baduhai/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: baduhai:master
Branches Tags
baduhai:master
baduhai:dendritic-light
baduhai:dendritic
baduhai:terranix
baduhai:refactor
baduhai:dms
baduhai:vim
baduhai:ansible
baduhai:niri
baduhai:hyprland
..
compare: baduhai:refactor
Branches Tags
baduhai:master
baduhai:dendritic-light
baduhai:dendritic
baduhai:terranix
baduhai:refactor
baduhai:dms
baduhai:vim
baduhai:ansible
baduhai:niri
baduhai:hyprland

No commits in common. "master" and "refactor" have entirely different histories.
master ... refactor

144 changed files with 1790 additions and 4353 deletions
Download patch file Download diff file Expand all files Collapse all files

13
.gitignore vendored
View file

@ -1,13 +1,4 @@
# Nix build outputs result/
result result
result-*
.direnv/ .direnv/
oci-trantor/ .pre-commit-config.yaml
tailscale-tailnet/
cloudflare-baduhaidev
# Personal notes and temporary files
todo.md
notes.md
scratch/
tmp/

19
aspects/ai.nix
View file

@ -1,19 +0,0 @@
{ ... }:
{
flake.modules.nixos.ai =
{ inputs, pkgs, ... }:
{
environment.systemPackages =
(with pkgs; [ ])
++ (with inputs.nix-ai-tools.packages.${pkgs.stdenv.hostPlatform.system}; [
opencode
]);
nix.settings = {
extra-substituters = [ "https://cache.numtide.com" ];
extra-trusted-public-keys = [
"niks3.numtide.com-1:DTx8wZduET09hRmMtKdQDxNNthLQETkc/yaX7M4qK0g="
];
};
};
}

16
aspects/base/bash.nix
View file

@ -1,16 +0,0 @@
{ ... }:
{
flake.modules.homeManager.bash =
{
config,
lib,
pkgs,
...
}:
{
programs.bash = {
enable = true;
historyFile = "~/.cache/bash_history";
};
};
}

23
aspects/base/boot.nix
View file

@ -1,23 +0,0 @@
{ ... }:
{
flake.modules.nixos.boot =
{ pkgs, ... }:
{
boot = {
loader = {
timeout = 1;
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
editor = false;
consoleMode = "max";
sortKey = "aa";
netbootxyz = {
enable = true;
sortKey = "zz";
};
};
};
};
};
}

11
aspects/base/console.nix
View file

@ -1,11 +0,0 @@
{ ... }:
{
flake.modules.nixos.console =
{ ... }:
{
console = {
useXkbConfig = true;
earlySetup = true;
};
};
}

11
aspects/base/firewall.nix
View file

@ -1,11 +0,0 @@
{ ... }:
{
flake.modules.nixos.firewall =
{ ... }:
{
networking = {
firewall.enable = true;
nftables.enable = true;
};
};
}

47
aspects/base/fish.nix
View file

@ -1,47 +0,0 @@
{ ... }:
{
flake.modules = {
nixos.fish =
{ ... }:
{
programs.fish.enable = true;
};
homeManager.fish =
{
config,
lib,
pkgs,
...
}:
{
programs.fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting
${lib.getExe pkgs.nix-your-shell} fish | source
'';
loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source";
plugins = [
{
name = "bang-bang";
src = pkgs.fetchFromGitHub {
owner = "oh-my-fish";
repo = "plugin-bang-bang";
rev = "f969c618301163273d0a03d002614d9a81952c1e";
sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ=";
};
}
{
name = "z";
src = pkgs.fetchFromGitHub {
owner = "jethrokuan";
repo = "z";
rev = "067e867debee59aee231e789fc4631f80fa5788e";
sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU=";
};
}
];
};
};
};
}

24
aspects/base/locale.nix
View file

@ -1,24 +0,0 @@
{ ... }:
{
flake.modules.nixos.locale =
{ ... }:
{
time.timeZone = "America/Bahia";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "pt_BR.utf8";
LC_COLLATE = "pt_BR.utf8";
LC_IDENTIFICATION = "pt_BR.utf8";
LC_MEASUREMENT = "pt_BR.utf8";
LC_MONETARY = "pt_BR.utf8";
LC_NAME = "pt_BR.utf8";
LC_NUMERIC = "pt_BR.utf8";
LC_PAPER = "pt_BR.utf8";
LC_TELEPHONE = "pt_BR.utf8";
LC_TIME = "en_IE.utf8";
};
};
};
}

51
aspects/base/nix.nix
View file

@ -1,51 +0,0 @@
{ ... }:
{
flake.modules.nixos.nix =
{ inputs, pkgs, ... }:
{
imports = [ inputs.nixos-cli.nixosModules.nixos-cli ];
nix = {
settings = {
auto-optimise-store = true;
connect-timeout = 10;
log-lines = 25;
min-free = 128000000;
max-free = 1000000000;
trusted-users = [ "@wheel" ];
};
extraOptions = "experimental-features = nix-command flakes";
gc = {
automatic = true;
options = "--delete-older-than 8d";
};
};
nixpkgs.config = {
allowUnfree = true;
enableParallelBuilding = true;
buildManPages = false;
buildDocs = false;
};
services.nixos-cli = {
enable = true;
config = {
use_nvd = true;
ignore_dirty_tree = true;
apply = {
reexec_as_root = true;
use_nom = true;
};
confirmation.empty = "default-yes";
};
};
environment.systemPackages = with pkgs; [
nix-output-monitor
nvd
];
system.stateVersion = "22.11";
};
}

13
aspects/base/security.nix
View file

@ -1,13 +0,0 @@
{ ... }:
{
flake.modules.nixos.security =
{ ... }:
{
security.sudo = {
wheelNeedsPassword = false;
extraConfig = ''
Defaults lecture = never
'';
};
};
}

32
aspects/base/ssh.nix
View file

@ -1,32 +0,0 @@
{ ... }:
{
flake.modules.nixos.ssh =
{ ... }:
{
services.openssh = {
enable = true;
settings.PermitRootLogin = "no";
extraConfig = ''
PrintLastLog no
'';
};
programs = {
bash.interactiveShellInit = ''
if [ -n "$SSH_CONNECTION" ] && [ -z "$IN_NIX_SHELL" ] && [ -z "$TMUX" ]; then
export TERM=xterm-256color
clear
fastfetch
fi
'';
fish.interactiveShellInit = ''
set fish_greeting
if set -q SSH_CONNECTION; and not set -q IN_NIX_SHELL; and not set -q TMUX
export TERM=xterm-256color
clear
fastfetch
end
'';
};
};
}

16
aspects/bluetooth.nix
View file

@ -1,16 +0,0 @@
{ ... }:
{
flake.modules.nixos.bluetooth =
{
config,
lib,
pkgs,
...
}:
{
hardware.bluetooth = {
enable = true;
powerOnBoot = false;
};
};
}

28
aspects/cli/btop.nix
View file

@ -1,28 +0,0 @@
{ ... }:
{
flake.modules = {
nixos.btop =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ btop ];
};
homeManager.btop =
{
config,
lib,
pkgs,
...
}:
{
programs.btop = {
enable = true;
settings = {
theme_background = false;
proc_sorting = "cpu direct";
update_ms = 500;
};
};
};
};
}

16
aspects/cli/comma.nix
View file

@ -1,16 +0,0 @@
{ ... }:
{
flake.modules.homeManager.comma =
{
config,
lib,
pkgs,
inputs,
...
}:
{
imports = [ inputs.nix-index-database.homeModules.nix-index ];
programs.nix-index-database.comma.enable = true;
};
}

16
aspects/cli/direnv.nix
View file

@ -1,16 +0,0 @@
{ ... }:
{
flake.modules.homeManager.direnv =
{
config,
lib,
pkgs,
...
}:
{
programs.direnv = {
enable = true;
nix-direnv.enable = true;
};
};
}

67
aspects/cli/helix.nix
View file

@ -1,67 +0,0 @@
{ ... }:
{
flake.modules = {
nixos.helix =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
helix
];
};
homeManager.helix =
{
config,
lib,
pkgs,
...
}:
{
home.sessionVariables = {
EDITOR = "hx";
};
programs.helix = {
enable = true;
settings = {
editor = {
file-picker.hidden = false;
idle-timeout = 0;
line-number = "relative";
cursor-shape = {
normal = "underline";
insert = "bar";
select = "underline";
};
soft-wrap.enable = true;
auto-format = true;
indent-guides.render = true;
};
keys.normal = {
space = {
o = "file_picker_in_current_buffer_directory";
esc = [
"collapse_selection"
"keep_primary_selection"
];
};
};
};
languages = {
language = [
{
name = "nix";
auto-format = true;
formatter.command = "nixfmt";
}
{
name = "typst";
auto-format = true;
formatter.command = "typstyle -c 1000 -i";
}
];
};
};
};
};
}

18
aspects/cli/hm-cli.nix
View file

@ -1,18 +0,0 @@
{ ... }:
{
flake.modules.homeManager.hm-cli =
{
config,
lib,
pkgs,
...
}:
{
home = {
packages = with pkgs; [ hm-cli ];
sessionVariables = {
HM_PATH = "/etc/nixos";
};
};
};
}

48
aspects/cli/starship.nix
View file

@ -1,48 +0,0 @@
{ ... }:
{
flake.modules.homeManager.starship =
{
config,
lib,
pkgs,
...
}:
{
programs.starship = {
enable = true;
enableBashIntegration = true;
enableFishIntegration = true;
settings = {
add_newline = false;
format = ''
$hostname$directory$git_branch$git_status$nix_shell
[ ](bold green)
'';
right_format = "$cmd_duration$character";
hostname = {
ssh_symbol = "󰖟 ";
};
character = {
error_symbol = "[](red)";
success_symbol = "[󱐋](green)";
};
cmd_duration = {
format = "[󰄉 $duration ]($style)";
style = "yellow";
min_time = 500;
};
git_branch = {
symbol = " ";
style = "purple";
};
git_status.style = "red";
nix_shell = {
format = "via [$symbol$state]($style)";
heuristic = true;
style = "blue";
symbol = "󱄅 ";
};
};
};
};
}

29
aspects/cli/tmux.nix
View file

@ -1,29 +0,0 @@
{ ... }:
{
flake.modules = {
nixos.tmux =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
tmux
];
};
homeManager.tmux =
{
config,
lib,
pkgs,
...
}:
{
programs.tmux = {
enable = true;
clock24 = true;
terminal = "xterm-256color";
mouse = true;
keyMode = "vi";
};
};
};
}

217
aspects/constants.nix
View file

@ -1,217 +0,0 @@
{
inputs,
lib,
config,
...
}:
let
# Host submodule type
hostType = lib.types.submodule {
options = {
lanIP = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "LAN IP address for the host";
};
tailscaleIP = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Tailscale IP address for the host";
};
};
};
# Service submodule type
serviceType = lib.types.submodule {
options = {
name = lib.mkOption {
type = lib.types.str;
description = "Service name";
};
domain = lib.mkOption {
type = lib.types.str;
description = "Domain name for the service";
};
host = lib.mkOption {
type = lib.types.str;
description = "Host where the service runs";
};
public = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Whether the service is publicly accessible";
};
lanIP = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "LAN IP address (inherited from host)";
};
tailscaleIP = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Tailscale IP address (inherited from host)";
};
};
};
# Import shared data (also used by terranix)
sharedData = import ../data/services.nix;
# Enrich services with host IP information
enrichServices =
hosts: services:
map (
svc:
let
hostInfo = hosts.${svc.host} or { };
in
svc
// {
lanIP = hostInfo.lanIP or null;
tailscaleIP = hostInfo.tailscaleIP or null;
}
) services;
in
{
options.flake = {
hosts = lib.mkOption {
type = lib.types.attrsOf hostType;
default = { };
description = "Host definitions with IP addresses";
};
services = lib.mkOption {
type = lib.types.listOf serviceType;
default = [ ];
description = "Service definitions with enriched host information";
};
lib = lib.mkOption {
type = lib.types.attrsOf lib.types.raw;
default = { };
description = "Utility functions for flake configuration";
};
};
config.flake = {
hosts = sharedData.hosts;
services = enrichServices config.flake.hosts sharedData.services;
lib = {
# Nginx virtual host utilities
mkNginxVHosts =
{ domains }:
let
mkVHostConfig =
domain: vhostConfig:
lib.recursiveUpdate {
useACMEHost = domain;
forceSSL = true;
kTLS = true;
} vhostConfig;
in
lib.mapAttrs mkVHostConfig domains;
# Split DNS utilities for unbound
# Generates unbound view config from a list of DNS entries
mkSplitDNS =
entries:
let
tailscaleData = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') entries;
lanData = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') entries;
in
[
{
name = "tailscale";
view-first = true;
local-zone = ''"baduhai.dev." transparent'';
local-data = tailscaleData;
}
{
name = "lan";
view-first = true;
local-zone = ''"baduhai.dev." transparent'';
local-data = lanData;
}
];
# Generates flake.homeConfigurations
mkHomeConfiguration =
{
user,
hostname,
system ? "x86_64-linux",
stateVersion ? "22.05",
nixpkgs ? inputs.nixpkgs, # override with e.g. inputs.nixpkgs-stable
userModules ? [ ],
overlays ? [ inputs.self.overlays.default ],
homeManagerModules ? with inputs.self.modules.homeManager; [
base
cli
],
userDirectory ? "/home/${user}",
}:
inputs.home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.${system};
extraSpecialArgs = {
inherit inputs hostname;
};
modules = [
{ nixpkgs.overlays = overlays; }
{
home = {
username = user;
homeDirectory = userDirectory;
inherit stateVersion;
};
}
((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p))
"/${inputs.self}/aspects/users/_${user}"
)
]
++ homeManagerModules
++ userModules;
};
# Generates flake.nixosConfigurations
mkHost =
{
hostname,
system ? "x86_64-linux",
nixpkgs ? inputs.nixpkgs,
overlays ? [
inputs.agenix.overlays.default
inputs.self.overlays.default
],
ephemeralRootDev ? null, # pass rootDevice string to enable, e.g. ephemeralephemeralRootDev = "/dev/mapper/cryptroot"
nixosModules ? with inputs.self.modules.nixos; [
base
cli
user
root
],
extraModules ? [ ],
}:
nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs; };
modules = [
inputs.agenix.nixosModules.default
{ networking.hostName = hostname; }
{ nixpkgs.overlays = overlays; }
((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p))
"${inputs.self}/aspects/hosts/_${hostname}"
)
]
++ (lib.optional (ephemeralRootDev != null) (
inputs.self.factory.ephemeral { rootDevice = ephemeralRootDev; }
))
++ nixosModules
++ extraModules;
};
};
};
}

25
aspects/desktop/graphics.nix
View file

@ -1,25 +0,0 @@
{ ... }:
{
flake.modules.nixos.graphics =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
gimp
inkscape
plasticity
];
services.flatpak.packages = [
"com.boxy_svg.BoxySVG"
rec {
appId = "io.github.softfever.OrcaSlicer";
sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1";
bundle = "${pkgs.fetchurl {
url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak";
inherit sha256;
}}";
}
];
};
}

29
aspects/desktop/media.nix
View file

@ -1,29 +0,0 @@
{ ... }:
{
flake.modules = {
nixos.media =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
decibels
loupe
obs-studio
showtime
];
};
homeManager.media =
{ pkgs, ... }:
{
programs.obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [
obs-vkcapture
obs-backgroundremoval
obs-pipewire-audio-capture
];
};
};
};
}

246
aspects/desktop/niri.nix
View file

@ -1,246 +0,0 @@
{ ... }:
{
flake.modules = {
nixos.niri =
{
config,
lib,
pkgs,
...
}:
{
services.greetd.settings = {
default_session.command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session";
};
programs.niri.enable = true;
};
homeManager.niri =
{
config,
lib,
pkgs,
inputs,
hostname ? null,
...
}:
let
isRotterdam = hostname == "rotterdam";
in
{
imports = [ inputs.noctalia.homeModules.default ];
services.kanshi = {
enable = true;
settings = [
{
profile.name = "default";
profile.outputs = [
{
criteria = "*";
scale = 1.0;
}
];
}
];
};
home = {
packages = with pkgs; [
xwayland-satellite
inputs.noctalia.packages.${pkgs.stdenv.hostPlatform.system}.default
];
sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3";
};
xdg.configFile."niri/config.kdl".text = ''
input {
keyboard {
xkb {
layout "us"
variant "altgr-intl"
}
}
touchpad {
tap
dwt
drag true
drag-lock
natural-scroll
accel-speed 0.2
accel-profile "flat"
scroll-method "two-finger"
middle-emulation
}
mouse {
natural-scroll
accel-speed 0.2
accel-profile "flat"
}
warp-mouse-to-focus mode="center-xy"
focus-follows-mouse
}
output "LG Electronics LG ULTRAWIDE 206AZFM5E459" {
layout {
preset-column-widths {
proportion 0.33333
proportion 0.5
proportion 0.66667
}
default-column-width { proportion 0.33333; }
}
}
layout {
gaps 8
center-focused-column "never"
always-center-single-column
empty-workspace-above-first
preset-column-widths {
proportion 0.5
proportion 1.0
}
default-column-width { proportion 0.5; }
focus-ring {
off
}
border {
width 4
active-color "#ffc87f"
inactive-color "#505050"
urgent-color "#9b0000"
}
tab-indicator {
width 4
gap 4
place-within-column
}
}
overview {
zoom 0.65
}
spawn-at-startup "noctalia-shell" "-d"
spawn-at-startup "${lib.getExe pkgs.niri-auto-centre}"
layer-rule {
match namespace="^noctalia-overview*"
place-within-backdrop true
}
hotkey-overlay {
skip-at-startup
}
prefer-no-csd
screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png"
animations {
slowdown 0.3
}
window-rule {
match app-id="zen"
default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; }
}
window-rule {
geometry-corner-radius 12
clip-to-geometry true
}
config-notification {
disable-failed
}
binds {
Alt+Space repeat=false { spawn "vicinae" "toggle"; }
XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; }
XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; }
XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; }
XF86MonBrightnessUp allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "increase"; }
XF86MonBrightnessDown allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "decrease"; }
XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; }
XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; }
XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; }
XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; }
Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; }
Mod+Shift+L repeat=false { spawn "noctalia-shell" "ipc" "call" "lockScreen" "lock"; }
Mod+Return { spawn "ghostty"; }
Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; }
Mod+W repeat=false { toggle-overview; }
Mod+Q { close-window; }
Alt+Shift+Q { close-window;}
Mod+Shift+Q { close-window; }
Alt+F4 { close-window; }
Mod+Left { focus-column-left; }
Mod+Down { focus-window-or-workspace-down; }
Mod+Up { focus-window-or-workspace-up; }
Mod+Right { focus-column-right; }
Mod+H { focus-column-left; }
Mod+L { focus-column-right; }
Mod+J { focus-window-or-workspace-down; }
Mod+K { focus-window-or-workspace-up; }
Mod+Ctrl+Left { move-column-left; }
Mod+Ctrl+Down { move-window-down-or-to-workspace-down; }
Mod+Ctrl+Up { move-window-up-or-to-workspace-up; }
Mod+Ctrl+Right { move-column-right; }
Mod+Ctrl+H { move-column-left; }
Mod+Ctrl+J { move-window-down-or-to-workspace-down; }
Mod+Ctrl+K { move-window-up-or-to-workspace-up; }
Mod+Ctrl+L { move-column-right; }
Mod+Home { focus-column-first; }
Mod+End { focus-column-last; }
Mod+Ctrl+Home { move-column-to-first; }
Mod+Ctrl+End { move-column-to-last; }
Mod+Alt+Left { focus-monitor-left; }
Mod+Alt+Down { focus-monitor-down; }
Mod+Alt+Up { focus-monitor-up; }
Mod+Alt+Right { focus-monitor-right; }
Mod+Alt+H { focus-monitor-left; }
Mod+Alt+J { focus-monitor-down; }
Mod+Alt+K { focus-monitor-up; }
Mod+Alt+L { focus-monitor-right; }
Mod+Alt+Ctrl+Left { move-column-to-monitor-left; }
Mod+Alt+Ctrl+Down { move-column-to-monitor-down; }
Mod+Alt+Ctrl+Up { move-column-to-monitor-up; }
Mod+Alt+Ctrl+Right { move-column-to-monitor-right; }
Mod+Alt+Ctrl+H { move-column-to-monitor-left; }
Mod+Alt+Ctrl+J { move-column-to-monitor-down; }
Mod+Alt+Ctrl+K { move-column-to-monitor-up; }
Mod+Alt+Ctrl+L { move-column-to-monitor-right; }
Mod+Ctrl+U { move-workspace-down; }
Mod+Ctrl+I { move-workspace-up; }
Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; }
Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; }
Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; }
Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; }
Mod+Shift+WheelScrollDown { focus-column-right; }
Mod+Shift+WheelScrollUp { focus-column-left; }
Mod+Ctrl+Shift+WheelScrollDown { move-column-right; }
Mod+Ctrl+Shift+WheelScrollUp { move-column-left; }
Mod+BracketLeft { consume-or-expel-window-left; }
Mod+BracketRight { consume-or-expel-window-right; }
Mod+Comma { consume-window-into-column; }
Mod+Period { expel-window-from-column; }
Mod+R { switch-preset-column-width; }
Mod+F { maximize-column; }
Mod+Ctrl+F { fullscreen-window; }
Mod+C { center-visible-columns; }
Mod+Ctrl+C { center-column; }
Mod+Space { toggle-window-floating; }
Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; }
Mod+T { toggle-column-tabbed-display; }
Print { screenshot-screen; }
Mod+Print { screenshot; }
Ctrl+Print { screenshot-window; }
Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; }
Mod+Alt+E { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; }
Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; }
Mod+Ctrl+P { power-off-monitors; }
}
'';
};
};
}

23
aspects/desktop/office.nix
View file

@ -1,23 +0,0 @@
{ ... }:
{
flake.modules.nixos.office =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
aspell
aspellDicts.de
aspellDicts.en
aspellDicts.en-computers
aspellDicts.pt_BR
glow
papers
presenterm
rnote
];
services.flatpak.packages = [
"com.collabora.Office"
];
};
}

22
aspects/desktop/web.nix
View file

@ -1,22 +0,0 @@
{ ... }:
{
flake.modules.nixos.web =
{
inputs,
pkgs,
...
}:
{
environment.systemPackages = with pkgs; [
inputs.zen-browser.packages."${pkgs.stdenv.hostPlatform.system}".default
beeper
bitwarden-desktop
fragments
nextcloud-client
tor-browser
ungoogled-chromium
vesktop
];
};
}

23
aspects/dev.nix
View file

@ -1,23 +0,0 @@
{ ... }:
{
flake.modules.nixos.dev =
{
config,
lib,
pkgs,
...
}:
{
environment.systemPackages = with pkgs; [
android-tools
lazygit
fd
fzf
nixfmt
nix-init
ripgrep
];
users.users.user.extraGroups = [ "adbusers" ];
};
}

139
aspects/ephemeral.nix
View file

@ -1,139 +0,0 @@
# Ephemeral root aspect - provides automatic btrfs root subvolume rollover
# Exports both a base module with options and a factory function for easy configuration
{ inputs, ... }:
{
# Base module with options (for external flakes or direct use)
flake.modules.nixos.ephemeral =
{ lib, config, ... }:
let
cfg = config.ephemeral;
in
{
options.ephemeral = {
enable = lib.mkEnableOption "ephemeral root with automatic rollback";
rootDevice = lib.mkOption {
type = lib.types.str;
example = "/dev/mapper/cryptroot";
description = "Device path for the root btrfs filesystem";
};
rootSubvolume = lib.mkOption {
type = lib.types.str;
default = "@root";
description = "Name of the root btrfs subvolume";
};
oldRootRetentionDays = lib.mkOption {
type = lib.types.int;
default = 30;
description = "Number of days to keep old root snapshots before deletion";
};
};
config = lib.mkIf cfg.enable {
boot.initrd.systemd.services.recreate-root = {
description = "Rolling over and creating new filesystem root";
requires = [ "initrd-root-device.target" ];
after = [
"local-fs-pre.target"
"initrd-root-device.target"
];
requiredBy = [ "initrd-root-fs.target" ];
before = [ "sysroot.mount" ];
unitConfig = {
AssertPathExists = "/etc/initrd-release";
DefaultDependencies = false;
};
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
set -euo pipefail
mkdir /btrfs_tmp
if ! mount ${cfg.rootDevice} /btrfs_tmp; then
echo "ERROR: Failed to mount ${cfg.rootDevice}"
exit 1
fi
if [[ -e /btrfs_tmp/${cfg.rootSubvolume} ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/${cfg.rootSubvolume})" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/${cfg.rootSubvolume} "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +${toString cfg.oldRootRetentionDays}); do
delete_subvolume_recursively "$i"
done
if ! btrfs subvolume create /btrfs_tmp/${cfg.rootSubvolume}; then
echo "ERROR: Failed to create subvolume ${cfg.rootSubvolume}"
umount /btrfs_tmp
exit 1
fi
umount /btrfs_tmp
'';
};
};
};
# Factory function that generates configured modules
flake.factory.ephemeral =
{
rootDevice,
rootSubvolume ? "@root",
retentionDays ? 30,
persistentStoragePath ? "/persistent",
persistentFiles ? [
"/etc/machine-id"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
],
persistentDirectories ? [
"/etc/NetworkManager/system-connections"
"/etc/nixos"
"/var/lib/bluetooth"
"/var/lib/flatpak"
"/var/lib/lxd"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/var/lib/systemd/timers"
"/var/lib/tailscale"
"/var/log"
],
}:
{ ... }:
{
imports = [
inputs.impermanence.nixosModules.impermanence
inputs.self.modules.nixos.ephemeral
];
ephemeral = {
enable = true;
inherit rootDevice rootSubvolume;
oldRootRetentionDays = retentionDays;
};
fileSystems."/persistent".neededForBoot = true;
environment.persistence.main = {
inherit persistentStoragePath;
files = persistentFiles;
directories = persistentDirectories;
};
};
}

13
aspects/fwupd.nix
View file

@ -1,13 +0,0 @@
{ ... }:
{
flake.modules.nixos.fwupd =
{
config,
lib,
pkgs,
...
}:
{
services.fwupd.enable = true;
};
}

47
aspects/gaming/mangohud.nix
View file

@ -1,47 +0,0 @@
{ ... }:
{
flake.modules = {
nixos.mangohud =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
mangohud
];
};
homeManager.mangohud =
{ config, ... }:
{
programs.mangohud = {
enable = true;
enableSessionWide = true;
settings = {
position = "top-left";
fps = true;
frametime = false;
frame_timing = false;
gpu_stats = true;
gpu_temp = true;
gpu_power = true;
cpu_stats = true;
cpu_temp = true;
cpu_power = true;
ram = true;
vram = true;
gamemode = false;
vkbasalt = false;
version = false;
engine_version = false;
vulkan_driver = false;
wine = false;
time = false;
fps_sampling_period = 500;
toggle_hud = "Shift_L+F12";
toggle_logging = "Ctrl_L+F2";
output_folder = "${config.home.homeDirectory}/.local/share/mangohud";
};
};
};
};
}

24
aspects/gaming/steam.nix
View file

@ -1,24 +0,0 @@
{ ... }:
{
flake.modules.nixos.steam =
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
steam-run
];
programs = {
steam = {
enable = true;
extraCompatPackages = [ pkgs.proton-ge-bin ];
};
gamemode.enable = true;
};
services.flatpak.packages = [
"com.steamgriddb.SGDBoop"
"io.github.Foldex.AdwSteamGtk"
];
};
}

95
aspects/hosts/_alexandria/nextcloud.nix
View file

@ -1,95 +0,0 @@
{
config,
inputs,
pkgs,
...
}:
let
mkNginxVHosts = inputs.self.lib.mkNginxVHosts;
in
{
services = {
nextcloud = {
enable = true;
package = pkgs.nextcloud32;
datadir = "/data/nextcloud";
hostName = "cloud.baduhai.dev";
configureRedis = true;
https = true;
secretFile = config.age.secrets."nextcloud-secrets.json".path;
database.createLocally = true;
maxUploadSize = "16G";
extraApps = {
inherit (config.services.nextcloud.package.packages.apps)
calendar
contacts
notes
tasks
user_oidc
;
};
extraAppsEnable = true;
caching = {
apcu = true;
redis = true;
};
settings = {
trusted_proxies = [ "127.0.0.1" ];
default_phone_region = "BR";
maintenance_window_start = "4";
allow_local_remote_servers = true;
enabledPreviewProviders = [
"OC\\Preview\\BMP"
"OC\\Preview\\EMF"
"OC\\Preview\\Font"
"OC\\Preview\\GIF"
"OC\\Preview\\HEIC"
"OC\\Preview\\Illustrator"
"OC\\Preview\\JPEG"
"OC\\Preview\\Krita"
"OC\\Preview\\MarkDown"
"OC\\Preview\\Movie"
"OC\\Preview\\MP3"
"OC\\Preview\\MSOffice2003"
"OC\\Preview\\MSOffice2007"
"OC\\Preview\\MSOfficeDoc"
"OC\\Preview\\OpenDocument"
"OC\\Preview\\PDF"
"OC\\Preview\\Photoshop"
"OC\\Preview\\PNG"
"OC\\Preview\\Postscript"
"OC\\Preview\\SVG"
"OC\\Preview\\TIFF"
"OC\\Preview\\TXT"
"OC\\Preview\\XBitmap"
];
};
config = {
dbtype = "pgsql";
adminpassFile = config.age.secrets.nextcloud-adminpass.path;
};
phpOptions = {
"opcache.interned_strings_buffer" = "16";
};
};
nginx.virtualHosts = mkNginxVHosts {
domains."cloud.baduhai.dev" = { };
};
};
age.secrets = {
"nextcloud-secrets.json" = {
file = "${inputs.self}/secrets/nextcloud-secrets.json.age";
owner = "nextcloud";
group = "nextcloud";
};
nextcloud-adminpass = {
file = "${inputs.self}/secrets/nextcloud-adminpass.age";
owner = "nextcloud";
group = "nextcloud";
};
};
}

58
aspects/hosts/_alexandria/nginx.nix
View file

@ -1,58 +0,0 @@
{
config,
lib,
inputs,
...
}:
let
services = inputs.self.services;
# Get all unique domains from shared services that have LAN IPs (served by this host)
localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "alexandria") services));
# Generate ACME cert configs for all local domains
acmeCerts = lib.genAttrs localDomains (domain: {
group = "nginx";
});
in
{
security.acme = {
acceptTerms = true;
defaults = {
email = "baduhai@proton.me";
dnsResolver = "1.1.1.1:53";
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets.cloudflare.path;
};
certs = acmeCerts;
};
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"_" = {
default = true;
locations."/".return = "444";
};
};
};
users.users.nginx.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [
80
443
];
age.secrets.cloudflare = {
file = "${inputs.self}/secrets/cloudflare.age";
owner = "nginx";
group = "nginx";
};
}

57
aspects/hosts/_alexandria/unbound.nix
View file

@ -1,57 +0,0 @@
{ inputs, lib, ... }:
let
services = inputs.self.services;
in
{
services.unbound = {
enable = true;
enableRootTrustAnchor = true;
settings = {
server = {
interface = [
"0.0.0.0"
"::"
];
access-control = [
"127.0.0.0/8 allow"
"192.168.0.0/16 allow"
"::1/128 allow"
];
num-threads = 2;
msg-cache-size = "50m";
rrset-cache-size = "100m";
cache-min-ttl = 300;
cache-max-ttl = 86400;
prefetch = true;
prefetch-key = true;
hide-identity = true;
hide-version = true;
so-rcvbuf = "1m";
so-sndbuf = "1m";
# LAN-only DNS records
local-zone = ''"baduhai.dev." transparent'';
local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') (lib.filter (e: e.lanIP != null) services);
};
forward-zone = [
{
name = ".";
forward-addr = [
"1.1.1.1@853#cloudflare-dns.com"
"1.0.0.1@853#cloudflare-dns.com"
];
forward-tls-upstream = true;
}
];
};
};
networking.firewall = {
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 ];
};
}

79
aspects/hosts/_io/disko.nix
View file

@ -1,79 +0,0 @@
{ inputs, ... }:
{
imports = [ inputs.disko.nixosModules.default ];
disko.devices.disk.main = {
type = "disk";
device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
start = "1MiB";
end = "1GiB";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot/efi";
mountOptions = [
"noatime"
"fmask=0077"
"dmask=0077"
];
};
};
cryptroot = {
priority = 2;
name = "root";
size = "100%";
content = {
type = "luks";
name = "cryptroot";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"@root" = {
mountpoint = "/";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@root"
];
};
"@home" = {
mountpoint = "/home";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@home"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@nix"
];
};
"@persistent" = {
mountpoint = "/persistent";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@persistent"
];
};
};
};
};
};
};
};
};
}

64
aspects/hosts/_trantor/disko.nix
View file

@ -1,64 +0,0 @@
{ inputs, ... }:
{
imports = [ inputs.disko.nixosModules.default ];
disko.devices.disk.main = {
type = "disk";
device = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
start = "1MiB";
end = "512MiB";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot/efi";
mountOptions = [
"noatime"
"fmask=0077"
"dmask=0077"
];
};
};
root = {
priority = 2;
name = "root";
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"@root" = {
mountpoint = "/";
mountOptions = [
"noatime"
"compress=zstd"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"noatime"
"compress=zstd"
];
};
"@persistent" = {
mountpoint = "/persistent";
mountOptions = [
"noatime"
"compress=zstd"
];
};
};
};
};
};
};
};
}

23
aspects/hosts/_trantor/fail2ban.nix
View file

@ -1,23 +0,0 @@
{ config, pkgs, ... }:
{
services.fail2ban = {
enable = true;
maxretry = 5;
ignoreIP = [
"127.0.0.0/8"
"::1"
"10.0.0.0/8"
"172.16.0.0/12"
"192.168.0.0/16"
"100.64.0.0/10"
];
bantime = "1h";
bantime-increment = {
enable = true;
multipliers = "1 2 4 8 16 32 64";
maxtime = "10000h";
overalljails = true;
};
};
}

76
aspects/hosts/_trantor/forgejo.nix
View file

@ -1,76 +0,0 @@
{
config,
lib,
inputs,
...
}:
let
mkNginxVHosts = inputs.self.lib.mkNginxVHosts;
in
{
services = {
forgejo = {
enable = true;
settings = {
session.COOKIE_SECURE = true;
server = {
PROTOCOL = "http+unix";
DOMAIN = "git.baduhai.dev";
ROOT_URL = "https://git.baduhai.dev";
OFFLINE_MODE = true; # disable use of CDNs
SSH_DOMAIN = "git.baduhai.dev";
SSH_USER = "forgejo";
SSH_PORT = lib.head config.services.openssh.ports;
};
log.LEVEL = "Warn";
mailer.ENABLED = false;
actions.ENABLED = false;
service.DISABLE_REGISTRATION = true;
oauth2_client = {
ENABLE_AUTO_REGISTRATION = true;
UPDATE_AVATAR = true;
ACCOUNT_LINKING = "login";
USERNAME = "preferred_username";
};
};
};
nginx.virtualHosts = mkNginxVHosts {
domains."git.baduhai.dev".locations."/".proxyPass =
"http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/";
};
fail2ban.jails.forgejo = {
settings = {
enabled = true;
filter = "forgejo";
maxretry = 3;
findtime = "10m";
bantime = "1h";
};
};
};
environment = {
etc."fail2ban/filter.d/forgejo.conf".text = ''
[Definition]
failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
ignoreregex =
journalmatch = _SYSTEMD_UNIT=forgejo.service
'';
persistence.main.directories = [
{
directory = config.services.forgejo.stateDir;
inherit (config.services.forgejo) user group;
mode = "0700";
}
];
};
# Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories
systemd.services.forgejo.serviceConfig = {
PrivateMounts = lib.mkForce false;
ProtectSystem = lib.mkForce false;
};
}

20
aspects/hosts/_trantor/hardware-configuration.nix
View file

@ -1,20 +0,0 @@
{
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"virtio_pci"
"virtio_scsi"
"usbhid"
];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

23
aspects/hosts/_trantor/openssh.nix
View file

@ -1,23 +0,0 @@
{ ... }:
{
services = {
openssh = {
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
fail2ban.jails.sshd = {
settings = {
enabled = true;
port = "ssh";
filter = "sshd";
logpath = "/var/log/auth.log";
maxretry = 3;
findtime = "10m";
bantime = "1h";
};
};
};
}

58
aspects/hosts/_trantor/unbound.nix
View file

@ -1,58 +0,0 @@
{ inputs, lib, ... }:
let
services = inputs.self.services;
in
{
services.unbound = {
enable = true;
enableRootTrustAnchor = true;
settings = {
server = {
interface = [
"0.0.0.0"
"::"
];
access-control = [
"127.0.0.0/8 allow"
"100.64.0.0/10 allow" # Tailscale CGNAT range
"::1/128 allow"
"fd7a:115c:a1e0::/48 allow" # Tailscale IPv6
];
num-threads = 2;
msg-cache-size = "50m";
rrset-cache-size = "100m";
cache-min-ttl = 300;
cache-max-ttl = 86400;
prefetch = true;
prefetch-key = true;
hide-identity = true;
hide-version = true;
so-rcvbuf = "1m";
so-sndbuf = "1m";
# Tailnet DNS records from shared services
local-zone = ''"baduhai.dev." transparent'';
local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') services;
};
forward-zone = [
{
name = ".";
forward-addr = [
"1.1.1.1@853#cloudflare-dns.com"
"1.0.0.1@853#cloudflare-dns.com"
];
forward-tls-upstream = true;
}
];
};
};
networking.firewall = {
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 ];
};
}

19
aspects/hosts/alexandria.nix
View file

@ -1,19 +0,0 @@
{ inputs, ... }:
let
mkHost = inputs.self.lib.mkHost;
in
{
flake.nixosConfigurations.alexandria = mkHost {
hostname = "alexandria";
nixpkgs = inputs.nixpkgs-stable;
extraModules = with inputs.self.modules.nixos; [
# base aspects
server
# other aspects
fwupd
libvirtd
];
};
}

24
aspects/hosts/io.nix
View file

@ -1,24 +0,0 @@
{ inputs, ... }:
let
mkHost = inputs.self.lib.mkHost;
in
{
flake.nixosConfigurations.io = mkHost {
hostname = "io";
ephemeralRootDev = "/dev/mapper/cryptroot";
extraModules = with inputs.self.modules.nixos; [
# base aspects
desktop
# other aspects
ai
bluetooth
dev
libvirtd
networkmanager
niri
podman
];
};
}

26
aspects/hosts/rotterdam.nix
View file

@ -1,26 +0,0 @@
{ inputs, ... }:
let
mkHost = inputs.self.lib.mkHost;
in
{
flake.nixosConfigurations.rotterdam = mkHost {
hostname = "rotterdam";
ephemeralRootDev = "/dev/mapper/cryptroot";
extraModules = with inputs.self.modules.nixos; [
# base aspects
desktop
gaming
# other aspects
ai
bluetooth
dev
fwupd
libvirtd
networkmanager
niri
podman
];
};
}

18
aspects/hosts/trantor.nix
View file

@ -1,18 +0,0 @@
{ inputs, ... }:
let
mkHost = inputs.self.lib.mkHost;
in
{
flake.nixosConfigurations.trantor = mkHost {
hostname = "trantor";
system = "aarch64-linux";
nixpkgs = inputs.nixpkgs-stable;
ephemeralRootDev = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2";
extraModules = with inputs.self.modules.nixos; [
# base aspects
server
];
};
}

27
aspects/libvirtd.nix
View file

@ -1,27 +0,0 @@
{ ... }:
{
flake.modules.nixos.libvirtd =
{
config,
lib,
pkgs,
...
}:
{
virtualisation = {
libvirtd.enable = true;
spiceUSBRedirection.enable = true;
};
programs.virt-manager.enable = true;
environment.systemPackages = with pkgs; [ lima ];
networking.firewall.trustedInterfaces = [ "virbr0" ];
users.users.user.extraGroups = [
"libvirt"
"libvirtd"
];
};
}

22
aspects/lxc.nix
View file

@ -1,22 +0,0 @@
{ ... }:
{
flake.modules.nixos.lxc =
{
config,
lib,
pkgs,
...
}:
{
virtualisation = {
lxc = {
enable = true;
unprivilegedContainers = true;
};
incus.enable = true;
};
users.users.user.extraGroups = [ "incus-admin" ];
};
}

18
aspects/networkmanager.nix
View file

@ -1,18 +0,0 @@
{ ... }:
{
flake.modules.nixos.networkmanager =
{
config,
lib,
pkgs,
...
}:
{
networking.networkmanager = {
enable = true;
wifi.backend = "iwd";
};
users.users.user.extraGroups = [ "networkmanager" ];
};
}

24
aspects/podman.nix
View file

@ -1,24 +0,0 @@
{ ... }:
{
flake.modules.nixos.podman =
{
config,
lib,
pkgs,
...
}:
{
virtualisation.podman = {
enable = true;
autoPrune.enable = true;
extraPackages = [ pkgs.podman-compose ];
};
security.unprivilegedUsernsClone = true; # Needed for rootless podman
systemd = {
services.podman-auto-update.enable = true;
timers.podman-auto-update.enable = true;
};
};
}

69
aspects/stylix.nix
View file

@ -1,69 +0,0 @@
{ ... }:
{
flake.modules = {
nixos.stylix =
{ inputs, ... }:
{
imports = [ inputs.stylix.nixosModules.stylix ];
};
homeManager.stylix =
{
config,
inputs,
pkgs,
...
}:
{
imports = [ inputs.stylix.homeModules.stylix ];
stylix = {
enable = true;
polarity = "dark";
base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyodark.yaml";
cursor = {
package = pkgs.kdePackages.breeze;
name = "breeze_cursors";
size = 24;
};
icons = {
enable = true;
package = pkgs.morewaita-icon-theme;
light = "MoreWaita";
dark = "MoreWaita";
};
opacity = {
applications = 1.0;
desktop = 1.0;
popups = config.stylix.opacity.desktop;
terminal = 1.0;
};
fonts = {
serif = {
package = pkgs.source-serif;
name = "Source Serif 4 Display";
};
sansSerif = {
package = pkgs.inter;
name = "Inter";
};
monospace = {
package = pkgs.nerd-fonts.fira-code;
name = "FiraCode Nerd Font";
};
emoji = {
package = pkgs.noto-fonts-color-emoji;
name = "Noto Color Emoji";
};
sizes = {
applications = 10;
desktop = config.stylix.fonts.sizes.applications;
popups = config.stylix.fonts.sizes.applications;
terminal = 12;
};
};
};
};
};
}

55
aspects/systems/base.nix
View file

@ -1,55 +0,0 @@
{ inputs, ... }:
{
flake.modules = {
nixos.base =
{ lib, pkgs, ... }:
{
imports = with inputs.self.modules.nixos; [
boot
console
firewall
fish
locale
nix
security
ssh
];
environment = {
systemPackages = with pkgs; [
git
fastfetch
nixos-firewall-tool
sysz
wget
yazi
];
shellAliases = {
cat = "${lib.getExe pkgs.bat} --paging=never --style=plain";
ls = "${lib.getExe pkgs.eza} --git --icons --group-directories-first";
tree = "ls --tree";
};
};
programs.command-not-found.enable = false;
services = {
dbus.implementation = "broker";
irqbalance.enable = true;
fstrim.enable = true;
tailscale = {
enable = true;
extraUpFlags = [ "--operator=user" ];
};
};
};
homeManager.base =
{ ... }:
{
imports = with inputs.self.modules.homeManager; [
bash
fish
];
};
};
}

33
aspects/systems/cli.nix
View file

@ -1,33 +0,0 @@
{ inputs, ... }:
{
flake.modules = {
nixos.cli =
{ pkgs, ... }:
{
imports = with inputs.self.modules.nixos; [
btop
helix
tmux
];
environment.systemPackages = with pkgs; [
p7zip
rclone
];
};
homeManager.cli =
{ ... }:
{
imports = with inputs.self.modules.homeManager; [
btop
comma
direnv
helix
hm-cli
starship
tmux
];
};
};
}

210
aspects/systems/desktop.nix
View file

@ -1,210 +0,0 @@
{
inputs,
...
}:
{
flake.modules = {
nixos.desktop =
{
config,
lib,
pkgs,
...
}:
{
imports = [
inputs.nix-flatpak.nixosModules.nix-flatpak
]
++ (with inputs.self.modules.nixos; [
graphics
media
office
web
]);
boot = {
plymouth.enable = true;
initrd.systemd.enable = true;
loader.efi.efiSysMountPoint = "/boot/efi";
kernelPackages = pkgs.linuxPackages_xanmod_latest;
extraModprobeConfig = ''
options bluetooth disable_ertm=1
'';
kernel.sysctl = {
"net.ipv4.tcp_mtu_probing" = 1;
};
kernelParams = [
"quiet"
"splash"
"i2c-dev"
"i2c-piix4"
"loglevel=3"
"udev.log_priority=3"
"rd.udev.log_level=3"
"rd.systemd.show_status=false"
];
};
nix = {
registry.nixpkgs.flake = inputs.nixpkgs;
nixPath = [
"nixpkgs=${inputs.nixpkgs}"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
environment = {
etc."channels/nixpkgs".source = inputs.nixpkgs.outPath;
sessionVariables = {
KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir
NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland
};
systemPackages = with pkgs; [
adwaita-icon-theme
ghostty
gnome-disk-utility
junction
libfido2
mission-center
nautilus
toggleaudiosink
unrar
];
};
services = {
printing.enable = true;
udev.packages = with pkgs; [ yubikey-personalization ];
keyd = {
enable = true;
keyboards.all = {
ids = [ "*" ];
settings.main.capslock = "overload(meta, esc)";
};
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
wireplumber.enable = true;
};
greetd = {
enable = true;
settings.default_session.user = "greeter";
};
flatpak = {
enable = true;
packages = [
"com.github.tchx84.Flatseal"
"com.rustdesk.RustDesk"
];
uninstallUnmanaged = true;
update.auto.enable = true;
};
gvfs.enable = true;
};
security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority
users = {
users.greeter = {
isSystemUser = true;
group = "greeter";
};
groups.greeter = { };
};
programs = {
kdeconnect = {
enable = true;
package = pkgs.valent;
};
dconf.enable = true;
appimage = {
enable = true;
binfmt = true;
};
};
fonts = {
fontDir.enable = true;
packages = with pkgs; [
corefonts
inter
nerd-fonts.fira-code
noto-fonts-cjk-sans
noto-fonts-color-emoji
roboto
];
};
xdg.portal = {
extraPortals = with pkgs; [
xdg-desktop-portal-gnome
xdg-desktop-portal-gtk
];
config.common.default = "*";
};
};
homeManager.desktop =
{
config,
lib,
pkgs,
inputs,
...
}:
{
imports = [
inputs.vicinae.homeManagerModules.default
]
++ (with inputs.self.modules.homeManager; [ media ]);
fonts.fontconfig.enable = true;
home = {
packages = with pkgs; [ xwayland-satellite ];
sessionVariables.TERMINAL = "ghostty";
};
services.vicinae = {
enable = true;
systemd = {
enable = true;
autoStart = true;
};
};
programs = {
ghostty = {
enable = true;
settings = {
cursor-style = "block";
shell-integration-features = "no-cursor";
cursor-style-blink = false;
custom-shader = "${builtins.fetchurl {
url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl";
sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41";
}}";
bell-features = "";
gtk-titlebar-style = "tabs";
keybind = [ "shift+enter=text:\\x1b\\r" ];
};
};
password-store = {
enable = true;
package = pkgs.pass-wayland;
};
};
xdg = {
enable = true;
userDirs.enable = true;
};
};
};
}

48
aspects/systems/gaming.nix
View file

@ -1,48 +0,0 @@
{ inputs, ... }:
{
flake.modules = {
nixos.gaming =
{ pkgs, ... }:
{
imports = with inputs.self.modules.nixos; [
mangohud
steam
];
hardware = {
xpadneo.enable = true;
steam-hardware.enable = true; # Allow steam client to manage controllers
graphics.enable32Bit = true; # For OpenGL games
};
services.flatpak.packages = [
"com.github.k4zmu2a.spacecadetpinball"
"io.itch.itch"
"io.mrarm.mcpelauncher"
"net.retrodeck.retrodeck"
"org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08"
rec {
appId = "com.hypixel.HytaleLauncher";
sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv";
bundle = "${pkgs.fetchurl {
url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak";
inherit sha256;
}}";
}
];
environment.systemPackages = with pkgs; [
clonehero
heroic
prismlauncher
];
};
homeManager.gaming =
{ ... }:
{
imports = with inputs.self.modules.homeManager; [
mangohud
];
};
};
}

36
aspects/systems/server.nix
View file

@ -1,36 +0,0 @@
{ inputs, ... }:
{
flake.modules.nixos.server =
{
config,
lib,
pkgs,
...
}:
{
boot = {
kernelPackages = pkgs.linuxPackages_hardened;
kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
};
environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath;
nix = {
registry.nixpkgs.flake = inputs.nixpkgs-stable;
nixPath = [
"nixpkgs=/etc/channels/nixpkgs"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
services.tailscale = {
extraSetFlags = [ "--advertise-exit-node" ];
useRoutingFeatures = "server";
};
};
}

17
aspects/users/_user/git.nix
View file

@ -1,17 +0,0 @@
{ ... }:
{
programs = {
git = {
enable = true;
settings.user = {
name = "William";
email = "baduhai@proton.me";
};
};
diff-so-fancy = {
enable = true;
enableGitIntegration = true;
};
};
}

12
aspects/users/root.nix
View file

@ -1,12 +0,0 @@
{ ... }:
{
flake.modules.nixos.root =
{ pkgs, ... }:
{
users.users.root = {
shell = pkgs.fish;
hashedPassword = "!";
};
};
}

55
aspects/users/user.nix
View file

@ -1,55 +0,0 @@
{ inputs, ... }:
let
mkHomeConfiguration = inputs.self.lib.mkHomeConfiguration;
in
{
flake = {
modules.nixos.user =
{ pkgs, ... }:
{
users.users.user = {
isNormalUser = true;
shell = pkgs.fish;
extraGroups = [
"networkmanager"
"wheel"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam"
];
hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0";
};
};
homeConfigurations = {
"user@rotterdam" = mkHomeConfiguration {
user = "user";
hostname = "rotterdam";
userModules = with inputs.self.modules.homeManager; [
# system aspects
desktop
gaming
# other aspects
stylix
niri
];
};
"user@io" = mkHomeConfiguration {
user = "user";
hostname = "io";
userModules = with inputs.self.modules.homeManager; [
# system aspects
desktop
# other aspects
stylix
niri
];
};
};
};
}

42
data/services.nix
View file

@ -1,42 +0,0 @@
# Shared service and host definitions
# This file can be imported directly (unlike aspects which use flake-parts)
{
hosts = {
alexandria = {
lanIP = "192.168.15.142";
tailscaleIP = "100.76.19.50";
};
trantor = {
tailscaleIP = "100.108.5.90";
};
};
services = [
{
name = "kanidm";
domain = "auth.baduhai.dev";
host = "alexandria";
}
{
name = "vaultwarden";
domain = "pass.baduhai.dev";
host = "alexandria";
}
{
name = "forgejo";
domain = "git.baduhai.dev";
host = "trantor";
public = true;
}
{
name = "nextcloud";
domain = "cloud.baduhai.dev";
host = "alexandria";
}
{
name = "jellyfin";
domain = "jellyfin.baduhai.dev";
host = "alexandria";
}
];
}

7
shells/default.nix → devShells.nix
View file

@ -1,14 +1,13 @@
{ inputs, ... }: { ... }:
{ {
perSystem = perSystem =
{ pkgs, system, ... }: { pkgs, ... }:
{ {
devShells.default = pkgs.mkShell { devShells.default = pkgs.mkShell {
packages = with pkgs; [ packages = with pkgs; [
inputs.agenix.packages.${stdenv.hostPlatform.system}.default
nil nil
nixfmt nixfmt-rfc-style
]; ];
}; };
}; };

914
flake.lock generated
View file

File diff suppressed because it is too large Load diff

70
flake.nix
View file

@ -2,57 +2,44 @@
description = "My nix hosts"; description = "My nix hosts";
inputs = { inputs = {
# nix tools
flake-parts.url = "github:hercules-ci/flake-parts";
import-tree.url = "github:vic/import-tree";
# nixos/hm
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05";
flake-parts.url = "github:hercules-ci/flake-parts";
home-manager = { home-manager = {
url = "github:nix-community/home-manager/master"; url = "github:nix-community/home-manager/master";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
home-manager-stable = {
url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs-stable";
};
# nixos/hm functionality modules
agenix = { agenix = {
url = "github:ryantm/agenix"; url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs-stable"; inputs.nixpkgs.follows = "nixpkgs-stable";
}; };
disko.url = "github:nix-community/disko";
impermanence.url = "github:nix-community/impermanence"; disko = {
url = "github:nix-community/disko?ref=v1.11.0";
inputs.nixpkgs.follows = "nixpkgs-stable";
};
dms = {
url = "github:AvengeMedia/DankMaterialShell";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-cli.url = "github:nix-community/nixos-cli"; nixos-cli.url = "github:nix-community/nixos-cli";
nix-flatpak.url = "github:gmodena/nix-flatpak/main"; nix-flatpak.url = "github:gmodena/nix-flatpak/main";
stylix.url = "github:danth/stylix";
# nixos/hm program modules impermanence.url = "github:nix-community/impermanence";
nix-ai-tools.url = "github:numtide/llm-agents.nix";
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
noctalia = {
url = "github:noctalia-dev/noctalia-shell";
inputs.nixpkgs.follows = "nixpkgs";
};
vicinae.url = "github:vicinaehq/vicinae";
zen-browser.url = "github:0xc000022070/zen-browser-flake";
# stand-alone tools
terranix = {
url = "github:terranix/terranix";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = outputs =
inputs@{ flake-parts, import-tree, ... }: inputs@{ flake-parts, ... }:
let
aspectsModules = import-tree ./aspects;
packagesModules = import-tree ./packages;
shellsModules = import-tree ./shells;
terranixModules = import-tree ./terranix;
in
flake-parts.lib.mkFlake { inherit inputs; } { flake-parts.lib.mkFlake { inherit inputs; } {
systems = [ systems = [
"x86_64-linux" "x86_64-linux"
@ -60,12 +47,11 @@
]; ];
imports = [ imports = [
flake-parts.flakeModules.modules ./devShells.nix
inputs.terranix.flakeModule ./homeConfigurations.nix
] ./nixosConfigurations.nix
++ aspectsModules.imports ./overlays.nix
++ packagesModules.imports ./packages.nix
++ shellsModules.imports ];
++ terranixModules.imports;
}; };
} }

35
homeConfigurations.nix Normal file
View file

@ -0,0 +1,35 @@
{ inputs, ... }:
let
lib = inputs.nixpkgs.lib;
utils = import ./utils.nix { inherit inputs lib; };
inherit (utils) mkUser;
in
{
flake.homeConfigurations = {
"user@rotterdam" = mkUser {
username = "user";
tags = [
"btop"
"desktop"
"direnv"
"gaming"
"helix"
"obs-studio"
"starship"
"tmux"
];
};
"user@io" = mkUser {
username = "user";
tags = [
"btop"
"desktop"
"direnv"
"helix"
"starship"
"tmux"
];
};
};
}

11
hosts/alexandria/firewall.nix Normal file
View file

@ -0,0 +1,11 @@
{ ... }:
{
networking.firewall = {
allowedTCPPorts = [
80
443
];
allowedUDPPorts = [ ];
};
}

35
hosts/alexandria/forgejo.nix Normal file
View file

@ -0,0 +1,35 @@
{
config,
lib,
inputs,
...
}:
let
utils = import ../../utils.nix { inherit inputs lib; };
inherit (utils) mkNginxVHosts;
in
{
services.forgejo = {
enable = true;
repositoryRoot = "/data/forgejo";
settings = {
session.COOKIE_SECURE = true;
server = {
PROTOCOL = "http+unix";
DOMAIN = "git.baduhai.dev";
ROOT_URL = "https://git.baduhai.dev";
OFFLINE_MODE = true; # disable use of CDNs
SSH_DOMAIN = "baduhai.dev";
};
log.LEVEL = "Warn";
mailer.ENABLED = false;
actions.ENABLED = false;
};
};
services.nginx.virtualHosts = mkNginxVHosts {
acmeHost = "baduhai.dev";
domains."git.baduhai.dev".locations."/".proxyPass =
"http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/";
};
}

0
aspects/hosts/_alexandria/hardware-configuration.nix → hosts/alexandria/hardware-configuration.nix
View file

4
aspects/hosts/_alexandria/jellyfin.nix → hosts/alexandria/jellyfin.nix
View file

@ -1,6 +1,7 @@
{ lib, inputs, ... }: { lib, inputs, ... }:
let let
mkNginxVHosts = inputs.self.lib.mkNginxVHosts; utils = import ../../utils.nix { inherit inputs lib; };
inherit (utils) mkNginxVHosts;
in in
{ {
services.jellyfin = { services.jellyfin = {
@ -9,6 +10,7 @@ in
}; };
services.nginx.virtualHosts = mkNginxVHosts { services.nginx.virtualHosts = mkNginxVHosts {
acmeHost = "baduhai.dev";
domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/";
}; };
} }

22
hosts/alexandria/librespeed.nix Normal file
View file

@ -0,0 +1,22 @@
{ lib, inputs, ... }:
let
utils = import ../../utils.nix { inherit inputs lib; };
inherit (utils) mkNginxVHosts;
in
{
virtualisation.oci-containers.containers."librespeed" = {
image = "lscr.io/linuxserver/librespeed:latest";
environment = {
TZ = "America/Bahia";
};
extraOptions = [
"--pull=newer"
"--label=io.containers.autoupdate=registry"
];
};
services.nginx.virtualHosts = mkNginxVHosts {
acmeHost = "baduhai.dev";
domains."speedtest.baduhai.dev".locations."/".proxyPass = "http://librespeed:80/";
};
}

40
aspects/hosts/_trantor/nginx.nix → hosts/alexandria/nginx.nix
View file

@ -4,17 +4,10 @@
inputs, inputs,
... ...
}: }:
let let
services = inputs.self.services; utils = import ../../utils.nix { inherit inputs lib; };
inherit (utils) mkNginxVHosts;
localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "trantor") services));
acmeCerts = lib.genAttrs localDomains (domain: {
group = "nginx";
});
in in
{ {
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
@ -24,7 +17,15 @@ in
dnsProvider = "cloudflare"; dnsProvider = "cloudflare";
credentialsFile = config.age.secrets.cloudflare.path; credentialsFile = config.age.secrets.cloudflare.path;
}; };
certs = acmeCerts; certs."baduhai.dev" = {
extraDomainNames = [ "*.baduhai.dev" ];
};
};
age.secrets.cloudflare = {
file = ../../secrets/cloudflare.age;
owner = "nginx";
group = "nginx";
}; };
services.nginx = { services.nginx = {
@ -33,24 +34,11 @@ in
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts = { virtualHosts = mkNginxVHosts {
"_" = { acmeHost = "baduhai.dev";
default = true; domains."_".locations."/".return = "444";
locations."/".return = "444";
};
}; };
}; };
users.users.nginx.extraGroups = [ "acme" ]; users.users.nginx.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [
80
443
];
age.secrets.cloudflare = {
file = "${inputs.self}/secrets/cloudflare.age";
owner = "nginx";
group = "nginx";
};
} }

9
aspects/hosts/_alexandria/vaultwarden.nix → hosts/alexandria/vaultwarden.nix
View file

@ -5,7 +5,8 @@
... ...
}: }:
let let
mkNginxVHosts = inputs.self.lib.mkNginxVHosts; utils = import ../../utils.nix { inherit inputs lib; };
inherit (utils) mkNginxVHosts;
in in
{ {
services.vaultwarden = { services.vaultwarden = {
@ -13,13 +14,13 @@ in
config = { config = {
DOMAIN = "https://pass.baduhai.dev"; DOMAIN = "https://pass.baduhai.dev";
SIGNUPS_ALLOWED = false; SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1"; ROCKET_ADDRESS = "/run/vaultwarden/vaultwarden.sock";
ROCKET_PORT = 58222;
}; };
}; };
services.nginx.virtualHosts = mkNginxVHosts { services.nginx.virtualHosts = mkNginxVHosts {
acmeHost = "baduhai.dev";
domains."pass.baduhai.dev".locations."/".proxyPass = domains."pass.baduhai.dev".locations."/".proxyPass =
"http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; "http://unix:${config.services.vaultwarden.config.ROCKET_ADDRESS}:/";
}; };
} }

0
aspects/hosts/_io/boot.nix → hosts/io/boot.nix
View file

83
hosts/io/disko.nix Normal file
View file

@ -0,0 +1,83 @@
{ inputs, ... }:
{
imports = [ inputs.disko.nixosModules.default ];
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
start = "1MiB";
end = "1GiB";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot/efi";
mountOptions = [
"noatime"
"fmask=0077"
"dmask=0077"
];
};
};
cryptroot = {
priority = 2;
name = "root";
size = "100%";
content = {
type = "luks";
name = "cryptroot";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"@root" = {
mountpoint = "/";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@root"
];
};
"@home" = {
mountpoint = "/home";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@home"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@nix"
];
};
"@persistent" = {
mountpoint = "/persistent";
mountOptions = [
"noatime"
"compress=zstd"
"subvol=@persistent"
];
};
};
};
};
};
};
};
};
};
};
}

1
aspects/hosts/_io/hardware-configuration.nix → hosts/io/hardware-configuration.nix
View file

@ -2,7 +2,6 @@
config, config,
lib, lib,
modulesPath, modulesPath,
inputs,
... ...
}: }:

0
aspects/hosts/_io/programs.nix → hosts/io/programs.nix
View file

2
aspects/hosts/_io/services.nix → hosts/io/services.nix
View file

@ -48,8 +48,6 @@
}; };
}; };
}; };
upower.enable = true;
power-profiles-daemon.enable = true;
}; };
# TODO: remove once gmodena/nix-flatpak/issues/45 fixed # TODO: remove once gmodena/nix-flatpak/issues/45 fixed

5
hosts/modules/bluetooth.nix Normal file
View file

@ -0,0 +1,5 @@
{ ... }:
{
hardware.bluetooth.enable = true;
}

20
hosts/modules/common/boot.nix Normal file
View file

@ -0,0 +1,20 @@
{ pkgs, ... }:
{
boot = {
loader = {
timeout = 1;
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
editor = false;
consoleMode = "max";
sortKey = "aa";
netbootxyz = {
enable = true;
sortKey = "zz";
};
};
};
};
}

8
hosts/modules/common/console.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
console = {
useXkbConfig = true;
earlySetup = true;
};
}

8
hosts/modules/common/firewall.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
networking = {
firewall.enable = true;
nftables.enable = true;
};
}

20
hosts/modules/common/locale.nix Normal file
View file

@ -0,0 +1,20 @@
{ ... }:
{
time.timeZone = "America/Bahia";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "pt_BR.utf8";
LC_IDENTIFICATION = "pt_BR.utf8";
LC_MEASUREMENT = "pt_BR.utf8";
LC_MONETARY = "pt_BR.utf8";
LC_NAME = "pt_BR.utf8";
LC_NUMERIC = "pt_BR.utf8";
LC_PAPER = "pt_BR.utf8";
LC_TELEPHONE = "pt_BR.utf8";
LC_TIME = "en_IE.utf8";
};
};
}

40
hosts/modules/common/nix.nix Normal file
View file

@ -0,0 +1,40 @@
{ inputs, ... }:
{
imports = [ inputs.nixos-cli.nixosModules.nixos-cli ];
nix = {
settings = {
auto-optimise-store = true;
connect-timeout = 10;
log-lines = 25;
min-free = 128000000;
max-free = 1000000000;
trusted-users = [ "@wheel" ];
};
extraOptions = "experimental-features = nix-command flakes";
gc = {
automatic = true;
options = "--delete-older-than 8d";
};
};
nixpkgs.config = {
allowUnfree = true;
enableParallelBuilding = true;
buildManPages = false;
buildDocs = false;
};
services = {
nixos-cli = {
enable = true;
config = {
use_nvd = true;
ignore_dirty_tree = true;
};
};
};
system.stateVersion = "22.11";
}

8
hosts/modules/common/openssh.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
services.openssh = {
enable = true;
settings.PermitRootLogin = "no";
};
}

29
hosts/modules/common/programs.nix Normal file
View file

@ -0,0 +1,29 @@
{ lib, pkgs, ... }:
{
environment = {
systemPackages = with pkgs; [
### Dev Tools ###
git
### System Utilities ###
btop
nixos-firewall-tool
nvd
sysz
tmux
wget
yazi
];
shellAliases = {
cat = "${lib.getExe pkgs.bat} --paging=never --style=plain";
ls = "${lib.getExe pkgs.eza} --icons --group-directories-first";
neofetch = "${lib.getExe pkgs.fastfetch}";
tree = "ls --tree";
};
};
programs = {
command-not-found.enable = false;
fish.enable = true;
};
}

13
hosts/modules/common/security.nix Normal file
View file

@ -0,0 +1,13 @@
{ ... }:
{
security = {
unprivilegedUsernsClone = true; # Needed for rootless podman
sudo = {
wheelNeedsPassword = false;
extraConfig = ''
Defaults lecture = never
'';
};
};
}

9
hosts/modules/common/services.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
services = {
dbus.implementation = "broker";
irqbalance.enable = true;
fstrim.enable = true;
};
}

8
hosts/modules/common/tailscale.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
services.tailscale = {
enable = true;
extraUpFlags = [ "--operator=user" ];
};
}

29
hosts/modules/common/users.nix Normal file
View file

@ -0,0 +1,29 @@
{ pkgs, ... }:
{
users.users = {
user = {
isNormalUser = true;
shell = pkgs.fish;
extraGroups = [
"networkmanager"
"wheel"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io"
];
hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0";
};
root = {
shell = pkgs.fish;
hashedPassword = "!";
};
};
programs.fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting
'';
};
}

26
hosts/modules/desktop/boot.nix Normal file
View file

@ -0,0 +1,26 @@
{ pkgs, ... }:
{
boot = {
plymouth.enable = true;
initrd.systemd.enable = true;
loader.efi.efiSysMountPoint = "/boot/efi";
kernelPackages = pkgs.linuxPackages_xanmod_latest;
extraModprobeConfig = ''
options bluetooth disable_ertm=1
'';
kernel.sysctl = {
"net.ipv4.tcp_mtu_probing" = 1;
};
kernelParams = [
"quiet"
"splash"
"i2c-dev"
"i2c-piix4"
"loglevel=3"
"udev.log_priority=3"
"rd.udev.log_level=3"
"rd.systemd.show_status=false"
];
};
}

157
hosts/modules/desktop/desktop.nix Normal file
View file

@ -0,0 +1,157 @@
{
inputs,
lib,
pkgs,
...
}:
let
kwrite = pkgs.symlinkJoin {
name = "kwrite";
paths = [ pkgs.kdePackages.kate ];
postBuild = ''
rm -rf $out/bin/kate \
$out/bin/.kate-wrapped \
$out/share/applications/org.kde.kate.desktop \
$out/share/man \
$out/share/icons/hicolor/*/apps/kate.png \
$out/share/icons/hicolor/scalable/apps/kate.svg \
$out/share/appdata/org.kde.kate.appdata.xml
'';
};
in
{
imports = [ inputs.nix-flatpak.nixosModules.nix-flatpak ];
environment = {
sessionVariables = {
KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir
NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland
};
systemPackages =
with pkgs;
[
### Web ###
bitwarden-desktop
brave
tor-browser
qbittorrent
vesktop
### Office & Productivity ###
aspell
aspellDicts.de
aspellDicts.en
aspellDicts.en-computers
aspellDicts.pt_BR
kwrite
libreoffice-qt
onlyoffice-desktopeditors
rnote
### Graphics & Design ###
gimp
inkscape
plasticity
### System Utilities ###
adwaita-icon-theme
colloid-gtk-theme
junction
kara
kde-rounded-corners
libfido2
mission-center
p7zip
rclone
toggleaudiosink
unrar
### Media ###
mpv
obs-studio
qview
]
++ (with pkgs.kdePackages; [
ark
dolphin
dolphin-plugins
kolourpaint
]);
};
services = {
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
wireplumber.enable = true;
};
greetd = {
enable = true;
settings = {
default_session = {
command = "${lib.getExe pkgs.greetd.tuigreet} --time --remember --asterisks --cmd ${lib.getExe pkgs.niri}";
user = "greeter";
};
initial_session = {
command = "${lib.getExe pkgs.niri}";
user = "user";
};
};
};
flatpak = {
enable = true;
packages = [
### Internet Browsers & Communication ###
"app.zen_browser.zen"
### Graphics & Design ###
"com.boxy_svg.BoxySVG"
rec {
appId = "io.github.softfever.OrcaSlicer";
sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1";
bundle = "${pkgs.fetchurl {
url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak";
inherit sha256;
}}";
}
### System Utilities ###
"com.github.tchx84.Flatseal"
"com.rustdesk.RustDesk"
];
uninstallUnmanaged = true;
update.auto.enable = true;
};
};
security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority
users = {
users.greeter = {
isSystemUser = true;
group = "greeter";
};
groups.greeter = { };
};
programs = {
niri.enable = true;
dconf.enable = true;
kdeconnect.enable = true;
partition-manager.enable = true;
appimage = {
enable = true;
binfmt = true;
};
};
fonts = {
fontDir.enable = true;
packages = with pkgs; [
corefonts
inter
nerd-fonts.fira-code
noto-fonts-cjk-sans
noto-fonts-color-emoji
roboto
];
};
}

13
hosts/modules/desktop/nix.nix Normal file
View file

@ -0,0 +1,13 @@
{ inputs, ... }:
{
environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath;
nix = {
registry.nixpkgs.flake = inputs.nixpkgs;
nixPath = [
"nixpkgs=${inputs.nixpkgs}"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
}

15
hosts/modules/desktop/services.nix Normal file
View file

@ -0,0 +1,15 @@
{ pkgs, ... }:
{
services = {
printing.enable = true;
udev.packages = with pkgs; [ yubikey-personalization ];
keyd = {
enable = true;
keyboards.all = {
ids = [ "*" ];
settings.main.capslock = "overload(meta, esc)";
};
};
};
}

20
hosts/modules/dev.nix Normal file
View file

@ -0,0 +1,20 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
bat
claude-code
lazygit
fd
fzf
glow
nixfmt-rfc-style
nix-init
nix-output-monitor
ripgrep
];
programs.adb.enable = true;
users.users.user.extraGroups = [ "adbusers" ];
}

72
hosts/modules/ephermal.nix Normal file
View file

@ -0,0 +1,72 @@
{ inputs, ... }:
{
imports = [ inputs.impermanence.nixosModules.impermanence ];
boot.initrd.systemd.services.recreate-root = {
description = "Rolling over and creating new filesystem root";
requires = [ "initrd-root-device.target" ];
after = [
"local-fs-pre.target"
"initrd-root-device.target"
];
requiredBy = [ "initrd-root-fs.target" ];
before = [ "sysroot.mount" ];
unitConfig = {
AssertPathExists = "/etc/initrd-release";
DefaultDependencies = false;
};
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
mkdir /btrfs_tmp
mount /dev/mapper/cryptroot /btrfs_tmp
if [[ -e /btrfs_tmp/@root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/@root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/@root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/@root
umount /btrfs_tmp
'';
};
environment.persistence.main = {
persistentStoragePath = "/persistent";
files = [
"/etc/machine-id"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
directories = [
"/etc/NetworkManager/system-connections"
"/etc/nixos"
"/var/lib/bluetooth"
"/var/lib/flatpak"
"/var/lib/lxd"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/var/lib/systemd/timers"
"/var/lib/tailscale"
"/var/log"
];
};
}

5
hosts/modules/fwupd.nix Normal file
View file

@ -0,0 +1,5 @@
{ ... }:
{
services.fwupd.enable = true;
}

36
hosts/modules/gaming.nix Normal file
View file

@ -0,0 +1,36 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
clonehero
heroic
mangohud
prismlauncher
protonup
steam-run
];
programs = {
steam = {
enable = true;
extraCompatPackages = [ pkgs.proton-ge-bin ];
};
gamemode.enable = true;
};
hardware = {
xpadneo.enable = true;
steam-hardware.enable = true; # Allow steam client to manage controllers
graphics.enable32Bit = true; # For OpenGL games
};
services.flatpak.packages = [
"com.github.k4zmu2a.spacecadetpinball"
"com.steamgriddb.SGDBoop"
"io.github.Foldex.AdwSteamGtk"
"io.itch.itch"
"io.mrarm.mcpelauncher"
"net.retrodeck.retrodeck"
"org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08"
];
}

12
hosts/modules/libvirtd.nix Normal file
View file

@ -0,0 +1,12 @@
{ ... }:
{
virtualisation.libvirtd.enable = true;
programs.virt-manager.enable = true;
users.users.user.extraGroups = [
"libvirt"
"libvirtd"
];
}

10
hosts/modules/networkmanager.nix Normal file
View file

@ -0,0 +1,10 @@
{ ... }:
{
networking.networkmanager = {
enable = true;
wifi.backend = "iwd";
};
users.users.user.extraGroups = [ "networkmanager" ];
}

14
hosts/modules/podman.nix Normal file
View file

@ -0,0 +1,14 @@
{ pkgs, ... }:
{
virtualisation.podman = {
enable = true;
autoPrune.enable = true;
extraPackages = [ pkgs.podman-compose ];
};
systemd = {
services.podman-auto-update.enable = true;
timers.podman-auto-update.enable = true;
};
}

5
hosts/modules/server/boot.nix Normal file
View file

@ -0,0 +1,5 @@
{ pkgs, ... }:
{
boot.kernelPackages = pkgs.linuxPackages_hardened;
}

13
hosts/modules/server/nix.nix Normal file
View file

@ -0,0 +1,13 @@
{ inputs, ... }:
{
environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath;
nix = {
registry.nixpkgs.flake = inputs.nixpkgs-stable;
nixPath = [
"nixpkgs=/etc/channels/nixpkgs"
"/nix/var/nix/profiles/per-user/root/channels"
];
};
}

13
hosts/modules/server/tailscale.nix Normal file
View file

@ -0,0 +1,13 @@
{ ... }:
{
services.tailscale = {
extraSetFlags = [ "--advertise-exit-node" ];
useRoutingFeatures = "server";
};
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
}

Some files were not shown because too many files have changed in this diff Show more