diff --git a/.gitignore b/.gitignore index 73105bb..b59fd44 100644 --- a/.gitignore +++ b/.gitignore @@ -3,8 +3,6 @@ result result-* .direnv/ oci-trantor/ -tailscale-tailnet/ -cloudflare-baduhaidev # Personal notes and temporary files todo.md diff --git a/devShells.nix b/devShells.nix index f7e9627..72b2695 100644 --- a/devShells.nix +++ b/devShells.nix @@ -1,12 +1,12 @@ -{ inputs, ... }: +{ ... }: { perSystem = - { pkgs, system, ... }: + { pkgs, ... }: { devShells.default = pkgs.mkShell { packages = with pkgs; [ - inputs.agenix.packages.${system}.default + agenix-cli deploy-rs nil nixfmt-rfc-style diff --git a/hosts/io/disko.nix b/disko/io.nix similarity index 96% rename from hosts/io/disko.nix rename to disko/io.nix index 4e6c9d5..37f3160 100644 --- a/hosts/io/disko.nix +++ b/disko/io.nix @@ -1,8 +1,4 @@ -{ inputs, ... }: - { - imports = [ inputs.disko.nixosModules.default ]; - disko.devices.disk.main = { type = "disk"; device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689"; diff --git a/hosts/trantor/disko.nix b/disko/trantor.nix similarity index 88% rename from hosts/trantor/disko.nix rename to disko/trantor.nix index 0e47058..db1397e 100644 --- a/hosts/trantor/disko.nix +++ b/disko/trantor.nix @@ -1,11 +1,7 @@ -{ inputs, ... }: - { - imports = [ inputs.disko.nixosModules.default ]; - disko.devices.disk.main = { type = "disk"; - device = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20"; + device = "/dev/disk/by-id/scsi-36067d367fe184830a89bbe708c7b1066"; content = { type = "gpt"; partitions = { @@ -31,7 +27,8 @@ name = "root"; size = "100%"; content = { - type = "btrfs"; + type = "filesystem"; + format = "btrfs"; extraArgs = [ "-f" ]; subvolumes = { "@root" = { diff --git a/diskoConfigurations.nix b/diskoConfigurations.nix new file mode 100644 index 0000000..511eddc --- /dev/null +++ b/diskoConfigurations.nix @@ -0,0 +1,12 @@ +{ inputs, ... }: + +{ + imports = [ + inputs.disko.flakeModule + ]; + + flake.diskoConfigurations = { + io.modules = [ ./disko/io.nix ]; + trantor.modules = [ ./disko/trantor.nix ]; + }; +} diff --git a/flake.lock b/flake.lock index 27c3580..5993cdf 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1761656077, - "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=", + "lastModified": 1760836749, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5", + "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", "type": "github" }, "original": { @@ -91,28 +91,6 @@ "type": "github" } }, - "blueprint": { - "inputs": { - "nixpkgs": [ - "nix-ai-tools", - "nixpkgs" - ], - "systems": "systems_3" - }, - "locked": { - "lastModified": 1763308703, - "narHash": "sha256-O9Y+Wer8wOh+N+4kcCK5p/VLrXyX+ktk0/s3HdZvJzk=", - "owner": "numtide", - "repo": "blueprint", - "rev": "5a9bba070f801d63e2af3c9ef00b86b212429f4f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "blueprint", - "type": "github" - } - }, "darwin": { "inputs": { "nixpkgs": [ @@ -208,11 +186,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1761588595, - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -226,11 +204,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1762040540, - "narHash": "sha256-z5PlZ47j50VNF3R+IMS9LmzI5fYRGY/Z5O5tol1c9I4=", + "lastModified": 1760948891, + "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "0010412d62a25d959151790968765a70c436598b", + "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", "type": "github" }, "original": { @@ -283,25 +261,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_4" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { - "inputs": { - "systems": "systems_8" + "systems": "systems_3" }, "locked": { "lastModified": 1731533236, @@ -378,11 +338,11 @@ ] }, "locked": { - "lastModified": 1762178366, - "narHash": "sha256-I+8yE5HVR2SFcHnW0771psQ/zn0qVzsKHY/gUM0nEVM=", + "lastModified": 1760929667, + "narHash": "sha256-nZh6uvc71nVNaf/y+wesnjwsmJ6IZZUnP2EzpZe48To=", "owner": "nix-community", "repo": "home-manager", - "rev": "8c824254b1ed9e797f6235fc3c62f365893c561a", + "rev": "189c21cf879669008ccf06e78a553f17e88d8ef0", "type": "github" }, "original": { @@ -458,11 +418,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1762152856, - "narHash": "sha256-U3SDbk7tIwLChpvb3FL66o8V0byaQ2RGMiy/3oLdxTI=", + "lastModified": 1760950171, + "narHash": "sha256-E2ySTu/oK7cYBdAI3tlGP9zVjF4mZgWJ1OZInBCMb00=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "df17789929ac80f4157b15724450db6a303a6dc9", + "rev": "f851a923137c0a54719412146fd63d24b3214e60", "type": "github" }, "original": { @@ -491,11 +451,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1762146685, - "narHash": "sha256-anRlNG6t7esBbF1+ALDeathVBSclA0PEL52Vo0WnN5g=", + "lastModified": 1760940149, + "narHash": "sha256-KbM47vD6E0cx+v4jYQZ8mD5N186AKm2CQlyh34TW58U=", "owner": "YaLTeR", "repo": "niri", - "rev": "a2ca2b3c866bc781b12c334a9f949b3db6d7c943", + "rev": "b3245b81a6ed8edfaf5388a74d2e0a23c24941e5", "type": "github" }, "original": { @@ -504,26 +464,6 @@ "type": "github" } }, - "nix-ai-tools": { - "inputs": { - "blueprint": "blueprint", - "nixpkgs": "nixpkgs_5", - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1763412165, - "narHash": "sha256-n6bChFrCf2/uHzTsZdABUt1+Ua3n0jinNfamHd5DmBA=", - "owner": "numtide", - "repo": "nix-ai-tools", - "rev": "a2dfa932ed37e5b6224b39b4982c85cd8ebcca14", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "nix-ai-tools", - "type": "github" - } - }, "nix-flatpak": { "locked": { "lastModified": 1754777568, @@ -547,11 +487,11 @@ ] }, "locked": { - "lastModified": 1762055842, - "narHash": "sha256-Pu1v3mlFhRzZiSxVHb2/i/f5yeYyRNqr0RvEUJ4UgHo=", + "lastModified": 1760846226, + "narHash": "sha256-xmU8kAsRprJiTGBTaGrwmjBP3AMA9ltlrxHKFuy5JWc=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "359ff6333a7b0b60819d4c20ed05a3a1f726771f", + "rev": "5024e1901239a76b7bf94a4cd27f3507e639d49e", "type": "github" }, "original": { @@ -563,7 +503,7 @@ "nix-options-doc": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_5", "rust-overlay": "rust-overlay_2" }, "locked": { @@ -585,14 +525,14 @@ "inputs": { "flake-compat": "flake-compat_2", "nix-options-doc": "nix-options-doc", - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1761970410, - "narHash": "sha256-IUm2nkbKlDkG94ruTmIYLERpBn6gXydm3scZIKzpcKs=", + "lastModified": 1760856139, + "narHash": "sha256-N+F4n1WYE3AWc/kmdqIz67GNX7PgyKosnmGYYx8vR9k=", "owner": "nix-community", "repo": "nixos-cli", - "rev": "5c259f72ae1eaa00b99354d81130d8fddb7f9a7a", + "rev": "c8f5ce1fd9bf151df74328795b6b2720e2e22d75", "type": "github" }, "original": { @@ -619,11 +559,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1761765539, - "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", "type": "github" }, "original": { @@ -634,11 +574,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1761999846, - "narHash": "sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo=", + "lastModified": 1760862643, + "narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3de8f8d73e35724bf9abef41f1bdbedda1e14a31", + "rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c", "type": "github" }, "original": { @@ -650,11 +590,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1761999846, - "narHash": "sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo=", + "lastModified": 1760862643, + "narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3de8f8d73e35724bf9abef41f1bdbedda1e14a31", + "rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c", "type": "github" }, "original": { @@ -664,45 +604,13 @@ "type": "github" } }, - "nixpkgs_10": { - "locked": { - "lastModified": 1762111121, - "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { - "locked": { - "lastModified": 1755615617, - "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "20075955deac2583bb12f07151c2df830ef346b4", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { - "lastModified": 1752596105, - "narHash": "sha256-lFNVsu/mHLq3q11MuGkMhUUoSXEdQjCHvpReaGP1S2k=", + "lastModified": 1761880412, + "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dab3a6e781554f965bde3def0aa2fda4eb8f1708", + "rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386", "type": "github" }, "original": { @@ -730,11 +638,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1761907660, - "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", + "lastModified": 1760878510, + "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", + "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", "type": "github" }, "original": { @@ -745,22 +653,6 @@ } }, "nixpkgs_5": { - "locked": { - "lastModified": 1763312402, - "narHash": "sha256-3YJkOBrFpmcusnh7i8GXXEyh7qZG/8F5z5+717550Hk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "85a6c4a07faa12aaccd81b36ba9bfc2bec974fa1", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { "locked": { "lastModified": 1740695751, "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", @@ -776,13 +668,13 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_6": { "locked": { - "lastModified": 1761880412, - "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", + "lastModified": 1759070547, + "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386", + "rev": "647e5c14cbd5067f44ac86b74f014962df460840", "type": "github" }, "original": { @@ -792,13 +684,13 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_7": { "locked": { - "lastModified": 1761907660, - "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", + "lastModified": 1760878510, + "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", + "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", "type": "github" }, "original": { @@ -808,7 +700,7 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_8": { "locked": { "lastModified": 1758690382, "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", @@ -824,20 +716,36 @@ "type": "github" } }, + "nixpkgs_9": { + "locked": { + "lastModified": 1755615617, + "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "20075955deac2583bb12f07151c2df830ef346b4", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "noctalia": { "inputs": { "nixpkgs": [ "nixpkgs" ], "quickshell": "quickshell", - "systems": "systems_5" + "systems": "systems_4" }, "locked": { - "lastModified": 1762156721, - "narHash": "sha256-gHfzrTDSnNC5yRJwkZfP55fPHUc8DuB4OQEIBSQSs18=", + "lastModified": 1761190730, + "narHash": "sha256-XAs/Q4zBJIfK/bwq9KjTUkTH15A+Pe2rIilyvalEHuM=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "5ca5aa602f58a8e0e73fedbef351f1cdf8cbe981", + "rev": "c3439b262c7cb3d57c93197a93a3aa382582bdae", "type": "github" }, "original": { @@ -879,11 +787,11 @@ ] }, "locked": { - "lastModified": 1761821581, - "narHash": "sha256-nLuc6jA7z+H/6bHPEBSOYPbz7RtvNCZiTKmYItJuBmM=", + "lastModified": 1753595452, + "narHash": "sha256-vqkSDvh7hWhPvNjMjEDV4KbSCv2jyl2Arh73ZXe274k=", "ref": "refs/heads/master", - "rev": "db1777c20b936a86528c1095cbcb1ebd92801402", - "revCount": 699, + "rev": "a5431dd02dc23d9ef1680e67777fed00fe5f7cda", + "revCount": 665, "type": "git", "url": "https://git.outfoxxed.me/outfoxxed/quickshell" }, @@ -902,16 +810,14 @@ "impermanence": "impermanence", "niri": "niri", "niri-flake": "niri-flake", - "nix-ai-tools": "nix-ai-tools", "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_7", "nixpkgs-stable": "nixpkgs-stable_2", "noctalia": "noctalia", "stylix": "stylix", "terranix": "terranix", - "vicinae": "vicinae", "zen-browser": "zen-browser" } }, @@ -967,9 +873,9 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_2", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_8", "nur": "nur", - "systems": "systems_6", + "systems": "systems_5", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -977,11 +883,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1762101397, - "narHash": "sha256-wGiL2K3kAyBBmIZpJEskaSIgyzzpg0zwfvri+Sy6/CI=", + "lastModified": 1760472212, + "narHash": "sha256-4C3I/ssFsq8EgaUmZP0xv5V7RV0oCHgL/Rx+MUkuE+E=", "owner": "danth", "repo": "stylix", - "rev": "8c0640d5722a02178c8ee80a62c5f019cab4b3c1", + "rev": "8d008296a1b3be9b57ad570f7acea00dd2fc92db", "type": "github" }, "original": { @@ -1080,50 +986,20 @@ "type": "github" } }, - "systems_7": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_8": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "terranix": { "inputs": { "flake-parts": "flake-parts_3", "nixpkgs": [ "nixpkgs" ], - "systems": "systems_7" + "systems": "systems_6" }, "locked": { - "lastModified": 1762161791, - "narHash": "sha256-J1L1yP29NVBJO04LA/JGM6kwhnjeNhEsX0tLFnuN3FI=", + "lastModified": 1757278723, + "narHash": "sha256-hTMi6oGU+6VRnW9SZZ+muFcbfMEf2ajjOp7Z2KM5MMY=", "owner": "terranix", "repo": "terranix", - "rev": "a79a47b4617dfb92184e2e5b8f5aa6fc06c659c8", + "rev": "924573fa6587ac57b0d15037fbd2d3f0fcdf17fb", "type": "github" }, "original": { @@ -1213,27 +1089,6 @@ "type": "github" } }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "nix-ai-tools", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1762938485, - "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, "utils": { "inputs": { "systems": "systems_2" @@ -1252,25 +1107,6 @@ "type": "github" } }, - "vicinae": { - "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_10" - }, - "locked": { - "lastModified": 1762709887, - "narHash": "sha256-8BoGGsWfkS/2ODBSCYd5HJNFGuLY8fFl27rXmWClXQw=", - "owner": "vicinaehq", - "repo": "vicinae", - "rev": "54722e36137d8273ef0a5db37776fb8302c79238", - "type": "github" - }, - "original": { - "owner": "vicinaehq", - "repo": "vicinae", - "type": "github" - } - }, "xwayland-satellite-stable": { "flake": false, "locked": { @@ -1291,11 +1127,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1761622056, - "narHash": "sha256-fBrUszJXmB4MY+wf3QsCnqWHcz7u7fLq0QMAWCltIQg=", + "lastModified": 1759707084, + "narHash": "sha256-0pkftKs6/LReNvxw7DVTN2AJEheZVgyeK0Aarbagi70=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "0728d59ff6463a502e001fb090f6eb92dbc04756", + "rev": "a9188e70bd748118b4d56a529871b9de5adb9988", "type": "github" }, "original": { @@ -1307,14 +1143,14 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_11" + "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1762131860, - "narHash": "sha256-sIPhzkDrfe6ptthZiwoxQyO6rKd9PgJnl+LOyythQkI=", + "lastModified": 1760934351, + "narHash": "sha256-RehxVjBRC9EiBO36EPZROLHhVVSWFe3KEROhaEapboM=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "10e69cb268b1d3dc91135e72f5462b2acfbcc3aa", + "rev": "596c3ac14be576b93f5db9252a1b0581e453ec9f", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index c5c3880..c9d5076 100644 --- a/flake.nix +++ b/flake.nix @@ -49,10 +49,6 @@ url = "github:terranix/terranix"; inputs.nixpkgs.follows = "nixpkgs"; }; - - nix-ai-tools.url = "github:numtide/nix-ai-tools"; - - vicinae.url = "github:vicinaehq/vicinae"; }; outputs = @@ -66,6 +62,7 @@ imports = [ ./deploy.nix ./devShells.nix + ./diskoConfigurations.nix ./homeConfigurations.nix ./nixosConfigurations.nix ./nixosModules.nix diff --git a/hosts/alexandria/firewall.nix b/hosts/alexandria/firewall.nix new file mode 100644 index 0000000..f6fded2 --- /dev/null +++ b/hosts/alexandria/firewall.nix @@ -0,0 +1,11 @@ +{ ... }: + +{ + networking.firewall = { + allowedTCPPorts = [ + 80 + 443 + ]; + allowedUDPPorts = [ ]; + }; +} diff --git a/hosts/alexandria/forgejo.nix b/hosts/alexandria/forgejo.nix new file mode 100644 index 0000000..909d1d1 --- /dev/null +++ b/hosts/alexandria/forgejo.nix @@ -0,0 +1,35 @@ +{ + config, + lib, + inputs, + ... +}: +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in +{ + services.forgejo = { + enable = true; + repositoryRoot = "/data/forgejo"; + settings = { + session.COOKIE_SECURE = true; + server = { + PROTOCOL = "http+unix"; + DOMAIN = "git.baduhai.dev"; + ROOT_URL = "https://git.baduhai.dev"; + OFFLINE_MODE = true; # disable use of CDNs + SSH_DOMAIN = "baduhai.dev"; + }; + log.LEVEL = "Warn"; + mailer.ENABLED = false; + actions.ENABLED = false; + }; + }; + + services.nginx.virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; + domains."git.baduhai.dev".locations."/".proxyPass = + "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; + }; +} diff --git a/hosts/alexandria/jellyfin.nix b/hosts/alexandria/jellyfin.nix index 6ceac09..9555c89 100644 --- a/hosts/alexandria/jellyfin.nix +++ b/hosts/alexandria/jellyfin.nix @@ -10,6 +10,7 @@ in }; services.nginx.virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; }; } diff --git a/hosts/alexandria/kanidm.nix b/hosts/alexandria/kanidm.nix deleted file mode 100644 index eaaa9b9..0000000 --- a/hosts/alexandria/kanidm.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ - config, - lib, - inputs, - pkgs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; - kanidmCertDir = "/var/lib/kanidm/certs"; -in - -{ - services.kanidm = { - enableServer = true; - enableClient = true; - package = pkgs.kanidm; - - serverSettings = { - domain = "auth.baduhai.dev"; - origin = "https://auth.baduhai.dev"; - bindaddress = "127.0.0.1:8443"; - ldapbindaddress = "127.0.0.1:636"; - trust_x_forward_for = true; - # Use self-signed certificates for internal TLS - tls_chain = "${kanidmCertDir}/cert.pem"; - tls_key = "${kanidmCertDir}/key.pem"; - }; - - clientSettings = { - uri = "https://auth.baduhai.dev"; - }; - }; - - services.nginx.virtualHosts = mkNginxVHosts { - domains."auth.baduhai.dev" = { - locations."/" = { - proxyPass = "https://127.0.0.1:8443"; - extraConfig = '' - proxy_ssl_verify off; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $host; - ''; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ 636 ]; - - # Generate self-signed certificates for kanidm's internal TLS - systemd.services.kanidm-generate-certs = { - description = "Generate self-signed TLS certificates for Kanidm"; - wantedBy = [ "multi-user.target" ]; - before = [ "kanidm.service" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - mkdir -p ${kanidmCertDir} - if [ ! -f ${kanidmCertDir}/key.pem ]; then - ${pkgs.openssl}/bin/openssl req -x509 -newkey rsa:4096 \ - -keyout ${kanidmCertDir}/key.pem \ - -out ${kanidmCertDir}/cert.pem \ - -days 3650 -nodes \ - -subj "/CN=localhost" \ - -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" - chown -R kanidm:kanidm ${kanidmCertDir} - chmod 600 ${kanidmCertDir}/key.pem - chmod 644 ${kanidmCertDir}/cert.pem - fi - ''; - }; - - # Ensure certificate generation runs before kanidm starts - systemd.services.kanidm = { - after = [ "kanidm-generate-certs.service" ]; - wants = [ "kanidm-generate-certs.service" ]; - }; -} diff --git a/hosts/alexandria/librespeed.nix b/hosts/alexandria/librespeed.nix new file mode 100644 index 0000000..e36a81d --- /dev/null +++ b/hosts/alexandria/librespeed.nix @@ -0,0 +1,30 @@ +{ + config, + lib, + inputs, + ... +}: + +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in + +{ + virtualisation.oci-containers.containers."librespeed" = { + image = "lscr.io/linuxserver/librespeed:latest"; + environment = { + TZ = "America/Bahia"; + }; + ports = [ "127.0.0.1:58080:80" ]; + extraOptions = [ + "--pull=newer" + "--label=io.containers.autoupdate=registry" + ]; + }; + + services.nginx.virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; + domains."speedtest.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:58080/"; + }; +} diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index c449cce..68d4875 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -24,13 +24,7 @@ in database.createLocally = true; maxUploadSize = "16G"; extraApps = { - inherit (config.services.nextcloud.package.packages.apps) - calendar - contacts - notes - tasks - user_oidc - ; + inherit (config.services.nextcloud.package.packages.apps) calendar contacts notes; }; extraAppsEnable = true; caching = { @@ -41,7 +35,6 @@ in trusted_proxies = [ "127.0.0.1" ]; default_phone_region = "BR"; maintenance_window_start = "4"; - allow_local_remote_servers = true; enabledPreviewProviders = [ "OC\\Preview\\BMP" "OC\\Preview\\EMF" @@ -78,6 +71,7 @@ in }; nginx.virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; domains."cloud.baduhai.dev" = { }; }; }; diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix index 274f645..0a0a261 100644 --- a/hosts/alexandria/nginx.nix +++ b/hosts/alexandria/nginx.nix @@ -7,15 +7,7 @@ let utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts services; - - # Get all unique domains from shared services that have LAN IPs (served by this host) - localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "alexandria") services)); - - # Generate ACME cert configs for all local domains - acmeCerts = lib.genAttrs localDomains (domain: { - group = "nginx"; - }); + inherit (utils) mkNginxVHosts; in { @@ -27,7 +19,9 @@ in dnsProvider = "cloudflare"; credentialsFile = config.age.secrets.cloudflare.path; }; - certs = acmeCerts; + certs."baduhai.dev" = { + extraDomainNames = [ "*.baduhai.dev" ]; + }; }; services.nginx = { @@ -36,21 +30,14 @@ in recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts = { - "_" = { - default = true; - locations."/".return = "444"; - }; + virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; + domains."_".locations."/".return = "444"; }; }; users.users.nginx.extraGroups = [ "acme" ]; - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; - age.secrets.cloudflare = { file = ../../secrets/cloudflare.age; owner = "nginx"; diff --git a/hosts/alexandria/unbound.nix b/hosts/alexandria/unbound.nix deleted file mode 100644 index 31363aa..0000000 --- a/hosts/alexandria/unbound.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ inputs, lib, ... }: - -let - utils = import ../../utils.nix { inherit inputs lib; }; -in - -{ - services.unbound = { - enable = true; - enableRootTrustAnchor = true; - settings = { - server = { - interface = [ - "0.0.0.0" - "::" - ]; - access-control = [ - "127.0.0.0/8 allow" - "192.168.0.0/16 allow" - "::1/128 allow" - ]; - - num-threads = 2; - msg-cache-size = "50m"; - rrset-cache-size = "100m"; - cache-min-ttl = 300; - cache-max-ttl = 86400; - prefetch = true; - prefetch-key = true; - hide-identity = true; - hide-version = true; - so-rcvbuf = "1m"; - so-sndbuf = "1m"; - - # LAN-only DNS records - local-zone = ''"baduhai.dev." transparent''; - local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') - (lib.filter (e: e ? lanIP) utils.services); - }; - - forward-zone = [ - { - name = "."; - forward-addr = [ - "1.1.1.1@853#cloudflare-dns.com" - "1.0.0.1@853#cloudflare-dns.com" - ]; - forward-tls-upstream = true; - } - ]; - }; - }; - - networking.firewall = { - allowedTCPPorts = [ 53 ]; - allowedUDPPorts = [ 53 ]; - }; -} diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix index 2335ee0..fd10d6b 100644 --- a/hosts/alexandria/vaultwarden.nix +++ b/hosts/alexandria/vaultwarden.nix @@ -20,6 +20,7 @@ in }; services.nginx.virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; domains."pass.baduhai.dev".locations."/".proxyPass = "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; }; diff --git a/hosts/io/hardware-configuration.nix b/hosts/io/hardware-configuration.nix index 8e4dae4..cb114a1 100644 --- a/hosts/io/hardware-configuration.nix +++ b/hosts/io/hardware-configuration.nix @@ -2,12 +2,15 @@ config, lib, modulesPath, - inputs, + self, ... }: { - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + self.diskoConfigurations.io + ]; boot = { initrd = { diff --git a/hosts/io/services.nix b/hosts/io/services.nix index df41a6f..90fb737 100644 --- a/hosts/io/services.nix +++ b/hosts/io/services.nix @@ -49,7 +49,6 @@ }; }; upower.enable = true; - power-profiles-daemon.enable = true; }; # TODO: remove once gmodena/nix-flatpak/issues/45 fixed diff --git a/hosts/modules/ai.nix b/hosts/modules/ai.nix deleted file mode 100644 index e2dd9d2..0000000 --- a/hosts/modules/ai.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ inputs, pkgs, ... }: - -{ - environment.systemPackages = with inputs.nix-ai-tools.packages.${pkgs.system}; [ - claude-desktop - claude-code - claudebox - opencode - ]; -} diff --git a/hosts/modules/common/openssh.nix b/hosts/modules/common/openssh.nix index df70bdd..63422b3 100644 --- a/hosts/modules/common/openssh.nix +++ b/hosts/modules/common/openssh.nix @@ -4,8 +4,10 @@ services.openssh = { enable = true; settings.PermitRootLogin = "no"; - extraConfig = '' - PrintLastLog no - ''; }; + programs.fish.interactiveShellInit = '' + if set -q SSH_CONNECTION + neofetch + end + ''; } diff --git a/hosts/modules/common/programs.nix b/hosts/modules/common/programs.nix index fd10953..be57b69 100644 --- a/hosts/modules/common/programs.nix +++ b/hosts/modules/common/programs.nix @@ -25,16 +25,6 @@ programs = { command-not-found.enable = false; - fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - if set -q SSH_CONNECTION - export TERM=xterm-256color - clear - fastfetch - end - ''; - }; + fish.enable = true; }; } diff --git a/hosts/modules/common/users.nix b/hosts/modules/common/users.nix index 7dd6490..0572153 100644 --- a/hosts/modules/common/users.nix +++ b/hosts/modules/common/users.nix @@ -10,9 +10,8 @@ "wheel" ]; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" ]; hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; }; diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix index 03ec04b..5258442 100644 --- a/hosts/modules/desktop/desktop.nix +++ b/hosts/modules/desktop/desktop.nix @@ -20,6 +20,7 @@ systemPackages = with pkgs; [ ### Web ### bitwarden-desktop + brave fragments nextcloud-client tor-browser @@ -34,7 +35,6 @@ libreoffice onlyoffice-desktopeditors papers - presenterm rnote ### Graphics & Design ### gimp diff --git a/hosts/modules/dev.nix b/hosts/modules/dev.nix index c4cca78..82908f2 100644 --- a/hosts/modules/dev.nix +++ b/hosts/modules/dev.nix @@ -3,6 +3,7 @@ { environment.systemPackages = with pkgs; [ bat + claude-code lazygit fd fzf diff --git a/hosts/modules/ephemeral.nix b/hosts/modules/ephemeral.nix index cad5f41..8ed08bc 100644 --- a/hosts/modules/ephemeral.nix +++ b/hosts/modules/ephemeral.nix @@ -10,7 +10,7 @@ enable = true; rootDevice = if config.networking.hostName == "trantor" then - "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2" + "/dev/disk/by-id/scsi-36067d367fe184830a89bbe708c7b1066" else "/dev/mapper/cryptroot"; rootSubvolume = "@root"; diff --git a/hosts/modules/gaming.nix b/hosts/modules/gaming.nix index 5aef14e..cf6217f 100644 --- a/hosts/modules/gaming.nix +++ b/hosts/modules/gaming.nix @@ -6,6 +6,7 @@ heroic mangohud prismlauncher + protonup steam-run ]; diff --git a/hosts/trantor/boot.nix b/hosts/trantor/boot.nix index 0498818..67ac124 100644 --- a/hosts/trantor/boot.nix +++ b/hosts/trantor/boot.nix @@ -1,6 +1,3 @@ { - boot = { - initrd.systemd.enable = true; - loader.efi.efiSysMountPoint = "/boot/efi"; - }; + boot.initrd.systemd.enable = true; } diff --git a/hosts/trantor/fail2ban.nix b/hosts/trantor/fail2ban.nix deleted file mode 100644 index bc05139..0000000 --- a/hosts/trantor/fail2ban.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, pkgs, ... }: - -{ - services.fail2ban = { - enable = true; - maxretry = 5; - ignoreIP = [ - "127.0.0.0/8" - "::1" - "10.0.0.0/8" - "172.16.0.0/12" - "192.168.0.0/16" - "100.64.0.0/10" - ]; - bantime = "1h"; - bantime-increment = { - enable = true; - multipliers = "1 2 4 8 16 32 64"; - maxtime = "10000h"; - overalljails = true; - }; - }; -} diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix deleted file mode 100644 index fdfa64a..0000000 --- a/hosts/trantor/forgejo.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in - -{ - services = { - forgejo = { - enable = true; - settings = { - session.COOKIE_SECURE = true; - server = { - PROTOCOL = "http+unix"; - DOMAIN = "git.baduhai.dev"; - ROOT_URL = "https://git.baduhai.dev"; - OFFLINE_MODE = true; # disable use of CDNs - SSH_DOMAIN = "git.baduhai.dev"; - }; - log.LEVEL = "Warn"; - mailer.ENABLED = false; - actions.ENABLED = false; - service.DISABLE_REGISTRATION = true; - oauth2_client = { - ENABLE_AUTO_REGISTRATION = true; - UPDATE_AVATAR = true; - ACCOUNT_LINKING = "login"; - USERNAME = "preferred_username"; - }; - }; - }; - nginx.virtualHosts = mkNginxVHosts { - domains."git.baduhai.dev".locations."/".proxyPass = - "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; - }; - fail2ban.jails.forgejo = { - settings = { - enabled = true; - filter = "forgejo"; - maxretry = 3; - findtime = "10m"; - bantime = "1h"; - }; - }; - }; - - environment = { - etc."fail2ban/filter.d/forgejo.conf".text = '' - [Definition] - failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from - ignoreregex = - journalmatch = _SYSTEMD_UNIT=forgejo.service - ''; - - persistence.main.directories = [ - { - directory = config.services.forgejo.stateDir; - inherit (config.services.forgejo) user group; - mode = "0700"; - } - ]; - }; - - # Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories - systemd.services.forgejo.serviceConfig.PrivateMounts = lib.mkForce false; -} diff --git a/hosts/trantor/hardware-configuration.nix b/hosts/trantor/hardware-configuration.nix index 039129e..4a9503f 100644 --- a/hosts/trantor/hardware-configuration.nix +++ b/hosts/trantor/hardware-configuration.nix @@ -1,19 +1,30 @@ { lib, modulesPath, + self, ... }: { - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - boot.initrd.availableKernelModules = [ - "xhci_pci" - "virtio_pci" - "virtio_scsi" - "usbhid" + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + self.diskoConfigurations.trantor ]; + boot = { + kernelModules = [ ]; + extraModulePackages = [ ]; + initrd = { + availableKernelModules = [ + "xhci_pci" + "virtio_pci" + "virtio_scsi" + "usbhid" + ]; + kernelModules = [ ]; + }; + }; + networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; diff --git a/hosts/trantor/nginx.nix b/hosts/trantor/nginx.nix deleted file mode 100644 index 56eed7c..0000000 --- a/hosts/trantor/nginx.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts services; - - # Get all unique domains from shared services on trantor (host = "trantor") - localDomains = lib.unique ( - map (s: s.domain) (lib.filter (s: s.host == "trantor") services) - ); - - # Generate ACME cert configs for all local domains - acmeCerts = lib.genAttrs localDomains (domain: { - group = "nginx"; - }); -in - -{ - security.acme = { - acceptTerms = true; - defaults = { - email = "baduhai@proton.me"; - dnsResolver = "1.1.1.1:53"; - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets.cloudflare.path; - }; - certs = acmeCerts; - }; - - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts = { - "_" = { - default = true; - locations."/".return = "444"; - }; - }; - }; - - users.users.nginx.extraGroups = [ "acme" ]; - - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; - - age.secrets.cloudflare = { - file = ../../secrets/cloudflare.age; - owner = "nginx"; - group = "nginx"; - }; -} diff --git a/hosts/trantor/openssh.nix b/hosts/trantor/openssh.nix deleted file mode 100644 index 704b3df..0000000 --- a/hosts/trantor/openssh.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ ... }: - -{ - services = { - openssh = { - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; - fail2ban.jails.sshd = { - settings = { - enabled = true; - port = "ssh"; - filter = "sshd"; - logpath = "/var/log/auth.log"; - maxretry = 3; - findtime = "10m"; - bantime = "1h"; - }; - }; - }; -} diff --git a/hosts/trantor/unbound.nix b/hosts/trantor/unbound.nix deleted file mode 100644 index 46808c6..0000000 --- a/hosts/trantor/unbound.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ inputs, lib, ... }: - -let - utils = import ../../utils.nix { inherit inputs lib; }; -in - -{ - services.unbound = { - enable = true; - enableRootTrustAnchor = true; - settings = { - server = { - interface = [ - "0.0.0.0" - "::" - ]; - access-control = [ - "127.0.0.0/8 allow" - "100.64.0.0/10 allow" # Tailscale CGNAT range - "::1/128 allow" - "fd7a:115c:a1e0::/48 allow" # Tailscale IPv6 - ]; - - num-threads = 2; - msg-cache-size = "50m"; - rrset-cache-size = "100m"; - cache-min-ttl = 300; - cache-max-ttl = 86400; - prefetch = true; - prefetch-key = true; - hide-identity = true; - hide-version = true; - so-rcvbuf = "1m"; - so-sndbuf = "1m"; - - # Tailnet DNS records from shared services - local-zone = ''"baduhai.dev." transparent''; - local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') utils.services; - }; - - forward-zone = [ - { - name = "."; - forward-addr = [ - "1.1.1.1@853#cloudflare-dns.com" - "1.0.0.1@853#cloudflare-dns.com" - ]; - forward-tls-upstream = true; - } - ]; - }; - }; - - networking.firewall = { - allowedTCPPorts = [ 53 ]; - allowedUDPPorts = [ 53 ]; - }; -} diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index c4969c1..ced8851 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -10,7 +10,6 @@ in hostname = "rotterdam"; tags = [ "desktop" - "ai" "bluetooth" "dev" "ephemeral" @@ -26,7 +25,6 @@ in hostname = "io"; tags = [ "desktop" - "ai" "bluetooth" "dev" "ephemeral" @@ -40,6 +38,7 @@ in tags = [ # "server" TODO: uncomment when 25.11 is out. "fwupd" + "podman" ]; }; diff --git a/readme.md b/readme.md index a2b815f..2804237 100644 --- a/readme.md +++ b/readme.md @@ -1,87 +1,123 @@ -# Nix Configuration +# NixOS Configuration -My personal Nix configuration for multiple NixOS hosts, home-manager users, miscellaneous resources... too many things to list. If I could put my life in a flake I would. +A declarative, modular NixOS/Home Manager flake configuration managing multiple systems with a tag-based architecture for maximum code reuse and flexibility. ## Hosts -### Desktop Systems -- **rotterdam** - Main desktop workstation (x86_64) - - Features: Desktop, AI tools, Bluetooth, Dev environment, Gaming, Virtualization (libvirtd), Podman - - Storage: Ephemeral root with LUKS encryption +| Host | Type | System | Version | Description | +|------|------|--------|---------|-------------| +| **rotterdam** | Desktop | x86_64-linux | NixOS Unstable | Primary workstation with gaming, development | +| **io** | Laptop | x86_64-linux | NixOS Unstable | Mobile workstation | +| **alexandria** | Server/NAS | x86_64-linux | NixOS 25.05 | Personal server running Nextcloud, Forgejo, Jellyfin, Vaultwarden | +| **trantor** | VPS | aarch64-linux | NixOS 25.05 | Oracle Cloud instance | -- **io** - Laptop workstation (x86_64) - - Features: Desktop, AI tools, Bluetooth, Dev environment, Podman - - Storage: Ephemeral root with LUKS encryption +## Key Features -### Servers -- **alexandria** - Home server (x86_64) - - Hosts: Nextcloud, Vaultwarden, Jellyfin, Kanidm +### Architecture +- **Tag-based module system** - Compose configurations using tags instead of traditional inheritance +- **Flake-based** - Fully reproducible builds with locked dependencies +- **Multi-platform** - Supports both x86_64 and aarch64 architectures +- **Deployment automation** - Remote deployment via deploy-rs -- **trantor** - Cloud server (aarch64) - - Hosts: Forgejo - - Cloud provider: Oracle Cloud Infrastructure - - Storage: Ephemeral root with btrfs +### Desktop Experience +- **Niri compositor** - Custom fork with auto-centering window columns +- **Unified theming** - Stylix-based theming +- **Wayland-native** - Full Wayland support +- **Ephemeral root** - Impermanent filesystem using BTRFS for atomic rollback capability -## Home Manager Configurations - -- **user@rotterdam** - Full desktop setup with gaming, OBS, and complete development environment -- **user@io** - Lightweight desktop setup - -Both configurations include: -- btop, direnv, helix, starship, tmux -- Stylix theme management -- Fish shell with custom configurations - -## Terranix Configurations - -Infrastructure as code using Terranix (NixOS + Terraform/OpenTofu): - -- **oci-trantor** - Oracle Cloud Infrastructure provisioning for Trantor server -- **cloudflare-baduhaidev** - DNS and CDN configuration for baduhai.dev domain -- **tailscale-tailnet** - Tailscale network ACL and device management - -## Services - -All services are accessible via custom domains under baduhai.dev: - -- **Kanidm** (auth.baduhai.dev) - Identity and access management -- **Vaultwarden** (pass.baduhai.dev) - Password manager -- **Forgejo** (git.baduhai.dev) - Git forge (publicly accessible) -- **Nextcloud** (cloud.baduhai.dev) - File sync and collaboration -- **Jellyfin** (jellyfin.baduhai.dev) - Media server - -Services are accessible via: -- LAN for alexandria-hosted services -- Tailscale VPN for all services -- Public internet for Forgejo only - -## Notable Features - -### Ephemeral Root -Rotterdam, io, and trantor use an ephemeral root filesystem that resets on every boot: -- Root filesystem is automatically rolled back using btrfs snapshots -- Old snapshots retained for 30 days -- Persistent data stored in dedicated subvolumes -- Implements truly stateless systems - -### Custom DNS Architecture -- Unbound DNS servers on both alexandria and trantor -- Service routing based on visibility flags (public/LAN/Tailscale) -- Split-horizon DNS for optimal access paths +### Self-Hosted Services +- **Nextcloud** - Cloud storage with calendar, contacts, and notes +- **Forgejo** - Self-hosted Git server +- **Jellyfin** - Media streaming +- **Vaultwarden** - Password manager backend +- **LibreSpeed** - Network speed testing +- All services behind Nginx and Tailscale with automatic SSL via Let's Encrypt ### Security -- LUKS full-disk encryption on desktop systems -- Fail2ban on public-facing servers -- agenix for secrets management -- Tailscale for secure remote access +- **Agenix** - Encrypted secrets management +- **Tailscale** - Zero-config VPN mesh network +- **Firewall** - Configured on all hosts +- SSH key-based authentication -### Desktop Environment -- Custom Niri window manager (Wayland compositor) -- Using forked version with auto-centering feature -- Stylix for consistent theming +## Repository Structure -### Development Setup -- Nix flakes for reproducible builds -- deploy-rs for automated deployments -- Podman for containerization -- Complete AI tooling integration +``` +. +├── flake.nix # Main flake definition +├── utils.nix # Tag-based module system utilities +├── nixosConfigurations.nix # Host definitions with tags +├── homeConfigurations.nix # User configurations +├── deploy.nix # Remote deployment configuration +├── hosts/ +│ ├── alexandria/ # Server-specific config +│ ├── io/ # Laptop-specific config +│ ├── rotterdam/ # Desktop-specific config +│ ├── trantor/ # VPS-specific config +│ └── modules/ +│ ├── common/ # Shared base configuration +│ ├── desktop/ # Desktop environment setup +│ ├── server/ # Server-specific modules +│ └── [tag].nix # Optional feature modules +├── users/ +│ └── modules/ # Home Manager configurations +│ └── [tag].nix # Optional feature modules +├── packages/ # Custom package definitions +└── secrets/ # Encrypted secrets (agenix) +``` + +## Tag System + +Configurations are composed using tags that map to modules: + +**Common Tags** (all hosts): +- `common` - Base system configuration (automatically applied) + +**General Tags**: +- `desktop` - *Mostly* full desktop environment with Niri WM +- `dev` - Development tools and environments +- `gaming` - Steam, Heroic, gamemode, controller support +- `ephemeral` - Impermanent root filesystem +- `networkmanager` - WiFi and network management +- `libvirtd` - KVM/QEMU virtualization +- `podman` - Container runtime +- `bluetooth` - Bluetooth support +- `fwupd` - Firmware update daemon + +**Server Tags**: +- `server` - Server-specific configuration + +## Usage + +### Rebuilding a Configuration + +```bash +# Local rebuild +sudo nixos-rebuild switch --flake .#hostname + +# Remote deployment +deploy .#hostname +``` + +### Updating Dependencies + +```bash +nix flake update +``` + +### Adding a New Host + +1. Create host directory in `hosts/` +2. Define configuration in `nixosConfigurations.nix` with appropriate tags +3. Add deployment profile in `deploy.nix` if needed + +## Dependencies + +- [nixpkgs](https://github.com/NixOS/nixpkgs) - Stable (25.05) and unstable channels +- [home-manager](https://github.com/nix-community/home-manager) - User configuration +- [agenix](https://github.com/ryantm/agenix) - Secrets management +- [disko](https://github.com/nix-community/disko) - Declarative disk partitioning +- [stylix](https://github.com/danth/stylix) - System-wide theming +- [niri-flake](https://github.com/sodiboo/niri-flake) - Wayland compositor (custom fork) +- [impermanence](https://github.com/nix-community/impermanence) - Ephemeral filesystem support +- [deploy-rs](https://github.com/serokell/deploy-rs) - Remote deployment +- [nix-flatpak](https://github.com/gmodena/nix-flatpak) - Declarative Flatpak management diff --git a/secrets/cloudflare.age b/secrets/cloudflare.age index 028e964..9e989ec 100644 --- a/secrets/cloudflare.age +++ b/secrets/cloudflare.age @@ -1,11 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 Kfdnog IHXv4c5we36dCUsB1v8uEF23tIRlDQ/8WR1hX4GQ+Uc -Cwccw64BYBdSZUdkSqKESIU7E17cLNtiAZZ3Y1xV87A --> ssh-ed25519 8YSAiw Ce3vdMG111ubjcFgd3+q2Qw2+7dsoUz7SiudtuLDr0Y -JUodwFsKfOTZXxFyRrEk/4gxJ4goPkwvYeThi893M0U --> ssh-ed25519 J6tVTA bExFuITTGXkTvhW25nushN7zT/PJGDoezsqu7fLKemI -4a90v0F4wgcZeqWBQ/EpqOZ9OCgT7qruwVvlGZeFmN8 --> ssh-ed25519 Qt3Q+A j1oo46pNh1+yPEtxpgj+QPQPf5m82jL0DHGMacY8UFA -vy52Hl1WLTdKNA8+4p7A48Sg9+QkMXbECf/uxVMCLYk ---- 429vzgFnmFbEqDMwdvC0/EYDJlKU64YEGgE0AqPqlBs -b/!8O3Df/&kNQhurt%&]ucjH]_5@D$>N8Ϧ >9:CvѦ69W'X]X^ƻ$}|c/ ߸={uɳs \ No newline at end of file +-> ssh-ed25519 Kfdnog gEZvRtLBhGslmS97VaRqoucgExvOopsHAAne4lCmEEY +NkIeFYuQFntDOBqd3k0/OVYMcM7h73uO0jPXaHzEcZc +-> ssh-ed25519 8YSAiw bVV4jIDbBKxsr6mQ4Tv0rP6ylrAEOJWkqjpyvXjnQRU +6kUe5Syw7sd+aF2QEgr6Yj+fOPL5zSJN1PJvY9Kdhlg +-> ssh-ed25519 J6tVTA 4JMlJmhHAYUgjiWwB1Q278TSjJypwecALmfnosxan0s +WIubcIFrjMV0GpyU1ZGc48YwrqOtSmJxweonw1KnR+U +--- 78A7re4LLB/0n5AXLRlVqiMNFMAQ2ZvjjK21YGRveRE +_4pkVCKm#~kI8Em3kp|0^tSk s/΅?=l,7~̈́c{ȞAݭ>ZlGTJsGY //B4e'IIc ,"< \ No newline at end of file diff --git a/secrets/forgejo-root-password.age b/secrets/forgejo-root-password.age deleted file mode 100644 index 90be612..0000000 Binary files a/secrets/forgejo-root-password.age and /dev/null differ diff --git a/secrets/nextcloud-adminpass.age b/secrets/nextcloud-adminpass.age index b4a29fa..3b6ff2a 100644 Binary files a/secrets/nextcloud-adminpass.age and b/secrets/nextcloud-adminpass.age differ diff --git a/secrets/nextcloud-secrets.json.age b/secrets/nextcloud-secrets.json.age index 02d170d..473f3cb 100644 Binary files a/secrets/nextcloud-secrets.json.age and b/secrets/nextcloud-secrets.json.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index a90cd74..d47309f 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -7,7 +7,7 @@ let alexandria = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK95QueW+jp1ZmF299Xr3XkgHJ6dL7aZVsfWxqbOKVKA root@alexandria"; - trantor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIh/2u5pr/iPVeavlsor5hbTtsgUfP1JpzZVco2YQAo3 root@trantor"; + trantor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINkGuGLZPnYJbCGY4BhJ9uTupp6ruuR1NZ7FEYEaLPA7 root@alexandria"; in { @@ -15,7 +15,6 @@ in io-user rotterdam-user alexandria - trantor ]; "nextcloud-adminpass.age".publicKeys = [ io-user @@ -27,9 +26,4 @@ in rotterdam-user alexandria ]; - "forgejo-root-password.age".publicKeys = [ - io-user - rotterdam-user - trantor - ]; } diff --git a/shared/services.nix b/shared/services.nix deleted file mode 100644 index 44f9208..0000000 --- a/shared/services.nix +++ /dev/null @@ -1,48 +0,0 @@ -# Shared service definitions for cross-host configuration -# Used by: -# - alexandria: DNS server (LAN) + service hosting (vaultwarden, nextcloud, jellyfin, kanidm) -# - trantor: DNS server (Tailnet) + service hosting (forgejo) -{ - services = [ - { - name = "kanidm"; - domain = "auth.baduhai.dev"; - host = "alexandria"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - port = 8443; - } - { - name = "vaultwarden"; - domain = "pass.baduhai.dev"; - host = "alexandria"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - port = 8222; - } - { - name = "forgejo"; - domain = "git.baduhai.dev"; - host = "trantor"; - public = true; - tailscaleIP = "100.108.5.90"; - port = 3000; - } - { - name = "nextcloud"; - domain = "cloud.baduhai.dev"; - host = "alexandria"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - port = 443; - } - { - name = "jellyfin"; - domain = "jellyfin.baduhai.dev"; - host = "alexandria"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - port = 8096; - } - ]; -} diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix index 1b456f3..e69de29 100644 --- a/terranix/cloudflare/baduhai.dev.nix +++ b/terranix/cloudflare/baduhai.dev.nix @@ -1,86 +0,0 @@ -# Required environment variables: -# CLOUDFLARE_API_TOKEN - API token with "Edit zone DNS" permissions -# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage -# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage - -{ config, lib, ... }: - -let - inherit (import ../../shared/services.nix) services; - - # Helper to extract subdomain from full domain (e.g., "git.baduhai.dev" -> "git") - getSubdomain = domain: lib.head (lib.splitString "." domain); - - # Generate DNS records for services - # Public services point to trantor's public IP - # Private services point to their tailscale IP - mkServiceRecords = lib.listToAttrs ( - lib.imap0 ( - i: svc: - let - subdomain = getSubdomain svc.domain; - targetIP = - if svc.public or false then - config.data.terraform_remote_state.trantor "outputs.instance_public_ip" - else - svc.tailscaleIP; - in - { - name = "service_${toString i}"; - value = { - zone_id = config.variable.zone_id.default; - name = subdomain; - type = "A"; - content = targetIP; - proxied = false; - ttl = 3600; - }; - } - ) services - ); -in - -{ - terraform.required_providers.cloudflare = { - source = "cloudflare/cloudflare"; - version = "~> 5.0"; - }; - - terraform.backend.s3 = { - bucket = "terraform-state"; - key = "cloudflare/baduhai.dev.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - - variable = { - zone_id = { - default = "c63a8332fdddc4a8e5612ddc54557044"; - type = "string"; - }; - }; - - data = { - terraform_remote_state.trantor = { - backend = "s3"; - config = { - bucket = "terraform-state"; - key = "oci/trantor.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - }; - }; - - resource.cloudflare_dns_record = mkServiceRecords; -} diff --git a/terranix/oci/trantor.nix b/terranix/oci/trantor.nix index 170ad04..37c12ae 100644 --- a/terranix/oci/trantor.nix +++ b/terranix/oci/trantor.nix @@ -1,13 +1,3 @@ -# Required environment variables: -# instead of OCI variables, ~/.oci/config may also be used -# OCI_TENANCY_OCID - Oracle tenancy OCID (or use TF_VAR_* to override variables) -# OCI_USER_OCID - Oracle user OCID -# OCI_FINGERPRINT - API key fingerprint -# OCI_PRIVATE_KEY_PATH - Path to OCI API private key -# AWS variables are required -# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage -# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage - { config, ... }: { @@ -53,7 +43,6 @@ ssh_public_keys = { default = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" ]; @@ -240,7 +229,6 @@ threshold = 5; threshold_type = "PERCENTAGE"; display_name = "daily-spend-alert"; - recipients = "baduhai@proton.me"; description = "Alert when daily spending exceeds $0.05"; message = "Daily spending has exceeded $0.05 in the trantor compartment"; }; diff --git a/terranix/tailscale/tailnet.nix b/terranix/tailscale/tailnet.nix index 929e79b..e69de29 100644 --- a/terranix/tailscale/tailnet.nix +++ b/terranix/tailscale/tailnet.nix @@ -1,43 +0,0 @@ -# Required environment variables: -# TAILSCALE_API_KEY - Tailscale API key with appropriate permissions -# TAILSCALE_TAILNET - Your tailnet name (e.g., "user@example.com" or "example.org.github") -# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage -# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage - -{ config, ... }: - -{ - terraform.required_providers.tailscale = { - source = "tailscale/tailscale"; - version = "~> 0.17"; - }; - - terraform.backend.s3 = { - bucket = "terraform-state"; - key = "tailscale/tailnet.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - - variable = { - trantor_tailscale_ip = { - default = "100.108.5.90"; - type = "string"; - }; - }; - - resource = { - tailscale_dns_nameservers.global = { - nameservers = [ - config.variable.trantor_tailscale_ip.default - "1.1.1.1" - "1.0.0.1" - ]; - }; - }; -} diff --git a/terranixConfigurations.nix b/terranixConfigurations.nix index 12c90d1..fc84f17 100644 --- a/terranixConfigurations.nix +++ b/terranixConfigurations.nix @@ -14,14 +14,6 @@ modules = [ ./terranix/oci/trantor.nix ]; terraformWrapper.package = pkgs.opentofu; }; - cloudflare-baduhaidev = { - modules = [ ./terranix/cloudflare/baduhai.dev.nix ]; - terraformWrapper.package = pkgs.opentofu; - }; - tailscale-tailnet = { - modules = [ ./terranix/tailscale/tailnet.nix ]; - terraformWrapper.package = pkgs.opentofu; - }; }; }; } diff --git a/users/modules/common/fish.nix b/users/modules/common/fish.nix index c753297..d95db24 100644 --- a/users/modules/common/fish.nix +++ b/users/modules/common/fish.nix @@ -3,10 +3,7 @@ { programs.fish = { enable = true; - interactiveShellInit = '' - set fish_greeting - ${lib.getExe pkgs.nix-your-shell} fish | source - ''; + interactiveShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; plugins = [ { diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix index 6940e1f..ba30852 100644 --- a/users/modules/desktop/desktop.nix +++ b/users/modules/desktop/desktop.nix @@ -1,21 +1,15 @@ { + config, inputs, pkgs, ... }: { - imports = [ inputs.vicinae.homeManagerModules.default ]; - fonts.fontconfig.enable = true; home.packages = with pkgs; [ xwayland-satellite ]; - services.vicinae = { - enable = true; - autoStart = true; - }; - programs = { ghostty = { @@ -28,7 +22,7 @@ url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; }}"; - bell-features = ""; + bell-features = "border"; gtk-titlebar-style = "tabs"; keybind = [ "shift+enter=text:\\x1b\\r" ]; }; @@ -47,28 +41,33 @@ enable = true; defaultApplications = { "text/html" = [ - "re.sonny.Junction.desktop" + "com.github.timecraft.junction.desktop" "zen-browser.desktop" + "brave-browser.desktop" "torbrowser.desktop" ]; "x-scheme-handler/http" = [ - "re.sonny.Junction.desktop" + "com.github.timecraft.junction.desktop" "zen-browser.desktop" + "brave-browser.desktop" "torbrowser.desktop" ]; "x-scheme-handler/https" = [ - "re.sonny.Junction.desktop" + "com.github.timecraft.junction.desktop" "zen-browser.desktop" + "brave-browser.desktop" "torbrowser.desktop" ]; "x-scheme-handler/about" = [ - "re.sonny.Junction.desktop" + "com.github.timecraft.junction.desktop" "zen-browser.desktop" + "brave-browser.desktop" "torbrowser.desktop" ]; "x-scheme-handler/unknown" = [ - "re.sonny.Junction.desktop" + "com.github.timecraft.junction.desktop" "zen-browser.desktop" + "brave-browser.desktop" "torbrowser.desktop" ]; "image/jpeg" = "org.gnome.Loupe.desktop"; diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix index 0cb5db8..16955d9 100644 --- a/users/modules/desktop/niri.nix +++ b/users/modules/desktop/niri.nix @@ -8,35 +8,25 @@ let isRotterdam = hostname == "rotterdam"; + noctalia = "${lib.getExe inputs.noctalia.packages.${pkgs.system}.default}"; in { imports = [ inputs.noctalia.homeModules.default ]; - services.kanshi = { - enable = true; - settings = [ - { - profile.name = "default"; - profile.outputs = [ - { - criteria = "*"; - scale = 1.0; - } - ]; - } - ]; - }; - home = { - packages = with pkgs; [ - xwayland-satellite - inputs.noctalia.packages.${pkgs.system}.default - ]; + packages = with pkgs; [ xwayland-satellite ]; sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; }; xdg.configFile."niri/config.kdl".text = '' + output "eDP-1" { + scale 1.0 + } + output "DP-3" { + scale 1.0 + } + input { keyboard { xkb { @@ -93,18 +83,23 @@ in inactive-color "#505050" urgent-color "#9b0000" } - tab-indicator { - width 4 - gap 4 - place-within-column - } + tab-indicator { + width 4 + gap 4 + place-within-column + } + ${lib.optionalString isRotterdam '' + struts { + left 8 + right 8 + }''} } overview { zoom 0.65 } - spawn-at-startup "noctalia-shell" "-d" + spawn-at-startup "${noctalia}" layer-rule { match namespace="^wallpaper$" place-within-backdrop true @@ -140,18 +135,18 @@ in } binds { - Alt+Space repeat=false { spawn "vicinae" "toggle"; } - XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; } - XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; } - XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; } - XF86MonBrightnessUp allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "increase"; } - XF86MonBrightnessDown allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "decrease"; } + Alt+Space { spawn "${noctalia}" "ipc" "call" "launcher" "toggle"; } + XF86AudioRaiseVolume allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "volume" "increase"; } + XF86AudioLowerVolume allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "volume" "decrease"; } + XF86AudioMute allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "volume" "muteOutput"; } + XF86MonBrightnessUp allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "brightness" "increase"; } + XF86MonBrightnessDown allow-when-locked=true { spawn "${noctalia}" "ipc" "call" "brightness" "decrease"; } XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; } XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } - Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; } - Mod+Shift+L repeat=false { spawn "noctalia-shell" "ipc" "call" "lockScreen" "lock"; } + Mod+V { spawn "${noctalia}" "ipc" "call" "launcher" "clipboard"; } + Mod+Shift+L { spawn "${noctalia}" "ipc" "call" "lockScreen" "toggle"; } Mod+Return { spawn "ghostty"; } Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } Mod+W repeat=false { toggle-overview; } @@ -160,13 +155,17 @@ in Mod+Shift+Q { close-window; } Alt+F4 { close-window; } Mod+Left { focus-column-left; } - Mod+Down { focus-window-or-workspace-down; } - Mod+Up { focus-window-or-workspace-up; } + Mod+Down { focus-window-down; } + Mod+Up { focus-window-up; } Mod+Right { focus-column-right; } Mod+H { focus-column-left; } Mod+L { focus-column-right; } - Mod+J { focus-window-or-workspace-down; } - Mod+K { focus-window-or-workspace-up; } + Mod+J { focus-window-down; } + Mod+K { focus-window-up; } + Ctrl+Alt+J { focus-workspace-down; } + Ctrl+Alt+K { focus-workspace-up; } + Ctrl+Alt+Down { focus-workspace-down; } + Ctrl+Alt+Up { focus-workspace-up; } Mod+Ctrl+Left { move-column-left; } Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } @@ -221,8 +220,8 @@ in Mod+Print { screenshot; } Ctrl+Print { screenshot-window; } Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } - Mod+Alt+E { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } - Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } + Mod+Alt+E { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } + Ctrl+Alt+Delete { spawn "${noctalia}" "ipc" "call" "sessionMenu" "toggle"; } Mod+Ctrl+P { power-off-monitors; } } ''; diff --git a/users/modules/stylix.nix b/users/modules/stylix.nix index f1c7e44..13ba8b6 100644 --- a/users/modules/stylix.nix +++ b/users/modules/stylix.nix @@ -46,7 +46,7 @@ name = "FiraCode Nerd Font"; }; emoji = { - package = pkgs.noto-fonts-color-emoji; + package = pkgs.noto-fonts-emoji; name = "Noto Color Emoji"; }; sizes = { diff --git a/utils.nix b/utils.nix index 8c20ab9..38cf968 100644 --- a/utils.nix +++ b/utils.nix @@ -8,14 +8,9 @@ let home-manager agenix ; - - # Import shared service definitions - sharedServices = import ./shared/services.nix; in { - # Re-export shared services for use in host configs - inherit (sharedServices) services; # Tag-based host configuration system mkHost = { @@ -183,41 +178,16 @@ in # Nginx virtual host utilities mkNginxVHosts = - { domains }: + { + acmeHost, + domains, + }: let - # Extract domain name and apply it as useACMEHost - mkVHostConfig = domain: config: - lib.recursiveUpdate { - useACMEHost = domain; - forceSSL = true; - kTLS = true; - } config; + commonVHostConfig = { + useACMEHost = acmeHost; + forceSSL = true; + kTLS = true; + }; in - lib.mapAttrs mkVHostConfig domains; - - # Split DNS utilities for unbound - # Generates unbound view config from a list of DNS entries - mkSplitDNS = - entries: - let - # Generate local-data entries for all domains - tailscaleData = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') entries; - lanData = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') entries; - in - [ - # Single Tailscale view with all domains - { - name = "tailscale"; - view-first = true; - local-zone = ''"baduhai.dev." transparent''; - local-data = tailscaleData; - } - # Single LAN view with all domains - { - name = "lan"; - view-first = true; - local-zone = ''"baduhai.dev." transparent''; - local-data = lanData; - } - ]; + lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) domains; }