systems_2"
},
"locked": {
"lastModified": 1771437256,
"narHash": "sha256-bLqwib+rtyBRRVBWhMuBXPCL/OThfokA+j6+uH7jDGU=",
"lastModified": 1767386128,
"narHash": "sha256-BJDu7dIMauO2nYRSL4aI8wDNtEm2KOb7lDKP3hxdrpo=",
"owner": "numtide",
"repo": "blueprint",
"rev": "06ee7190dc2620ea98af9eb225aa9627b68b0e33",
"rev": "0ed984d51a3031065925ab08812a5434f40b93d4",
"type": "github"
},
"original": {
@ -116,40 +113,6 @@
"type": "github"
}
},
"bun2nix": {
"inputs": {
"flake-parts": [
"nix-ai-tools",
"flake-parts"
],
"import-tree": "import-tree_2",
"nixpkgs": [
"nix-ai-tools",
"nixpkgs"
],
"systems": [
"nix-ai-tools",
"systems"
],
"treefmt-nix": [
"nix-ai-tools",
"treefmt-nix"
]
},
"locked": {
"lastModified": 1770895533,
"narHash": "sha256-v3QaK9ugy9bN9RXDnjw0i2OifKmz2NnKM82agtqm/UY=",
"owner": "nix-community",
"repo": "bun2nix",
"rev": "c843f477b15f51151f8c6bcc886954699440a6e1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "bun2nix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@ -177,11 +140,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1773889306,
"narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=",
"lastModified": 1768923567,
"narHash": "sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q=",
"owner": "nix-community",
"repo": "disko",
"rev": "5ad85c82cc52264f4beddc934ba57f3789f28347",
"rev": "00395d188e3594a1507f214a2f15d4ce5c07cb28",
"type": "github"
},
"original": {
@ -222,16 +185,32 @@
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1772408722,
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
"lastModified": 1768135262,
"narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
"rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac",
"type": "github"
},
"original": {
@ -242,17 +221,14 @@
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nix-ai-tools",
"nixpkgs"
]
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1772408722,
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
"lastModified": 1765835352,
"narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
"rev": "a34fae9c08a15ad73f295041fec82323541400a9",
"type": "github"
},
"original": {
@ -262,24 +238,6 @@
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1772408722,
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_4": {
"inputs": {
"nixpkgs-lib": [
"stylix",
@ -300,7 +258,7 @@
"type": "github"
}
},
"flake-parts_5": {
"flake-parts_4": {
"inputs": {
"nixpkgs-lib": [
"terranix",
@ -384,11 +342,11 @@
]
},
"locked": {
"lastModified": 1774561634,
"narHash": "sha256-3q1xsREjqdVIIwQQDZQ9y0YdBzP8gAxdwKoKnZSzJtU=",
"lastModified": 1768927746,
"narHash": "sha256-zyMpWHqcpKVmRc1W2NEK7DAuyVJZV62Jdjqudg70b1k=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "7c046c63ac3b467c1d589b99d531da5b6520825a",
"rev": "63a87808f5f9b6e4195a1d33f6ea25d23f4aa0df",
"type": "github"
},
"original": {
@ -427,11 +385,11 @@
]
},
"locked": {
"lastModified": 1773422513,
"narHash": "sha256-MPjR48roW7CUMU6lu0+qQGqj92Kuh3paIulMWFZy+NQ=",
"lastModified": 1768434960,
"narHash": "sha256-cJbFn17oyg6qAraLr+NVeNJrXsrzJdrudkzI4H2iTcg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "ef12a9a2b0f77c8fa3dda1e7e494fca668909056",
"rev": "b4d88c9ac42ae1a745283f6547701da43b6e9f9b",
"type": "github"
},
"original": {
@ -446,11 +404,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1769548169,
"narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=",
"lastModified": 1768835187,
"narHash": "sha256-6nY0ixjGjPQCL+/sUC1B1MRiO1LOI3AkRSIywm3i3bE=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "7b1d382faf603b6d264f58627330f9faa5cba149",
"rev": "0d633a69480bb3a3e2f18c080d34a8fa81da6395",
"type": "github"
},
"original": {
@ -460,21 +418,6 @@
}
},
"import-tree": {
"locked": {
"lastModified": 1773693634,
"narHash": "sha256-BtZ2dtkBdSUnFPPFc+n0kcMbgaTxzFNPv2iaO326Ffg=",
"owner": "vic",
"repo": "import-tree",
"rev": "c41e7d58045f9057880b0d85e1152d6a4430dbf1",
"type": "github"
},
"original": {
"owner": "vic",
"repo": "import-tree",
"type": "github"
}
},
"import-tree_2": {
"locked": {
"lastModified": 1763762820,
"narHash": "sha256-ZvYKbFib3AEwiNMLsejb/CWs/OL/srFQ8AogkebEPF0=",
@ -489,21 +432,94 @@
"type": "github"
}
},
"niri": {
"inputs": {
"nixpkgs": "nixpkgs_3",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1760963745,
"narHash": "sha256-FVf9YFw2wQnMAxvMxEk+vFakXhPQUSapDpGmlLzAxjg=",
"owner": "baduhai",
"repo": "niri",
"rev": "dd3e3d1009991ecd87ab7253c9e7696acf2bc943",
"type": "github"
},
"original": {
"owner": "baduhai",
"ref": "auto-center-when-space-available",
"repo": "niri",
"type": "github"
}
},
"niri-flake": {
"inputs": {
"niri-stable": "niri-stable",
"niri-unstable": "niri-unstable",
"nixpkgs": "nixpkgs_4",
"nixpkgs-stable": "nixpkgs-stable",
"xwayland-satellite-stable": "xwayland-satellite-stable",
"xwayland-satellite-unstable": "xwayland-satellite-unstable"
},
"locked": {
"lastModified": 1768877436,
"narHash": "sha256-ct4qxmFJeJbaJKiOnXOZmRmVmk7TpT+lohuTgTr+kYQ=",
"owner": "sodiboo",
"repo": "niri-flake",
"rev": "6581f5458309233622c1b73c8902dcaea7be16eb",
"type": "github"
},
"original": {
"owner": "sodiboo",
"repo": "niri-flake",
"type": "github"
}
},
"niri-stable": {
"flake": false,
"locked": {
"lastModified": 1756556321,
"narHash": "sha256-RLD89dfjN0RVO86C/Mot0T7aduCygPGaYbog566F0Qo=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "01be0e65f4eb91a9cd624ac0b76aaeab765c7294",
"type": "github"
},
"original": {
"owner": "YaLTeR",
"ref": "v25.08",
"repo": "niri",
"type": "github"
}
},
"niri-unstable": {
"flake": false,
"locked": {
"lastModified": 1768678265,
"narHash": "sha256-Ub8eed4DsfIDWyg30xEe+8bSxL/z5Af/gCjmvJ0V/Hs=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "d7184a04b904e07113f4623610775ae78d32394c",
"type": "github"
},
"original": {
"owner": "YaLTeR",
"repo": "niri",
"type": "github"
}
},
"nix-ai-tools": {
"inputs": {
"blueprint": "blueprint",
"bun2nix": "bun2nix",
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_3",
"systems": "systems_2",
"nixpkgs": "nixpkgs_5",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1774551325,
"narHash": "sha256-Q2dh3zBu3oixlEWAbtXGL44O6jtEP/Tog0P44qu0RJY=",
"lastModified": 1768922080,
"narHash": "sha256-gFoGvnW2YDWsxKD56kdiXbhh9vBPAU3yusssbXF0UMo=",
"owner": "numtide",
"repo": "llm-agents.nix",
"rev": "8348bf988abbbafa5f105f819a6153f1dbe22a2e",
"rev": "78f3fdc13ef903475aa5bfc0f85eeefaa36af837",
"type": "github"
},
"original": {
@ -535,11 +551,11 @@
]
},
"locked": {
"lastModified": 1774156144,
"narHash": "sha256-gdYe9wTPl4ignDyXUl1LlICWj41+S0GB5lG1fKP17+A=",
"lastModified": 1765267181,
"narHash": "sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "55b588747fa3d7fc351a11831c4b874dab992862",
"rev": "82befcf7dc77c909b0f2a09f5da910ec95c5b78f",
"type": "github"
},
"original": {
@ -551,16 +567,16 @@
"nixos-cli": {
"inputs": {
"flake-compat": "flake-compat",
"flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_4",
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_6",
"optnix": "optnix"
},
"locked": {
"lastModified": 1774427328,
"narHash": "sha256-KtGThScvwNbCm+6XwUKRfpTjJVKV9SHswm29px3m4pw=",
"lastModified": 1768778579,
"narHash": "sha256-6w1Mhg6+46LlaheCa1O/jIk02ukerZ7DdUf9GlQVGxc=",
"owner": "nix-community",
"repo": "nixos-cli",
"rev": "23e7540706eb5271f4ab37b9e52532637d57c63b",
"rev": "5e79001c7a8b556c3c61d4ef38f0f0fa1187ee90",
"type": "github"
},
"original": {
@ -571,11 +587,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1773628058,
"narHash": "sha256-hpXH0z3K9xv0fHaje136KY872VT2T5uwxtezlAskQgY=",
"lastModified": 1768661221,
"narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "f8573b9c935cfaa162dd62cc9e75ae2db86f85df",
"rev": "3327b113f2ef698d380df83fbccefad7e83d7769",
"type": "github"
},
"original": {
@ -587,11 +603,11 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1772328832,
"narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=",
"lastModified": 1765674936,
"narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742",
"rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
"type": "github"
},
"original": {
@ -602,11 +618,11 @@
},
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1772328832,
"narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=",
"lastModified": 1765674936,
"narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742",
"rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
"type": "github"
},
"original": {
@ -617,11 +633,27 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1774388614,
"narHash": "sha256-tFwzTI0DdDzovdE9+Ras6CUss0yn8P9XV4Ja6RjA+nU=",
"lastModified": 1768773494,
"narHash": "sha256-XsM7GP3jHlephymxhDE+/TKKO1Q16phz/vQiLBGhpF4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "77ef7a29d276c6d8303aece3444d61118ef71ac2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1768773494,
"narHash": "sha256-XsM7GP3jHlephymxhDE+/TKKO1Q16phz/vQiLBGhpF4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1073dad219cb244572b74da2b20c7fe39cb3fa9e",
"rev": "77ef7a29d276c6d8303aece3444d61118ef71ac2",
"type": "github"
},
"original": {
@ -631,6 +663,38 @@
"type": "github"
}
},
"nixpkgs_10": {
"locked": {
"lastModified": 1762111121,
"narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_11": {
"locked": {
"lastModified": 1768127708,
"narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1768564909,
@ -649,11 +713,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1774273680,
"narHash": "sha256-a++tZ1RQsDb1I0NHrFwdGuRlR5TORvCEUksM459wKUA=",
"lastModified": 1757967192,
"narHash": "sha256-/aA9A/OBmnuOMgwfzdsXRusqzUpd8rQnQY8jtrHK+To=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fdc7b8f7b30fdbedec91b71ed82f36e1637483ed",
"rev": "0d7c15863b251a7a50265e57c1dca1a7add2e291",
"type": "github"
},
"original": {
@ -665,11 +729,27 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1772956932,
"narHash": "sha256-M0yS4AafhKxPPmOHGqIV0iKxgNO8bHDWdl1kOwGBwRY=",
"lastModified": 1768564909,
"narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "608d0cadfed240589a7eea422407a547ad626a14",
"rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1768783163,
"narHash": "sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo+w8KsY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bde09022887110deb780067364a0818e89258968",
"type": "github"
},
"original": {
@ -679,13 +759,45 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1774386573,
"narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=",
"lastModified": 1767151656,
"narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "f665af0cdb70ed27e1bd8f9fdfecaf451260fc55",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1759070547,
"narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "647e5c14cbd5067f44ac86b74f014962df460840",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1768564909,
"narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9",
"rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
"type": "github"
},
"original": {
@ -695,7 +807,7 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_9": {
"locked": {
"lastModified": 1767767207,
"narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=",
@ -711,51 +823,18 @@
"type": "github"
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1772542754,
"narHash": "sha256-WGV2hy+VIeQsYXpsLjdr4GvHv5eECMISX1zKLTedhdg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8c809a146a140c5c8806f13399592dbcb1bb5dc4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1773389992,
"narHash": "sha256-wvfdLLWJ2I9oEpDd9PfMA8osfIZicoQ5MT1jIwNs9Tk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c06b4ae3d6599a672a6210b7021d699c351eebda",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"noctalia": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"noctalia-qs": "noctalia-qs"
]
},
"locked": {
"lastModified": 1774574060,
"narHash": "sha256-1aPBtIO74L/S4ymQ//qgWJfjknjpAlKEPULOL833wOc=",
"lastModified": 1768924718,
"narHash": "sha256-T4H/VMjGwBuHEIrPYWfXQ73XV0foCuFGgH7k3SNSJDo=",
"owner": "noctalia-dev",
"repo": "noctalia-shell",
"rev": "f19a19cfc6dcf2cd73b1d9d11460cbe363b0c967",
"rev": "1ef5c0eb307e8a4f30dfa6bcc75cf90ae8c6af46",
"type": "github"
},
"original": {
@ -764,29 +843,6 @@
"type": "github"
}
},
"noctalia-qs": {
"inputs": {
"nixpkgs": [
"noctalia",
"nixpkgs"
],
"systems": "systems_3",
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
"lastModified": 1774556355,
"narHash": "sha256-N131zILQ06ZNEvtgtjjFZ0N5qEI70rKKhCZsBcZoDH8=",
"owner": "noctalia-dev",
"repo": "noctalia-qs",
"rev": "070340934ca374bc770fd500a0fd7b3210f06b1c",
"type": "github"
},
"original": {
"owner": "noctalia-dev",
"repo": "noctalia-qs",
"type": "github"
}
},
"nur": {
"inputs": {
"flake-parts": [
@ -814,21 +870,15 @@
},
"optnix": {
"inputs": {
"flake-compat": [
"nixos-cli",
"flake-compat"
],
"nixpkgs": [
"nixos-cli",
"nixpkgs"
]
"flake-compat": "flake-compat_2",
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1770000117,
"narHash": "sha256-kZ1eLvCxfN+6RYQdcWUdIf+2WuiNiAfbJq+VetT+kos=",
"lastModified": 1765418479,
"narHash": "sha256-33VCCXiEnEL9N2wVxo9FHLwL8KWH6qk+MNRcSThOPWs=",
"owner": "water-sucks",
"repo": "optnix",
"rev": "e3a8a63d8a9dcad01f499b2ece87db3545443f05",
"rev": "01facc3de860bf479723bf19535586564e59fe73",
"type": "github"
},
"original": {
@ -845,12 +895,14 @@
"home-manager": "home-manager_2",
"impermanence": "impermanence",
"import-tree": "import-tree",
"niri": "niri",
"niri-flake": "niri-flake",
"nix-ai-tools": "nix-ai-tools",
"nix-flatpak": "nix-flatpak",
"nix-index-database": "nix-index-database",
"nixos-cli": "nixos-cli",
"nixpkgs": "nixpkgs_5",
"nixpkgs-stable": "nixpkgs-stable",
"nixpkgs": "nixpkgs_8",
"nixpkgs-stable": "nixpkgs-stable_2",
"noctalia": "noctalia",
"stylix": "stylix",
"terranix": "terranix",
@ -858,6 +910,27 @@
"zen-browser": "zen-browser"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"niri",
"nixpkgs"
]
},
"locked": {
"lastModified": 1757989933,
"narHash": "sha256-9cpKYWWPCFhgwQTww8S94rTXgg8Q8ydFv9fXM6I8xQM=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "8249aa3442fb9b45e615a35f39eca2fe5510d7c3",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"stylix": {
"inputs": {
"base16": "base16",
@ -865,11 +938,11 @@
"base16-helix": "base16-helix",
"base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme",
"flake-parts": "flake-parts_4",
"flake-parts": "flake-parts_3",
"gnome-shell": "gnome-shell",
"nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs_9",
"nur": "nur",
"systems": "systems_4",
"systems": "systems_3",
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes",
@ -877,11 +950,11 @@
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1774124764,
"narHash": "sha256-Poz9WTjiRlqZIf197CrMMJfTifZhrZpbHFv0eU1Nhtg=",
"lastModified": 1768744881,
"narHash": "sha256-3+h7OxqfrPIB/tRsiZXWE9sCbTm7NQN5Ie428p+S6BA=",
"owner": "danth",
"repo": "stylix",
"rev": "e31c79f571c5595a155f84b9d77ce53a84745494",
"rev": "06684f00cfbee14da96fd4307b966884de272d3a",
"type": "github"
},
"original": {
@ -922,16 +995,16 @@
},
"systems_3": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"repo": "default",
"type": "github"
}
},
@ -965,35 +1038,20 @@
"type": "github"
}
},
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"terranix": {
"inputs": {
"flake-parts": "flake-parts_5",
"flake-parts": "flake-parts_4",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems_5"
"systems": "systems_4"
},
"locked": {
"lastModified": 1773700838,
"narHash": "sha256-6KFxpxyXjcqhOexc7ZeaXVWdDtGb6zO8HtjBEci9DfU=",
"lastModified": 1762472226,
"narHash": "sha256-iVS4sxVgGn+T74rGJjEJbzx+kjsuaP3wdQVXBNJ79A0=",
"owner": "terranix",
"repo": "terranix",
"rev": "306ce146bf0324dc3b3c45c095036b6f0e26bf35",
"rev": "3b5947a48da5694094b301a3b1ef7b22ec8b19fc",
"type": "github"
},
"original": {
@ -1091,33 +1149,11 @@
]
},
"locked": {
"lastModified": 1773297127,
"narHash": "sha256-6E/yhXP7Oy/NbXtf1ktzmU8SdVqJQ09HC/48ebEGBpk=",
"lastModified": 1768158989,
"narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "71b125cd05fbfd78cab3e070b73544abe24c5016",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_2": {
"inputs": {
"nixpkgs": [
"noctalia",
"noctalia-qs",
"nixpkgs"
]
},
"locked": {
"lastModified": 1772660329,
"narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "3710e0e1218041bbad640352a0440114b1e10428",
"rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca",
"type": "github"
},
"original": {
@ -1128,15 +1164,15 @@
},
"vicinae": {
"inputs": {
"nixpkgs": "nixpkgs_7",
"systems": "systems_6"
"nixpkgs": "nixpkgs_10",
"systems": "systems_5"
},
"locked": {
"lastModified": 1774444959,
"narHash": "sha256-QsfXRSRyptJ91/rXobWpmZRC/TBT69Stmok1sXqDpa0=",
"lastModified": 1768856963,
"narHash": "sha256-u5bWDuwk6oieTnvm1YjNotcYK8iJSddH5+S68+X4TSc=",
"owner": "vicinaehq",
"repo": "vicinae",
"rev": "5f7d3d62bb2c38181e0289fa0e3b43dfec206bfd",
"rev": "934bc0ad47be6dbd6498a0dac655c4613fd0ab27",
"type": "github"
},
"original": {
@ -1145,17 +1181,50 @@
"type": "github"
}
},
"xwayland-satellite-stable": {
"flake": false,
"locked": {
"lastModified": 1755491097,
"narHash": "sha256-m+9tUfsmBeF2Gn4HWa6vSITZ4Gz1eA1F5Kh62B0N4oE=",
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"rev": "388d291e82ffbc73be18169d39470f340707edaa",
"type": "github"
},
"original": {
"owner": "Supreeeme",
"ref": "v0.7",
"repo": "xwayland-satellite",
"type": "github"
}
},
"xwayland-satellite-unstable": {
"flake": false,
"locked": {
"lastModified": 1768765571,
"narHash": "sha256-C1JbyJ3ftogmN3vmLNfyPtnJw2wY64TiUTIhFtk1Leg=",
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"rev": "ed1cef792b4def3321ff9ab5479df09609f17a69",
"type": "github"
},
"original": {
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"type": "github"
}
},
"zen-browser": {
"inputs": {
"home-manager": "home-manager_4",
"nixpkgs": "nixpkgs_8"
"nixpkgs": "nixpkgs_11"
},
"locked": {
"lastModified": 1774478219,
"narHash": "sha256-WyPQoYBde7TSCR45ZgofzBqvVo/MpH3Vkh8YMj9OZC0=",
"lastModified": 1768919538,
"narHash": "sha256-w10iy/aqd5LtD78NDWWG+eKGzkb+cGhAAo7PVciLbWE=",
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"rev": "2e49c5278af6ef5f1e17e0fd27c2e22b1a7edc38",
"rev": "37149a5b77e8fd2b5332e8cec9edf39ca5b8e8bc",
"type": "github"
},
"original": {

4
flake.nix
View file

@ -26,6 +26,7 @@
stylix.url = "github:danth/stylix";
# nixos/hm program modules
niri-flake.url = "github:sodiboo/niri-flake";
nix-ai-tools.url = "github:numtide/llm-agents.nix";
nix-index-database = {
url = "github:nix-community/nix-index-database";
@ -43,6 +44,9 @@
url = "github:terranix/terranix";
inputs.nixpkgs.follows = "nixpkgs";
};
# others
niri.url = "github:baduhai/niri/auto-center-when-space-available";
};
outputs =

188
packages/amnesiac-brave.nix
View file

@ -1,188 +0,0 @@
{ ... }:
{
perSystem =
{
pkgs,
lib,
...
}:
let
# Managed policy (enforced, user cannot override)
brave-policy = pkgs.writeTextFile {
name = "brave-managed-policy.json";
destination = "/etc/brave/policies/managed/policy.json";
text = builtins.toJSON {
# ── Startup / UI ────────────────────────────────────────────────
DefaultBrowserSettingEnabled = false; # Never ask to set as default
PromotionalTabsEnabled = false; # No welcome/promo pages
RestoreOnStartup = 5; # Open new tab on startup
NewTabPageLocation = "about:blank"; # New tab = blank page
BookmarkBarEnabled = false; # Never show bookmarks bar
# ── Search engine ───────────────────────────────────────────────
DefaultSearchProviderEnabled = true;
DefaultSearchProviderName = "Google";
DefaultSearchProviderSearchURL = "https://www.google.com/search?q={searchTerms}";
DefaultSearchProviderSuggestURL = "https://www.google.com/complete/search?client=chrome&q={searchTerms}";
# ── HTTPS ────────────────────────────────────────────────────────
HttpsOnlyMode = "force_enabled"; # Strict HTTPS upgrade
# ── Cookies ──────────────────────────────────────────────────────
DefaultCookiesSetting = 1; # Allow all cookies
# ── Passwords / Autofill ─────────────────────────────────────────
PasswordManagerEnabled = false;
AutofillAddressEnabled = false;
AutofillCreditCardEnabled = false;
PaymentMethodQueryEnabled = false;
# ── Background running ───────────────────────────────────────────
BackgroundModeEnabled = false;
# ── Clear data on exit ───────────────────────────────────────────
ClearBrowsingDataOnExitList = [
"browsing_history"
"download_history"
"cookies_and_other_site_data"
"cached_images_and_files"
"password_signin"
"autofill"
"site_settings"
"hosted_app_data"
];
# ── Brave data collection / telemetry ────────────────────────────
BraveP3AEnabled = false; # Product analytics
BraveStatsPingEnabled = false; # Usage ping
BraveWebDiscoveryEnabled = false; # Web discovery project
MetricsReportingEnabled = false; # Chromium UMA metrics
SafeBrowsingEnabled = false;
SafeBrowsingExtendedReportingEnabled = false;
SafeBrowsingDeepScanningEnabled = false;
SearchSuggestEnabled = false;
# ── Web3 / Crypto ────────────────────────────────────────────────
BraveWalletDisabled = true;
BraveRewardsDisabled = true;
BraveVPNDisabled = true;
TorDisabled = true;
# ── Leo / AI ─────────────────────────────────────────────────────
BraveAIChatEnabled = false;
# ── Other Brave features ─────────────────────────────────────────
BraveTalkDisabled = true;
# ── Privacy Sandbox (Chromium) ───────────────────────────────────
PrivacySandboxPromptEnabled = false;
PrivacySandboxAdTopicsEnabled = false;
PrivacySandboxSiteEnabledAdsEnabled = false;
PrivacySandboxAdMeasurementEnabled = false;
# ── Misc Chromium ────────────────────────────────────────────────
WebRtcEventLogCollectionAllowed = false;
EnableMediaRouter = false;
};
};
# Seeded Preferences (first-run defaults, user can override)
# These keys have no policy or CLI equivalent. Brave writes over this
# file at runtime so this only sets the initial state on a fresh profile.
brave-prefs = pkgs.writeText "brave-initial-prefs.json" (
builtins.toJSON {
brave = {
tabs.vertical_tabs_enabled = true;
sidebar.sidebar_show_option = 3;
window_closing_confirm = false;
};
browser.custom_chrome_frame = true;
tab_hover_cards.tab_hover_card_images_enabled = true;
}
);
brave-launcher = pkgs.writeShellScriptBin "brave" ''
RUNTIME_DIR="/tmp/brave-$$"
CONFIG_DIR="$RUNTIME_DIR/config/BraveSoftware"
CACHE_DIR="$RUNTIME_DIR/cache/BraveSoftware"
POLICY="${brave-policy}/etc/brave/policies/managed/policy.json"
mkdir -p "$CONFIG_DIR/Brave-Browser/Default"
mkdir -p "$CACHE_DIR"
cp ${brave-prefs} "$CONFIG_DIR/Brave-Browser/Default/Preferences"
chmod 600 "$CONFIG_DIR/Brave-Browser/Default/Preferences"
trap 'rm -rf "$RUNTIME_DIR"' EXIT
${pkgs.bubblewrap}/bin/bwrap \
--ro-bind /nix/store /nix/store \
--ro-bind /etc/fonts /etc/fonts \
--bind "$CONFIG_DIR" "$HOME/.config/BraveSoftware" \
--bind "$CACHE_DIR" "$HOME/.cache/BraveSoftware" \
--ro-bind "$POLICY" /etc/brave/policies/managed/policy.json \
--dev /dev \
--proc /proc \
--tmpfs /tmp \
--bind /run /run \
--die-with-parent \
-- ${pkgs.brave}/bin/brave --no-first-run "$@"
'';
brave-desktop = pkgs.writeTextFile {
name = "amnesiac-brave.desktop";
destination = "/share/applications/amnesiac-brave.desktop";
text = "[Desktop Entry]
Version=1.0
Name=Amnesiac Brave
GenericName=Amnesiac Web Browser
Comment=Access the internet, leave no trace on your system
Exec=@BRAVE_WRAPPER@ %U
StartupNotify=true
Icon=amnesiac-brave
Type=Application
Categories=Network;WebBrowser;
MimeType=application/pdf;application/rdf+xml;application/rss+xml;application/xhtml+xml;application/xhtml_xml;application/xml;image/gif;image/jpeg;image/png;image/webp;text/html;text/xml;x-scheme-handler/http;x-scheme-handler/https;x-scheme-handler/chromium;
Actions=new-window
[Desktop Action new-window]
Name=New Window
Exec=@BRAVE_WRAPPER@ %U
";
};
amnesiac-brave-icon =
pkgs.runCommand "amnesiac-brave-icon"
{
nativeBuildInputs = [ pkgs.imagemagick ];
}
''
mkdir -p "$out/share/icons/hicolor/256x256/apps"
convert ${pkgs.brave}/share/icons/hicolor/256x256/apps/brave-browser.png \
-modulate 100,100,270 \
"$out/share/icons/hicolor/256x256/apps/amnesiac-brave.png"
for size in 16 24 32 48 64; do
mkdir -p "$out/share/icons/hicolor/''${size}x''${size}/apps"
convert ${pkgs.brave}/share/icons/hicolor/''${size}x''${size}/apps/brave-browser.png \
-modulate 100,100,270 \
"$out/share/icons/hicolor/''${size}x''${size}/apps/amnesiac-brave.png"
done
'';
in
{
packages.amnesiac-brave = pkgs.symlinkJoin {
name = "amnesiac-brave";
paths = [
brave-launcher
brave-policy
brave-desktop
amnesiac-brave-icon
pkgs.brave
];
postBuild = ''
brave_bin="$(readlink -f "$out/bin/brave")"
amnesiac_desktop="$out/share/applications/amnesiac-brave.desktop"
if [ -L "$amnesiac_desktop" ]; then
cp --remove-destination "$(readlink "$amnesiac_desktop")" "$amnesiac_desktop"
fi
sed -i \
"s|@BRAVE_WRAPPER@|$brave_bin|g" \
"$amnesiac_desktop"
rm -f "$out/share/applications/brave-browser.desktop"
rm -f "$out/share/applications/com.brave.Browser.desktop"
rm -f "$out/share/icons/hicolor/"*/apps/brave-browser.png
'';
};
};
}

215
packages/claude-desktop.nix Normal file
View file

@ -0,0 +1,215 @@
{ inputs, ... }:
{
perSystem =
{ system, ... }:
let
pkgs = import inputs.nixpkgs {
inherit system;
config.allowUnfree = true;
};
pname = "claude-desktop";
version = "1.0.1768";
srcs.x86_64-linux = pkgs.fetchurl {
url = "https://downloads.claude.ai/releases/win32/x64/1.0.1768/Claude-67d01376d0e9d08b328455f6db9e63b0d603506a.exe";
hash = "sha256-x76Qav38ya3ObpWIq3dDowo79LgvVquMfaZeH8M1LUk=;";
};
src =
srcs.${pkgs.stdenv.hostPlatform.system} or (throw "Unsupported system: ${pkgs.stdenv.hostPlatform.system}");
claudeNativeStub = ''
// Stub implementation of claude-native using KeyboardKey enum values
const KeyboardKey = {
Backspace: 43, Tab: 280, Enter: 261, Shift: 272, Control: 61, Alt: 40,
CapsLock: 56, Escape: 85, Space: 276, PageUp: 251, PageDown: 250,
End: 83, Home: 154, LeftArrow: 175, UpArrow: 282, RightArrow: 262,
DownArrow: 81, Delete: 79, Meta: 187
};
Object.freeze(KeyboardKey);
module.exports = {
getWindowsVersion: () => "10.0.0",
setWindowEffect: () => {},
removeWindowEffect: () => {},
getIsMaximized: () => false,
flashFrame: () => {},
clearFlashFrame: () => {},
showNotification: () => {},
setProgressBar: () => {},
clearProgressBar: () => {},
setOverlayIcon: () => {},
clearOverlayIcon: () => {},
KeyboardKey
};
'';
in
{
packages.claude-desktop = pkgs.stdenv.mkDerivation rec {
inherit pname version src;
nativeBuildInputs = with pkgs; [
makeWrapper
copyDesktopItems
p7zip
unzip
nodejs
graphicsmagick
];
buildInputs = [ pkgs.electron ];
desktopItems = [
(pkgs.makeDesktopItem {
name = "claude-desktop";
desktopName = "Claude";
comment = "AI assistant from Anthropic";
exec = "claude-desktop %u";
icon = "claude-desktop";
categories = [
"Network"
"Chat"
"Office"
];
mimeTypes = [ "x-scheme-handler/claude" ];
startupNotify = true;
startupWMClass = "Claude";
})
];
unpackPhase = ''
runHook preUnpack
# Extract the Windows installer - use -y to auto-overwrite
7z x -y $src -o./extracted
# The installer contains a NuGet package
if [ -f ./extracted/AnthropicClaude-*-full.nupkg ]; then
echo "Found NuGet package, extracting..."
# NuGet packages are just zip files
unzip -q ./extracted/AnthropicClaude-*-full.nupkg -d ./nupkg
# Extract app.asar to modify it
if [ -f ./nupkg/lib/net45/resources/app.asar ]; then
echo "Extracting app.asar..."
${pkgs.asar}/bin/asar extract ./nupkg/lib/net45/resources/app.asar ./app
# Also copy the unpacked resources
if [ -d ./nupkg/lib/net45/resources/app.asar.unpacked ]; then
cp -r ./nupkg/lib/net45/resources/app.asar.unpacked/* ./app/
fi
# Copy additional resources
mkdir -p ./app/resources
mkdir -p ./app/resources/i18n
cp ./nupkg/lib/net45/resources/Tray* ./app/resources/ || true
cp ./nupkg/lib/net45/resources/*-*.json ./app/resources/i18n/ || true
fi
else
echo "NuGet package not found"
ls -la ./extracted/
exit 1
fi
runHook postUnpack
'';
buildPhase = ''
runHook preBuild
# Replace the Windows-specific claude-native module with a stub
if [ -d ./app/node_modules/claude-native ]; then
echo "Replacing claude-native module with Linux stub..."
rm -rf ./app/node_modules/claude-native/*.node
cat > ./app/node_modules/claude-native/index.js << 'EOF'
${claudeNativeStub}
EOF
fi
# Fix the title bar detection (from aaddrick script)
echo "Fixing title bar detection..."
SEARCH_BASE="./app/.vite/renderer/main_window/assets"
if [ -d "$SEARCH_BASE" ]; then
TARGET_FILE=$(find "$SEARCH_BASE" -type f -name "MainWindowPage-*.js" | head -1)
if [ -n "$TARGET_FILE" ]; then
echo "Found target file: $TARGET_FILE"
# Replace patterns like 'if(!VAR1 && VAR2)' with 'if(VAR1 && VAR2)'
sed -i -E 's/if\(!([a-zA-Z]+)[[:space:]]*&&[[:space:]]*([a-zA-Z]+)\)/if(\1 \&\& \2)/g' "$TARGET_FILE"
echo "Title bar fix applied"
fi
fi
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out/lib/claude-desktop
# Repack the modified app as app.asar
cd ./app
${pkgs.asar}/bin/asar pack . ../app.asar
cd ..
# Copy resources
mkdir -p $out/lib/claude-desktop/resources
cp ./app.asar $out/lib/claude-desktop/resources/
# Create app.asar.unpacked directory with the stub
mkdir -p $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native
cat > $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native/index.js << 'EOF'
${claudeNativeStub}
EOF
# Copy other resources
if [ -d ./nupkg/lib/net45/resources ]; then
cp ./nupkg/lib/net45/resources/*.png $out/lib/claude-desktop/resources/ 2>/dev/null || true
cp ./nupkg/lib/net45/resources/*.ico $out/lib/claude-desktop/resources/ 2>/dev/null || true
cp ./nupkg/lib/net45/resources/*.json $out/lib/claude-desktop/resources/ 2>/dev/null || true
fi
# Create wrapper script
makeWrapper ${pkgs.electron}/bin/electron $out/bin/claude-desktop \
--add-flags "$out/lib/claude-desktop/resources/app.asar" \
--set DISABLE_AUTOUPDATER 1 \
--set NODE_ENV production
# Extract and install icons in multiple sizes
if [ -f ./extracted/setupIcon.ico ]; then
echo "Converting and installing icons..."
# Count frames in the ICO file and extract each one
frame_count=$(gm identify ./extracted/setupIcon.ico | wc -l)
for i in $(seq 0 $((frame_count - 1))); do
gm convert "./extracted/setupIcon.ico[$i]" "./extracted/setupIcon-$i.png" 2>/dev/null || true
done
# Loop through converted icons and install them by size
for img in ./extracted/setupIcon-*.png; do
if [ -f "$img" ]; then
size=$(gm identify -format "%wx%h" "$img")
# Skip smallest icons (16x16 and 32x32) as they're too low quality
if [ "$size" != "16x16" ] && [ "$size" != "32x32" ]; then
mkdir -p "$out/share/icons/hicolor/$size/apps"
cp "$img" "$out/share/icons/hicolor/$size/apps/claude-desktop.png"
fi
fi
done
fi
runHook postInstall
'';
meta = with pkgs.lib; {
description = "Claude Desktop - AI assistant from Anthropic";
homepage = "https://claude.ai";
license = licenses.unfree;
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
maintainers = [ ];
platforms = [ "x86_64-linux" ];
mainProgram = "claude-desktop";
};
};
};
}

6
packages/fastfetch.nix
View file

@ -36,10 +36,6 @@
type = "cpu";
keyWidth = 11;
}
{
type = "gpu";
keyWidth = 11;
}
{
type = "memory";
keyWidth = 11;
@ -83,6 +79,6 @@
);
in
{
packages.fastfetch = pkgs.writeShellScriptBin "fastfetch" ''exec ${lib.getExe pkgs.fastfetch} --config ${fastfetch-config} --logo-type auto --logo ${fastfetch-logo} --logo-padding-right 1 --logo-width 36 "$@" '';
packages.fastfetch = pkgs.writeShellScriptBin "fastfetch" ''exec ${lib.getExe pkgs.fastfetch} --config ${fastfetch-config} --logo-type kitty --logo ${fastfetch-logo} --logo-padding-right 1 --logo-width 36 "$@" '';
};
}

2
packages/hm-cli.nix
View file

@ -5,6 +5,8 @@
{ pkgs, ... }:
{
packages.hm-cli = pkgs.writeShellScriptBin "hm" ''
set -e
HM="${pkgs.lib.getExe pkgs.home-manager}"
FLAKE_PATH="''${HM_PATH:-$HOME/.config/home-manager}"
FLAKE_OUTPUT="''${HM_USER:-$(whoami)@$(hostname)}"

15
packages/overlays.nix
View file

@ -4,20 +4,19 @@ let
packageDir = builtins.readDir ./.;
# Filter to .nix files, excluding overlays.nix
isPackageFile = name: name != "overlays.nix" && builtins.match ".*\\.nix$" name != null;
isPackageFile = name:
name != "overlays.nix" && builtins.match ".*\\.nix$" name != null;
# Extract package name from filename (e.g., "foo-bar.nix" -> "foo-bar")
toPackageName = filename: builtins.head (builtins.match "(.+)\\.nix$" filename);
toPackageName = filename:
builtins.head (builtins.match "(.+)\\.nix$" filename);
packageNames = map toPackageName (builtins.filter isPackageFile (builtins.attrNames packageDir));
in
{
flake.overlays.default =
final: prev:
builtins.listToAttrs (
map (name: {
flake.overlays.default = final: prev:
builtins.listToAttrs (map (name: {
inherit name;
value = inputs.self.packages.${final.system}.${name};
}) packageNames
);
}) packageNames);
}

130
readme.md
View file

@ -1,73 +1,87 @@
# NixOS Flake Configuration
# Nix Configuration
Modular NixOS configuration using flake-parts with the [dendritic](https://github.com/gytis-ivaskevicius/dendritic) pattern.
## Structure
```
.
├── aspects/ # Reusable NixOS/home-manager modules (dendritic)
│ ├── base/ # Base system configuration
│ ├── hosts/ # Host-specific configurations
│ │ ├── _alexandria/
│ │ ├── _io/
│ │ ├── _rotterdam/
│ │ └── _trantor/
│ ├── systems/ # System type modules (desktop, server, cli, gaming)
│ └── users/ # User account configurations
├── data/ # Shared host/service definitions
├── packages/ # Custom packages and overlays
├── shells/ # Shell configurations
└── terranix/ # Terraform configurations for cloud resources
```
My personal Nix configuration for multiple NixOS hosts, home-manager users, miscellaneous resources... too many things to list. If I could put my life in a flake I would.
## Hosts
| Host | Architecture | Type | Description |
|------|--------------|------|-------------|
| trantor | aarch64-linux | server | ARM server running Forgejo |
| alexandria | x86_64-linux | server | x86 server (Kanidm, Vaultwarden, Nextcloud, Jellyfin) |
| rotterdam | x86_64-linux | desktop | Main workstation setup for gaming |
| io | x86_64-linux | desktop | Workstation |
### Desktop Systems
- **rotterdam** - Main desktop workstation (x86_64)
- Features: Desktop, AI tools, Bluetooth, Dev environment, Gaming, Virtualization (libvirtd), Podman
- Storage: Ephemeral root with LUKS encryption
- **io** - Laptop workstation (x86_64)
- Features: Desktop, AI tools, Bluetooth, Dev environment, Podman
- Storage: Ephemeral root with LUKS encryption
### Servers
- **alexandria** - Home server (x86_64)
- Hosts: Nextcloud, Vaultwarden, Jellyfin, Kanidm
- **trantor** - Cloud server (aarch64)
- Hosts: Forgejo
- Cloud provider: Oracle Cloud Infrastructure
- Storage: Ephemeral root with btrfs
## Home Manager Configurations
- **user@rotterdam** - Full desktop setup with gaming, OBS, and complete development environment
- **user@io** - Lightweight desktop setup
Both configurations include:
- btop, direnv, helix, starship, tmux
- Stylix theme management
- Fish shell with custom configurations
## Terranix Configurations
Infrastructure as code using Terranix (NixOS + Terraform/OpenTofu):
- **oci-trantor** - Oracle Cloud Infrastructure provisioning for Trantor server
- **cloudflare-baduhaidev** - DNS and CDN configuration for baduhai.dev domain
- **tailscale-tailnet** - Tailscale network ACL and device management
## Services
- **git.baduhai.dev** (Forgejo) - Publicly accessible on trantor
All services are accessible via custom domains under baduhai.dev:
Other services (LAN/Tailscale only): Vaultwarden, Nextcloud, Jellyfin
- **Kanidm** (auth.baduhai.dev) - Identity and access management
- **Vaultwarden** (pass.baduhai.dev) - Password manager
- **Forgejo** (git.baduhai.dev) - Git forge (publicly accessible)
- **Nextcloud** (cloud.baduhai.dev) - File sync and collaboration
- **Jellyfin** (jellyfin.baduhai.dev) - Media server
## Features
Services are accessible via:
- LAN for alexandria-hosted services
- Tailscale VPN for all services
- Public internet for Forgejo only
- **Ephemeral root**: Automatic btrfs subvolume rollover with impermanence
- **Secrets**: Managed via agenix with age encryption
- **Disk management**: disko for declarative disk partitioning
- **Modular architecture**: Each aspect is a separate module imported via import-tree
- **Dendritic pattern**: Aspects are imported as a unified flake module
## Notable Features
## Building
### Ephemeral Root
Rotterdam, io, and trantor use an ephemeral root filesystem that resets on every boot:
- Root filesystem is automatically rolled back using btrfs snapshots
- Old snapshots retained for 30 days
- Persistent data stored in dedicated subvolumes
- Implements truly stateless systems
```bash
# Build specific host
nix build .#nixosConfigurations.trantor.config.system.build.toplevel
### Custom DNS Architecture
- Unbound DNS servers on both alexandria and trantor
- Service routing based on visibility flags (public/LAN/Tailscale)
- Split-horizon DNS for optimal access paths
# Rebuild host (if using nixos-cli on the host)
sudo nixos apply
```
### Security
- LUKS full-disk encryption on desktop systems
- Fail2ban on public-facing servers
- agenix for secrets management
- Tailscale for secure remote access
## Terranix
### Desktop Environment
- Custom Niri window manager (Wayland compositor)
- Using forked version with auto-centering feature
- Stylix for consistent theming
Terraform configurations for cloud infrastructure managed via terranix:
- baduhai.dev DNS on CloudFlare
- VPS provisioning on OCI
- Tailscale subnet routers
## Key Dependencies
- nixpkgs (nixos-unstable for workstations, nixos for servers)
- home-manager
- agenix
- disko
- impermanence
- nix-flatpak
- nixos-cli
### Development Setup
- Nix flakes for reproducible builds
- deploy-rs for automated deployments
- Podman for containerization
- Complete AI tooling integration

9
secrets/miniflux-admincreds.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 Kfdnog QEq4A011oVny6vo1+wOcQNnpkf77216PZXJqK4rGTGY
FPeASmXRirxeF2T2jXhA/tEaO0p1CZJ6D3lv3p2KTX0
-> ssh-ed25519 8YSAiw gxuXAt2nG6qXhWwAAiFwNCNYJV2VGKnDNkjU61NOJ2o
xncp+M4lVixiTmXQU5QrtdQ860t/1JpvOcO4YXAy3to
-> ssh-ed25519 J6tVTA Mr0XrEFP/o7nFWBKal+ehzMiejWpVDIBiiMqWzdOzEM
0DTqm2LyMMlVZlTk67Y3hTiVjcJG9gprnXj6QjYxrJw
--- FXUNp6O7vuibJj0RI3SZN3IBK1Hx5ouUij2ah05lCYA
ÔX*÷“µ¬0¬²øÇBŒ<42>3Îð«jbœÍ<C593>S§Vÿ΀Äb¹BcÈi—øD.ïÇ5\é`&`越-Ui"gХȊ`OÒ µG<C2B5>cõ¥øÊæ'»Îºø«@qn[

5
secrets/secrets.nix
View file

@ -32,9 +32,4 @@ in
rotterdam-user
trantor
];
"miniflux-admincreds.age".publicKeys = [
io-user
rotterdam-user
alexandria
];
}

2
shells/default.nix
View file

@ -6,7 +6,7 @@
{
devShells.default = pkgs.mkShell {
packages = with pkgs; [
inputs.agenix.packages.${stdenv.hostPlatform.system}.default
inputs.agenix.packages.${system}.default
nil
nixfmt
];

7
terranix/kernelpanic.space.nix
View file

@ -8,12 +8,9 @@
terranix.terranixConfigurations.cloudflare-kernelpanicspace = {
terraformWrapper.package = pkgs.opentofu;
modules = [
(
{ config, ... }:
{
({ config, ... }: {
# Terraform config goes here
}
)
})
];
};
};

7
terranix/terminus.nix
View file

@ -8,12 +8,9 @@
terranix.terranixConfigurations.oci-terminus = {
terraformWrapper.package = pkgs.opentofu;
modules = [
(
{ config, ... }:
{
({ config, ... }: {
# Terraform config goes here
}
)
})
];
};
};