diff --git a/.gitignore b/.gitignore index 73105bb..21fb0b6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,13 +1,3 @@ -# Nix build outputs -result -result-* +result/ .direnv/ -oci-trantor/ -tailscale-tailnet/ -cloudflare-baduhaidev - -# Personal notes and temporary files -todo.md -notes.md -scratch/ -tmp/ +.pre-commit-config.yaml diff --git a/deploy.nix b/deploy.nix deleted file mode 100644 index 187c92f..0000000 --- a/deploy.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ inputs, self, ... }: -{ - flake.deploy = { - remoteBuild = true; - nodes = { - alexandria = { - hostname = "alexandria"; - profiles.system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; - user = "root"; - }; - }; - - trantor = { - hostname = "trantor"; - profiles.system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.trantor; - user = "root"; - }; - }; - - io = { - hostname = "io"; - profiles = { - system = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.io; - user = "root"; - remoteBuild = false; - }; - user = { - sshUser = "user"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations."user@io"; - user = "user"; - remoteBuild = false; - }; - }; - }; - }; - }; - perSystem = - { system, ... }: - { - checks = inputs.deploy-rs.lib.${system}.deployChecks self.deploy; - }; -} diff --git a/devShells.nix b/devShells.nix deleted file mode 100644 index f7e9627..0000000 --- a/devShells.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ inputs, ... }: - -{ - perSystem = - { pkgs, system, ... }: - { - devShells.default = pkgs.mkShell { - packages = with pkgs; [ - inputs.agenix.packages.${system}.default - deploy-rs - nil - nixfmt-rfc-style - ]; - }; - }; -} diff --git a/flake.lock b/flake.lock index 27c3580..e60ffe3 100644 --- a/flake.lock +++ b/flake.lock @@ -5,16 +5,16 @@ "darwin": "darwin", "home-manager": "home-manager", "nixpkgs": [ - "nixpkgs-stable" + "nixpkgs" ], "systems": "systems" }, "locked": { - "lastModified": 1761656077, - "narHash": "sha256-lsNWuj4Z+pE7s0bd2OKicOFq9bK86JE0ZGeKJbNqb94=", + "lastModified": 1736955230, + "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", "owner": "ryantm", "repo": "agenix", - "rev": "9ba0d85de3eaa7afeab493fed622008b6e4924f5", + "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", "type": "github" }, "original": { @@ -28,11 +28,11 @@ "fromYaml": "fromYaml" }, "locked": { - "lastModified": 1755819240, - "narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=", + "lastModified": 1732200724, + "narHash": "sha256-+R1BH5wHhfnycySb7Sy5KbYEaTJZWm1h+LW1OtyhiTs=", "owner": "SenchoPens", "repo": "base16.nix", - "rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6", + "rev": "153d52373b0fb2d343592871009a286ec8837aec", "type": "github" }, "original": { @@ -44,28 +44,27 @@ "base16-fish": { "flake": false, "locked": { - "lastModified": 1754405784, - "narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=", + "lastModified": 1622559957, + "narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", "owner": "tomyun", "repo": "base16-fish", - "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", + "rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", "type": "github" }, "original": { "owner": "tomyun", "repo": "base16-fish", - "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", "type": "github" } }, "base16-helix": { "flake": false, "locked": { - "lastModified": 1752979451, - "narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=", + "lastModified": 1736852337, + "narHash": "sha256-esD42YdgLlEh7koBrSqcT7p2fsMctPAcGl/+2sYJa2o=", "owner": "tinted-theming", "repo": "base16-helix", - "rev": "27cf1e66e50abc622fb76a3019012dc07c678fac", + "rev": "03860521c40b0b9c04818f2218d9cc9efc21e7a5", "type": "github" }, "original": { @@ -91,28 +90,6 @@ "type": "github" } }, - "blueprint": { - "inputs": { - "nixpkgs": [ - "nix-ai-tools", - "nixpkgs" - ], - "systems": "systems_3" - }, - "locked": { - "lastModified": 1763308703, - "narHash": "sha256-O9Y+Wer8wOh+N+4kcCK5p/VLrXyX+ktk0/s3HdZvJzk=", - "owner": "numtide", - "repo": "blueprint", - "rev": "5a9bba070f801d63e2af3c9ef00b86b212429f4f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "blueprint", - "type": "github" - } - }, "darwin": { "inputs": { "nixpkgs": [ @@ -121,11 +98,11 @@ ] }, "locked": { - "lastModified": 1744478979, - "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "type": "github" }, "original": { @@ -138,15 +115,17 @@ "deploy-rs": { "inputs": { "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs", + "nixpkgs": [ + "nixpkgs" + ], "utils": "utils" }, "locked": { - "lastModified": 1756719547, - "narHash": "sha256-N9gBKUmjwRKPxAafXEk1EGadfk2qDZPBQp4vXWPHINQ=", + "lastModified": 1727447169, + "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=", "owner": "serokell", "repo": "deploy-rs", - "rev": "125ae9e3ecf62fb2c0fd4f2d894eb971f1ecaed2", + "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76", "type": "github" }, "original": { @@ -155,32 +134,14 @@ "type": "github" } }, - "disko": { - "inputs": { - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1761899396, - "narHash": "sha256-XOpKBp6HLzzMCbzW50TEuXN35zN5WGQREC7n34DcNMM=", - "owner": "nix-community", - "repo": "disko", - "rev": "6f4cf5abbe318e4cd1e879506f6eeafd83f7b998", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "disko", - "type": "github" - } - }, "firefox-gnome-theme": { "flake": false, "locked": { - "lastModified": 1758112371, - "narHash": "sha256-lizRM2pj6PHrR25yimjyFn04OS4wcdbc38DCdBVa2rk=", + "lastModified": 1736899990, + "narHash": "sha256-S79Hqn2EtSxU4kp99t8tRschSifWD4p/51++0xNWUxw=", "owner": "rafaelmardojai", "repo": "firefox-gnome-theme", - "rev": "0909cfe4a2af8d358ad13b20246a350e14c2473d", + "rev": "91ca1f82d717b02ceb03a3f423cbe8082ebbb26d", "type": "github" }, "original": { @@ -190,6 +151,38 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1733328505, @@ -205,92 +198,16 @@ "type": "github" } }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1761588595, - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1762040540, - "narHash": "sha256-z5PlZ47j50VNF3R+IMS9LmzI5fYRGY/Z5O5tol1c9I4=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "0010412d62a25d959151790968765a70c436598b", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { - "inputs": { - "nixpkgs-lib": [ - "stylix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1756770412, - "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "4524271976b625a4a605beefd893f270620fd751", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_3": { - "inputs": { - "nixpkgs-lib": [ - "terranix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1736143030, - "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-utils": { "inputs": { - "systems": "systems_4" + "systems": "systems_3" }, "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", "owner": "numtide", "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", "type": "github" }, "original": { @@ -301,7 +218,10 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_8" + "systems": [ + "stylix", + "systems" + ] }, "locked": { "lastModified": 1731533236, @@ -317,6 +237,24 @@ "type": "github" } }, + "flake-utils_3": { + "inputs": { + "systems": "systems_5" + }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "fromYaml": { "flake": false, "locked": { @@ -333,19 +271,67 @@ "type": "github" } }, + "git-hooks": { + "inputs": { + "flake-compat": [ + "stylix", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1735882644, + "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "stylix", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "gnome-shell": { "flake": false, "locked": { - "lastModified": 1748186689, - "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", + "lastModified": 1732369855, + "narHash": "sha256-JhUWbcYPjHO3Xs3x9/Z9RuqXbcp5yhPluGjwsdE2GMg=", "owner": "GNOME", "repo": "gnome-shell", - "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", + "rev": "dadd58f630eeea41d645ee225a63f719390829dc", "type": "github" }, "original": { "owner": "GNOME", - "ref": "48.2", + "ref": "47.2", "repo": "gnome-shell", "type": "github" } @@ -358,11 +344,11 @@ ] }, "locked": { - "lastModified": 1745494811, - "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", "owner": "nix-community", "repo": "home-manager", - "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", "type": "github" }, "original": { @@ -371,6 +357,27 @@ "type": "github" } }, + "home-manager-stable": { + "inputs": { + "nixpkgs": [ + "nixpkgs-stable" + ] + }, + "locked": { + "lastModified": 1736373539, + "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.11", + "repo": "home-manager", + "type": "github" + } + }, "home-manager_2": { "inputs": { "nixpkgs": [ @@ -378,11 +385,11 @@ ] }, "locked": { - "lastModified": 1762178366, - "narHash": "sha256-I+8yE5HVR2SFcHnW0771psQ/zn0qVzsKHY/gUM0nEVM=", + "lastModified": 1738448366, + "narHash": "sha256-4ATtQqBlgsGqkHTemta0ydY6f7JBRXz4Hf574NHQpkg=", "owner": "nix-community", "repo": "home-manager", - "rev": "8c824254b1ed9e797f6235fc3c62f365893c561a", + "rev": "18fa9f323d8adbb0b7b8b98a8488db308210ed93", "type": "github" }, "original": { @@ -395,16 +402,16 @@ "home-manager_3": { "inputs": { "nixpkgs": [ - "zen-browser", + "stylix", "nixpkgs" ] }, "locked": { - "lastModified": 1752603129, - "narHash": "sha256-S+wmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR+kw=", + "lastModified": 1736785676, + "narHash": "sha256-TY0jUwR3EW0fnS0X5wXMAVy6h4Z7Y6a3m+Yq++C9AyE=", "owner": "nix-community", "repo": "home-manager", - "rev": "e8c19a3cec2814c754f031ab3ae7316b64da085b", + "rev": "fc52a210b60f2f52c74eac41a8647c1573d2071d", "type": "github" }, "original": { @@ -413,6 +420,43 @@ "type": "github" } }, + "home-manager_4": { + "inputs": { + "nixpkgs": [ + "tritanium-shell", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730837930, + "narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "2f607e07f3ac7e53541120536708e824acccfaa8", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "homepage": { + "flake": false, + "locked": { + "lastModified": 1727121984, + "narHash": "sha256-sbpLXaFeyIBrGbuw58jwxDcMupFqlqmPGO5/QUgI9eg=", + "owner": "AlexW00", + "repo": "StartTreeV2", + "rev": "cfb8b97b14b23b094878867bef94e3c17a144f3f", + "type": "github" + }, + "original": { + "owner": "AlexW00", + "repo": "StartTreeV2", + "type": "github" + } + }, "impermanence": { "locked": { "lastModified": 1737831083, @@ -428,130 +472,34 @@ "type": "github" } }, - "niri": { - "inputs": { - "nixpkgs": "nixpkgs_3", - "rust-overlay": "rust-overlay" - }, - "locked": { - "lastModified": 1760963745, - "narHash": "sha256-FVf9YFw2wQnMAxvMxEk+vFakXhPQUSapDpGmlLzAxjg=", - "owner": "baduhai", - "repo": "niri", - "rev": "dd3e3d1009991ecd87ab7253c9e7696acf2bc943", - "type": "github" - }, - "original": { - "owner": "baduhai", - "ref": "auto-center-when-space-available", - "repo": "niri", - "type": "github" - } - }, - "niri-flake": { - "inputs": { - "niri-stable": "niri-stable", - "niri-unstable": "niri-unstable", - "nixpkgs": "nixpkgs_4", - "nixpkgs-stable": "nixpkgs-stable", - "xwayland-satellite-stable": "xwayland-satellite-stable", - "xwayland-satellite-unstable": "xwayland-satellite-unstable" - }, - "locked": { - "lastModified": 1762152856, - "narHash": "sha256-U3SDbk7tIwLChpvb3FL66o8V0byaQ2RGMiy/3oLdxTI=", - "owner": "sodiboo", - "repo": "niri-flake", - "rev": "df17789929ac80f4157b15724450db6a303a6dc9", - "type": "github" - }, - "original": { - "owner": "sodiboo", - "repo": "niri-flake", - "type": "github" - } - }, - "niri-stable": { - "flake": false, - "locked": { - "lastModified": 1756556321, - "narHash": "sha256-RLD89dfjN0RVO86C/Mot0T7aduCygPGaYbog566F0Qo=", - "owner": "YaLTeR", - "repo": "niri", - "rev": "01be0e65f4eb91a9cd624ac0b76aaeab765c7294", - "type": "github" - }, - "original": { - "owner": "YaLTeR", - "ref": "v25.08", - "repo": "niri", - "type": "github" - } - }, - "niri-unstable": { - "flake": false, - "locked": { - "lastModified": 1762146685, - "narHash": "sha256-anRlNG6t7esBbF1+ALDeathVBSclA0PEL52Vo0WnN5g=", - "owner": "YaLTeR", - "repo": "niri", - "rev": "a2ca2b3c866bc781b12c334a9f949b3db6d7c943", - "type": "github" - }, - "original": { - "owner": "YaLTeR", - "repo": "niri", - "type": "github" - } - }, - "nix-ai-tools": { - "inputs": { - "blueprint": "blueprint", - "nixpkgs": "nixpkgs_5", - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1763412165, - "narHash": "sha256-n6bChFrCf2/uHzTsZdABUt1+Ua3n0jinNfamHd5DmBA=", - "owner": "numtide", - "repo": "nix-ai-tools", - "rev": "a2dfa932ed37e5b6224b39b4982c85cd8ebcca14", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "nix-ai-tools", - "type": "github" - } - }, "nix-flatpak": { "locked": { - "lastModified": 1754777568, - "narHash": "sha256-0bBqT+3XncgF8F03RFAamw9vdf0VmaDoIJLTGkjfQZs=", + "lastModified": 1711997201, + "narHash": "sha256-J71xzQlVYsjagA4AsVwRazhBh2rZrPpKvxTgs6UzL7c=", "owner": "gmodena", "repo": "nix-flatpak", - "rev": "62f636b87ef6050760a8cb325cadb90674d1e23e", + "rev": "b76fa31346db7fc958a9898f3c594696ca71c4fd", "type": "github" }, "original": { "owner": "gmodena", - "ref": "main", + "ref": "v0.4.1", "repo": "nix-flatpak", "type": "github" } }, - "nix-index-database": { + "nix-index-db": { "inputs": { "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1762055842, - "narHash": "sha256-Pu1v3mlFhRzZiSxVHb2/i/f5yeYyRNqr0RvEUJ4UgHo=", + "lastModified": 1738466368, + "narHash": "sha256-PZhUjtvQZOH3PO0EYdTpQvcqkgkq1NkP2A6w9SPHYsk=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "359ff6333a7b0b60819d4c20ed05a3a1f726771f", + "rev": "46a8f5fc9552b776bfc5c5c96ea3bede33f68f52", "type": "github" }, "original": { @@ -560,213 +508,103 @@ "type": "github" } }, - "nix-options-doc": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_6", - "rust-overlay": "rust-overlay_2" - }, - "locked": { - "lastModified": 1742115705, - "narHash": "sha256-RfXwJPWBoWswIU68+y/XZfTWtFHd/fK14bKvOlRmfPo=", - "owner": "Thunderbottom", - "repo": "nix-options-doc", - "rev": "2caa4b5756a8666d65d70122f413e295f56886e7", - "type": "github" - }, - "original": { - "owner": "Thunderbottom", - "ref": "v0.2.0", - "repo": "nix-options-doc", - "type": "github" - } - }, - "nixos-cli": { + "nix-minecraft": { "inputs": { "flake-compat": "flake-compat_2", - "nix-options-doc": "nix-options-doc", - "nixpkgs": "nixpkgs_7" + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { - "lastModified": 1761970410, - "narHash": "sha256-IUm2nkbKlDkG94ruTmIYLERpBn6gXydm3scZIKzpcKs=", + "lastModified": 1738547119, + "narHash": "sha256-cc6AfR7W0AavgqA5nHUXRUus4Rr7oPWQNku5nhR4SYs=", + "owner": "Infinidoge", + "repo": "nix-minecraft", + "rev": "5b93268c80c3300dbec0fbbb2b50f674f84a474a", + "type": "github" + }, + "original": { + "owner": "Infinidoge", + "repo": "nix-minecraft", + "type": "github" + } + }, + "nixlib": { + "locked": { + "lastModified": 1736643958, + "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", "owner": "nix-community", - "repo": "nixos-cli", - "rev": "5c259f72ae1eaa00b99354d81130d8fddb7f9a7a", + "repo": "nixpkgs.lib", + "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", "type": "github" }, "original": { "owner": "nix-community", - "repo": "nixos-cli", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": [ + "nixpkgs-stable" + ] + }, + "locked": { + "lastModified": 1737057290, + "narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1743014863, - "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=", - "owner": "NixOS", + "lastModified": 1738410390, + "narHash": "sha256-xvTo0Aw0+veek7hvEVLzErmJyQkEcRk6PSR4zsRQFEc=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f", + "rev": "3a228057f5b619feb3186e986dbe76278d707b6e", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", + "owner": "nixos", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1761765539, - "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, "nixpkgs-stable": { "locked": { - "lastModified": 1761999846, - "narHash": "sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "3de8f8d73e35724bf9abef41f1bdbedda1e14a31", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_2": { - "locked": { - "lastModified": 1761999846, - "narHash": "sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo=", + "lastModified": 1738435198, + "narHash": "sha256-5+Hmo4nbqw8FrW85FlNm4IIrRnZ7bn0cmXlScNsNRLo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3de8f8d73e35724bf9abef41f1bdbedda1e14a31", + "rev": "f6687779bf4c396250831aa5a32cbfeb85bb07a3", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-25.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_10": { - "locked": { - "lastModified": 1762111121, - "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { - "locked": { - "lastModified": 1755615617, - "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "20075955deac2583bb12f07151c2df830ef346b4", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", + "ref": "nixos-24.11", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_2": { "locked": { - "lastModified": 1752596105, - "narHash": "sha256-lFNVsu/mHLq3q11MuGkMhUUoSXEdQjCHvpReaGP1S2k=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "dab3a6e781554f965bde3def0aa2fda4eb8f1708", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1757967192, - "narHash": "sha256-/aA9A/OBmnuOMgwfzdsXRusqzUpd8rQnQY8jtrHK+To=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "0d7c15863b251a7a50265e57c1dca1a7add2e291", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1761907660, - "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { - "locked": { - "lastModified": 1763312402, - "narHash": "sha256-3YJkOBrFpmcusnh7i8GXXEyh7qZG/8F5z5+717550Hk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "85a6c4a07faa12aaccd81b36ba9bfc2bec974fa1", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { - "locked": { - "lastModified": 1740695751, - "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", + "lastModified": 1730785428, + "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6313551cd05425cd5b3e63fe47dbc324eabb15e4", + "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7", "type": "github" }, "original": { @@ -776,186 +614,22 @@ "type": "github" } }, - "nixpkgs_7": { - "locked": { - "lastModified": 1761880412, - "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_8": { - "locked": { - "lastModified": 1761907660, - "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_9": { - "locked": { - "lastModified": 1758690382, - "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e643668fd71b949c53f8626614b21ff71a07379d", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "noctalia": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ], - "quickshell": "quickshell", - "systems": "systems_5" - }, - "locked": { - "lastModified": 1762156721, - "narHash": "sha256-gHfzrTDSnNC5yRJwkZfP55fPHUc8DuB4OQEIBSQSs18=", - "owner": "noctalia-dev", - "repo": "noctalia-shell", - "rev": "5ca5aa602f58a8e0e73fedbef351f1cdf8cbe981", - "type": "github" - }, - "original": { - "owner": "noctalia-dev", - "repo": "noctalia-shell", - "type": "github" - } - }, - "nur": { - "inputs": { - "flake-parts": [ - "stylix", - "flake-parts" - ], - "nixpkgs": [ - "stylix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1758998580, - "narHash": "sha256-VLx0z396gDCGSiowLMFz5XRO/XuNV+4EnDYjdJhHvUk=", - "owner": "nix-community", - "repo": "NUR", - "rev": "ba8d9c98f5f4630bcb0e815ab456afd90c930728", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "NUR", - "type": "github" - } - }, - "quickshell": { - "inputs": { - "nixpkgs": [ - "noctalia", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1761821581, - "narHash": "sha256-nLuc6jA7z+H/6bHPEBSOYPbz7RtvNCZiTKmYItJuBmM=", - "ref": "refs/heads/master", - "rev": "db1777c20b936a86528c1095cbcb1ebd92801402", - "revCount": 699, - "type": "git", - "url": "https://git.outfoxxed.me/outfoxxed/quickshell" - }, - "original": { - "type": "git", - "url": "https://git.outfoxxed.me/outfoxxed/quickshell" - } - }, "root": { "inputs": { "agenix": "agenix", "deploy-rs": "deploy-rs", - "disko": "disko", - "flake-parts": "flake-parts", "home-manager": "home-manager_2", + "home-manager-stable": "home-manager-stable", + "homepage": "homepage", "impermanence": "impermanence", - "niri": "niri", - "niri-flake": "niri-flake", - "nix-ai-tools": "nix-ai-tools", "nix-flatpak": "nix-flatpak", - "nix-index-database": "nix-index-database", - "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_8", - "nixpkgs-stable": "nixpkgs-stable_2", - "noctalia": "noctalia", + "nix-index-db": "nix-index-db", + "nix-minecraft": "nix-minecraft", + "nixos-generators": "nixos-generators", + "nixpkgs": "nixpkgs", + "nixpkgs-stable": "nixpkgs-stable", "stylix": "stylix", - "terranix": "terranix", - "vicinae": "vicinae", - "zen-browser": "zen-browser" - } - }, - "rust-overlay": { - "inputs": { - "nixpkgs": [ - "niri", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1757989933, - "narHash": "sha256-9cpKYWWPCFhgwQTww8S94rTXgg8Q8ydFv9fXM6I8xQM=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "8249aa3442fb9b45e615a35f39eca2fe5510d7c3", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "rust-overlay_2": { - "inputs": { - "nixpkgs": [ - "nixos-cli", - "nix-options-doc", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1740796337, - "narHash": "sha256-FuoXrXZPoJEZQ3PF7t85tEpfBVID9JQIOnVKMNfTAb0=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "bbac9527bc6b28b6330b13043d0e76eac11720dc", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" + "tritanium-shell": "tritanium-shell" } }, "stylix": { @@ -965,23 +639,26 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_2", + "flake-compat": "flake-compat_3", + "flake-utils": "flake-utils_2", + "git-hooks": "git-hooks", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_9", - "nur": "nur", - "systems": "systems_6", + "home-manager": "home-manager_3", + "nixpkgs": [ + "nixpkgs-stable" + ], + "systems": "systems_4", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", - "tinted-schemes": "tinted-schemes", "tinted-tmux": "tinted-tmux", "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1762101397, - "narHash": "sha256-wGiL2K3kAyBBmIZpJEskaSIgyzzpg0zwfvri+Sy6/CI=", + "lastModified": 1738278499, + "narHash": "sha256-q1SUyXSQ9znHTME53/vPLe+Ga3V1wW3X3gWfa8JsBUM=", "owner": "danth", "repo": "stylix", - "rev": "8c0640d5722a02178c8ee80a62c5f019cab4b3c1", + "rev": "b00c9f46ae6c27074d24d2db390f0ac5ebcc329f", "type": "github" }, "original": { @@ -1052,83 +729,16 @@ }, "systems_5": { "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", "type": "github" }, "original": { "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_6": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_7": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_8": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "terranix": { - "inputs": { - "flake-parts": "flake-parts_3", - "nixpkgs": [ - "nixpkgs" - ], - "systems": "systems_7" - }, - "locked": { - "lastModified": 1762161791, - "narHash": "sha256-J1L1yP29NVBJO04LA/JGM6kwhnjeNhEsX0tLFnuN3FI=", - "owner": "terranix", - "repo": "terranix", - "rev": "a79a47b4617dfb92184e2e5b8f5aa6fc06c659c8", - "type": "github" - }, - "original": { - "owner": "terranix", - "repo": "terranix", + "repo": "default-linux", "type": "github" } }, @@ -1152,43 +762,28 @@ "tinted-kitty": { "flake": false, "locked": { - "lastModified": 1735730497, - "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", + "lastModified": 1716423189, + "narHash": "sha256-2xF3sH7UIwegn+2gKzMpFi3pk5DlIlM18+vj17Uf82U=", "owner": "tinted-theming", "repo": "tinted-kitty", - "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", + "rev": "eb39e141db14baef052893285df9f266df041ff8", "type": "github" }, "original": { "owner": "tinted-theming", "repo": "tinted-kitty", - "type": "github" - } - }, - "tinted-schemes": { - "flake": false, - "locked": { - "lastModified": 1757716333, - "narHash": "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM=", - "owner": "tinted-theming", - "repo": "schemes", - "rev": "317a5e10c35825a6c905d912e480dfe8e71c7559", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "schemes", + "rev": "eb39e141db14baef052893285df9f266df041ff8", "type": "github" } }, "tinted-tmux": { "flake": false, "locked": { - "lastModified": 1757811970, - "narHash": "sha256-n5ZJgmzGZXOD9pZdAl1OnBu3PIqD+X3vEBUGbTi4JiI=", + "lastModified": 1735737224, + "narHash": "sha256-FO2hRBkZsjlIRqzNHCPc/52yxg11kHGA8MEtSun9RwE=", "owner": "tinted-theming", "repo": "tinted-tmux", - "rev": "d217ba31c846006e9e0ae70775b0ee0f00aa6b1e", + "rev": "aead506a9930c717ebf81cc83a2126e9ca08fa64", "type": "github" }, "original": { @@ -1200,11 +795,11 @@ "tinted-zed": { "flake": false, "locked": { - "lastModified": 1757811247, - "narHash": "sha256-4EFOUyLj85NRL3OacHoLGEo0wjiRJzfsXtR4CZWAn6w=", + "lastModified": 1725758778, + "narHash": "sha256-8P1b6mJWyYcu36WRlSVbuj575QWIFZALZMTg5ID/sM4=", "owner": "tinted-theming", "repo": "base16-zed", - "rev": "824fe0aacf82b3c26690d14e8d2cedd56e18404e", + "rev": "122c9e5c0e6f27211361a04fae92df97940eccf9", "type": "github" }, "original": { @@ -1213,24 +808,23 @@ "type": "github" } }, - "treefmt-nix": { + "tritanium-shell": { "inputs": { - "nixpkgs": [ - "nix-ai-tools", - "nixpkgs" - ] + "flake-utils": "flake-utils_3", + "home-manager": "home-manager_4", + "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1762938485, - "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4", + "lastModified": 1738888826, + "narHash": "sha256-xjUMyq7fTidbTwVqKEZ16SZSKECNx7mVDFicQswuZh8=", + "owner": "baduhai", + "repo": "tritanium-shell", + "rev": "d788a288ffc49847849d691824c2f46999b9b864", "type": "github" }, "original": { - "owner": "numtide", - "repo": "treefmt-nix", + "owner": "baduhai", + "repo": "tritanium-shell", "type": "github" } }, @@ -1239,11 +833,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "owner": "numtide", "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "type": "github" }, "original": { @@ -1251,77 +845,6 @@ "repo": "flake-utils", "type": "github" } - }, - "vicinae": { - "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_10" - }, - "locked": { - "lastModified": 1762709887, - "narHash": "sha256-8BoGGsWfkS/2ODBSCYd5HJNFGuLY8fFl27rXmWClXQw=", - "owner": "vicinaehq", - "repo": "vicinae", - "rev": "54722e36137d8273ef0a5db37776fb8302c79238", - "type": "github" - }, - "original": { - "owner": "vicinaehq", - "repo": "vicinae", - "type": "github" - } - }, - "xwayland-satellite-stable": { - "flake": false, - "locked": { - "lastModified": 1755491097, - "narHash": "sha256-m+9tUfsmBeF2Gn4HWa6vSITZ4Gz1eA1F5Kh62B0N4oE=", - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "rev": "388d291e82ffbc73be18169d39470f340707edaa", - "type": "github" - }, - "original": { - "owner": "Supreeeme", - "ref": "v0.7", - "repo": "xwayland-satellite", - "type": "github" - } - }, - "xwayland-satellite-unstable": { - "flake": false, - "locked": { - "lastModified": 1761622056, - "narHash": "sha256-fBrUszJXmB4MY+wf3QsCnqWHcz7u7fLq0QMAWCltIQg=", - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "rev": "0728d59ff6463a502e001fb090f6eb92dbc04756", - "type": "github" - }, - "original": { - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "type": "github" - } - }, - "zen-browser": { - "inputs": { - "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_11" - }, - "locked": { - "lastModified": 1762131860, - "narHash": "sha256-sIPhzkDrfe6ptthZiwoxQyO6rKd9PgJnl+LOyythQkI=", - "owner": "0xc000022070", - "repo": "zen-browser-flake", - "rev": "10e69cb268b1d3dc91135e72f5462b2acfbcc3aa", - "type": "github" - }, - "original": { - "owner": "0xc000022070", - "repo": "zen-browser-flake", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index c5c3880..56c9561 100644 --- a/flake.nix +++ b/flake.nix @@ -2,76 +2,191 @@ description = "My nix hosts"; inputs = { - flake-parts.url = "github:hercules-ci/flake-parts"; - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05"; + nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11"; home-manager = { url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; }; - - agenix = { - url = "github:ryantm/agenix"; + home-manager-stable = { + url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs-stable"; }; - disko.url = "github:nix-community/disko"; - - noctalia = { - url = "github:noctalia-dev/noctalia-shell"; + agenix = { + url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; }; - stylix.url = "github:danth/stylix"; + deploy-rs = { + url = "github:serokell/deploy-rs"; + inputs.nixpkgs.follows = "nixpkgs"; + }; - nixos-cli.url = "github:nix-community/nixos-cli"; - - nix-flatpak.url = "github:gmodena/nix-flatpak/main"; - - zen-browser.url = "github:0xc000022070/zen-browser-flake"; + homepage = { + url = "github:AlexW00/StartTreeV2"; + flake = false; + }; impermanence.url = "github:nix-community/impermanence"; - deploy-rs.url = "github:serokell/deploy-rs"; + nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=v0.4.1"; - niri-flake.url = "github:sodiboo/niri-flake"; - - niri.url = "github:baduhai/niri/auto-center-when-space-available"; - - nix-index-database = { + nix-index-db = { url = "github:nix-community/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; }; - terranix = { - url = "github:terranix/terranix"; + nix-minecraft = { + url = "github:Infinidoge/nix-minecraft"; inputs.nixpkgs.follows = "nixpkgs"; }; - nix-ai-tools.url = "github:numtide/nix-ai-tools"; + nixos-generators = { + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs-stable"; + }; - vicinae.url = "github:vicinaehq/vicinae"; + stylix = { + url = "github:danth/stylix"; + inputs.nixpkgs.follows = "nixpkgs-stable"; + }; + + tritanium-shell.url = "github:baduhai/tritanium-shell"; }; outputs = - inputs@{ flake-parts, ... }: - flake-parts.lib.mkFlake { inherit inputs; } { - systems = [ - "x86_64-linux" - "aarch64-linux" - ]; + inputs@{ + self, + nixpkgs, + nixpkgs-stable, + home-manager, + home-manager-stable, + agenix, + deploy-rs, + homepage, + impermanence, + nix-flatpak, + nix-index-db, + nix-minecraft, + nixos-generators, + stylix, + tritanium-shell, + ... + }: + { + nixosConfigurations = { + rotterdam = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit inputs; + }; + modules = [ + ./hosts/desktops/rotterdam.nix + agenix.nixosModules.default + home-manager.nixosModules.default + impermanence.nixosModules.impermanence + nix-index-db.nixosModules.nix-index + nix-flatpak.nixosModules.nix-flatpak + stylix.nixosModules.stylix + { + nixpkgs.overlays = [ + agenix.overlays.default + self.overlays.custom + ]; + } + ]; + }; - imports = [ - ./deploy.nix - ./devShells.nix - ./homeConfigurations.nix - ./nixosConfigurations.nix - ./nixosModules.nix - ./overlays.nix - ./packages.nix - ./terranixConfigurations.nix - ]; + io = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit inputs; + }; + modules = [ + ./hosts/desktops/io.nix + agenix.nixosModules.default + home-manager.nixosModules.default + impermanence.nixosModules.impermanence + nix-index-db.nixosModules.nix-index + nix-flatpak.nixosModules.nix-flatpak + stylix.nixosModules.stylix + { + nixpkgs.overlays = [ + agenix.overlays.default + self.overlays.custom + ]; + } + ]; + }; + + alexandria = nixpkgs-stable.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit inputs; + }; + modules = [ + ./hosts/servers/alexandria.nix + agenix.nixosModules.default + home-manager-stable.nixosModules.default + self.nixosModules.qbittorrent + ({ + nixpkgs.overlays = [ + agenix.overlays.default + nix-minecraft.overlay + ]; + imports = [ nix-minecraft.nixosModules.minecraft-servers ]; + }) + ]; + }; + }; + + overlays = { + custom = final: prev: { + plasticity = nixpkgs.legacyPackages."x86_64-linux".callPackage ./packages/plasticity.nix { }; + }; + }; + + deploy = { + autoRollback = true; + magicRollback = false; + nodes = { + alexandria = { + hostname = "alexandria"; + profiles = { + system = { + user = "root"; + sshUser = "root"; + remoteBuild = true; + path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.alexandria; + }; + }; + }; + + io = { + hostname = "io"; + profiles = { + system = { + user = "root"; + sshUser = "root"; + remoteBuild = false; + path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.io; + }; + }; + }; + }; + }; + + formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style; + + devShells."x86_64-linux".default = nixpkgs.legacyPackages."x86_64-linux".mkShell { + packages = with nixpkgs.legacyPackages."x86_64-linux"; [ + nil + nixfmt-rfc-style + ]; + }; + + nixosModules.qbittorrent = import ./modules/qbittorrent.nix; }; } diff --git a/homeConfigurations.nix b/homeConfigurations.nix deleted file mode 100644 index 296abfa..0000000 --- a/homeConfigurations.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ inputs, ... }: - -let - lib = inputs.nixpkgs.lib; - utils = import ./utils.nix { inherit inputs lib; }; - inherit (utils) mkHome; -in - -{ - flake.homeConfigurations = { - "user@rotterdam" = mkHome { - username = "user"; - hostname = "rotterdam"; - tags = [ - "desktop" - "btop" - "comma" - "direnv" - "gaming" - "helix" - "obs-studio" - "starship" - "stylix" - "tmux" - ]; - }; - - "user@io" = mkHome { - username = "user"; - hostname = "io"; - tags = [ - "desktop" - "btop" - "comma" - "direnv" - "helix" - "starship" - "stylix" - "tmux" - ]; - }; - }; -} diff --git a/hosts/alexandria/jellyfin.nix b/hosts/alexandria/jellyfin.nix deleted file mode 100644 index 6ceac09..0000000 --- a/hosts/alexandria/jellyfin.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ lib, inputs, ... }: -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in -{ - services.jellyfin = { - enable = true; - openFirewall = true; - }; - - services.nginx.virtualHosts = mkNginxVHosts { - domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; - }; -} diff --git a/hosts/alexandria/kanidm.nix b/hosts/alexandria/kanidm.nix deleted file mode 100644 index eaaa9b9..0000000 --- a/hosts/alexandria/kanidm.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ - config, - lib, - inputs, - pkgs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; - kanidmCertDir = "/var/lib/kanidm/certs"; -in - -{ - services.kanidm = { - enableServer = true; - enableClient = true; - package = pkgs.kanidm; - - serverSettings = { - domain = "auth.baduhai.dev"; - origin = "https://auth.baduhai.dev"; - bindaddress = "127.0.0.1:8443"; - ldapbindaddress = "127.0.0.1:636"; - trust_x_forward_for = true; - # Use self-signed certificates for internal TLS - tls_chain = "${kanidmCertDir}/cert.pem"; - tls_key = "${kanidmCertDir}/key.pem"; - }; - - clientSettings = { - uri = "https://auth.baduhai.dev"; - }; - }; - - services.nginx.virtualHosts = mkNginxVHosts { - domains."auth.baduhai.dev" = { - locations."/" = { - proxyPass = "https://127.0.0.1:8443"; - extraConfig = '' - proxy_ssl_verify off; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $host; - ''; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ 636 ]; - - # Generate self-signed certificates for kanidm's internal TLS - systemd.services.kanidm-generate-certs = { - description = "Generate self-signed TLS certificates for Kanidm"; - wantedBy = [ "multi-user.target" ]; - before = [ "kanidm.service" ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - mkdir -p ${kanidmCertDir} - if [ ! -f ${kanidmCertDir}/key.pem ]; then - ${pkgs.openssl}/bin/openssl req -x509 -newkey rsa:4096 \ - -keyout ${kanidmCertDir}/key.pem \ - -out ${kanidmCertDir}/cert.pem \ - -days 3650 -nodes \ - -subj "/CN=localhost" \ - -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" - chown -R kanidm:kanidm ${kanidmCertDir} - chmod 600 ${kanidmCertDir}/key.pem - chmod 644 ${kanidmCertDir}/cert.pem - fi - ''; - }; - - # Ensure certificate generation runs before kanidm starts - systemd.services.kanidm = { - after = [ "kanidm-generate-certs.service" ]; - wants = [ "kanidm-generate-certs.service" ]; - }; -} diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix deleted file mode 100644 index 274f645..0000000 --- a/hosts/alexandria/nginx.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts services; - - # Get all unique domains from shared services that have LAN IPs (served by this host) - localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "alexandria") services)); - - # Generate ACME cert configs for all local domains - acmeCerts = lib.genAttrs localDomains (domain: { - group = "nginx"; - }); -in - -{ - security.acme = { - acceptTerms = true; - defaults = { - email = "baduhai@proton.me"; - dnsResolver = "1.1.1.1:53"; - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets.cloudflare.path; - }; - certs = acmeCerts; - }; - - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts = { - "_" = { - default = true; - locations."/".return = "444"; - }; - }; - }; - - users.users.nginx.extraGroups = [ "acme" ]; - - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; - - age.secrets.cloudflare = { - file = ../../secrets/cloudflare.age; - owner = "nginx"; - group = "nginx"; - }; -} diff --git a/hosts/alexandria/unbound.nix b/hosts/alexandria/unbound.nix deleted file mode 100644 index 31363aa..0000000 --- a/hosts/alexandria/unbound.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ inputs, lib, ... }: - -let - utils = import ../../utils.nix { inherit inputs lib; }; -in - -{ - services.unbound = { - enable = true; - enableRootTrustAnchor = true; - settings = { - server = { - interface = [ - "0.0.0.0" - "::" - ]; - access-control = [ - "127.0.0.0/8 allow" - "192.168.0.0/16 allow" - "::1/128 allow" - ]; - - num-threads = 2; - msg-cache-size = "50m"; - rrset-cache-size = "100m"; - cache-min-ttl = 300; - cache-max-ttl = 86400; - prefetch = true; - prefetch-key = true; - hide-identity = true; - hide-version = true; - so-rcvbuf = "1m"; - so-sndbuf = "1m"; - - # LAN-only DNS records - local-zone = ''"baduhai.dev." transparent''; - local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') - (lib.filter (e: e ? lanIP) utils.services); - }; - - forward-zone = [ - { - name = "."; - forward-addr = [ - "1.1.1.1@853#cloudflare-dns.com" - "1.0.0.1@853#cloudflare-dns.com" - ]; - forward-tls-upstream = true; - } - ]; - }; - }; - - networking.firewall = { - allowedTCPPorts = [ 53 ]; - allowedUDPPorts = [ 53 ]; - }; -} diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix deleted file mode 100644 index 2335ee0..0000000 --- a/hosts/alexandria/vaultwarden.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in -{ - services.vaultwarden = { - enable = true; - config = { - DOMAIN = "https://pass.baduhai.dev"; - SIGNUPS_ALLOWED = false; - ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = 58222; - }; - }; - - services.nginx.virtualHosts = mkNginxVHosts { - domains."pass.baduhai.dev".locations."/".proxyPass = - "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; - }; -} diff --git a/hosts/modules/common/boot.nix b/hosts/common/boot.nix similarity index 95% rename from hosts/modules/common/boot.nix rename to hosts/common/boot.nix index fbba278..651c90c 100644 --- a/hosts/modules/common/boot.nix +++ b/hosts/common/boot.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ ... }: { boot = { diff --git a/hosts/modules/common/console.nix b/hosts/common/console.nix similarity index 100% rename from hosts/modules/common/console.nix rename to hosts/common/console.nix diff --git a/hosts/common/default.nix b/hosts/common/default.nix new file mode 100644 index 0000000..aeb88ef --- /dev/null +++ b/hosts/common/default.nix @@ -0,0 +1,17 @@ +{ ... }: + +{ + imports = [ + ./boot.nix + ./console.nix + ./locale.nix + ./networking.nix + ./nix.nix + ./packages.nix + ./security.nix + ./services.nix + ./users.nix + ./virtualisation.nix + ./environment.nix + ]; +} diff --git a/hosts/common/environment.nix b/hosts/common/environment.nix new file mode 100644 index 0000000..43d1dee --- /dev/null +++ b/hosts/common/environment.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: + +{ + environment.shellAliases = { + ls = "${pkgs.eza}/bin/eza --icons --group-directories-first"; + neofetch = "fastfetch"; + tree = "ls --tree"; + syscleanup = "sudo nix-collect-garbage -d; sudo /run/current-system/bin/switch-to-configuration boot"; + }; +} diff --git a/hosts/modules/common/locale.nix b/hosts/common/locale.nix similarity index 93% rename from hosts/modules/common/locale.nix rename to hosts/common/locale.nix index 1171a32..7e07d85 100644 --- a/hosts/modules/common/locale.nix +++ b/hosts/common/locale.nix @@ -7,7 +7,6 @@ defaultLocale = "en_US.UTF-8"; extraLocaleSettings = { LC_ADDRESS = "pt_BR.utf8"; - LC_COLLATE = "pt_BR.utf8"; LC_IDENTIFICATION = "pt_BR.utf8"; LC_MEASUREMENT = "pt_BR.utf8"; LC_MONETARY = "pt_BR.utf8"; diff --git a/hosts/modules/common/firewall.nix b/hosts/common/networking.nix similarity index 65% rename from hosts/modules/common/firewall.nix rename to hosts/common/networking.nix index 910e803..fdb6378 100644 --- a/hosts/modules/common/firewall.nix +++ b/hosts/common/networking.nix @@ -2,7 +2,7 @@ { networking = { + networkmanager.enable = true; firewall.enable = true; - nftables.enable = true; }; } diff --git a/hosts/modules/common/nix.nix b/hosts/common/nix.nix similarity index 72% rename from hosts/modules/common/nix.nix rename to hosts/common/nix.nix index 5ef9c4c..4253f7b 100644 --- a/hosts/modules/common/nix.nix +++ b/hosts/common/nix.nix @@ -1,8 +1,6 @@ -{ inputs, ... }: +{ ... }: { - imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; - nix = { settings = { auto-optimise-store = true; @@ -26,13 +24,5 @@ buildDocs = false; }; - services.nixos-cli = { - enable = true; - config = { - use_nvd = true; - ignore_dirty_tree = true; - }; - }; - system.stateVersion = "22.11"; } diff --git a/hosts/common/packages.nix b/hosts/common/packages.nix new file mode 100644 index 0000000..16463b3 --- /dev/null +++ b/hosts/common/packages.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + agenix + bind + btop + fastfetch + git + helix + killall + sysz + tmux + wget + ]; + + programs = { + fish.enable = true; + command-not-found.enable = false; + }; +} diff --git a/hosts/modules/common/security.nix b/hosts/common/security.nix similarity index 100% rename from hosts/modules/common/security.nix rename to hosts/common/security.nix diff --git a/hosts/modules/desktop/services.nix b/hosts/common/services.nix similarity index 50% rename from hosts/modules/desktop/services.nix rename to hosts/common/services.nix index 66b78f1..2cfb61e 100644 --- a/hosts/modules/desktop/services.nix +++ b/hosts/common/services.nix @@ -1,9 +1,14 @@ -{ pkgs, ... }: +{ ... }: { services = { - printing.enable = true; - udev.packages = with pkgs; [ yubikey-personalization ]; + fwupd.enable = true; + fstrim.enable = true; + tailscale = { + enable = true; + extraUpFlags = [ "--operator=user" ]; + }; + openssh.enable = true; keyd = { enable = true; keyboards.all = { diff --git a/hosts/modules/common/users.nix b/hosts/common/users.nix similarity index 58% rename from hosts/modules/common/users.nix rename to hosts/common/users.nix index 7dd6490..41d2253 100644 --- a/hosts/modules/common/users.nix +++ b/hosts/common/users.nix @@ -7,17 +7,21 @@ shell = pkgs.fish; extraGroups = [ "networkmanager" + "docker" "wheel" ]; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcwF1yuWEfYGScNocEbs0AmGxyTIzGc4/IhpU587SJE" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL" ]; hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; }; root = { shell = pkgs.fish; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcwF1yuWEfYGScNocEbs0AmGxyTIzGc4/IhpU587SJE" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL" + ]; hashedPassword = "!"; }; }; diff --git a/hosts/modules/podman.nix b/hosts/common/virtualisation.nix similarity index 91% rename from hosts/modules/podman.nix rename to hosts/common/virtualisation.nix index 99018cc..1235555 100644 --- a/hosts/modules/podman.nix +++ b/hosts/common/virtualisation.nix @@ -3,6 +3,7 @@ { virtualisation.podman = { enable = true; + dockerCompat = true; autoPrune.enable = true; extraPackages = [ pkgs.podman-compose ]; }; diff --git a/hosts/modules/desktop/boot.nix b/hosts/desktops/common/boot.nix similarity index 100% rename from hosts/modules/desktop/boot.nix rename to hosts/desktops/common/boot.nix diff --git a/hosts/desktops/common/default.nix b/hosts/desktops/common/default.nix new file mode 100644 index 0000000..bc5dc51 --- /dev/null +++ b/hosts/desktops/common/default.nix @@ -0,0 +1,16 @@ +{ ... }: + +{ + imports = [ + ./boot.nix + ./hardware.nix + ./home-manager.nix + ./impermanence.nix + ./nix.nix + ./packages.nix + ./services.nix + ./stylix.nix + ./users.nix + ./virtualisation.nix + ]; +} diff --git a/hosts/desktops/common/hardware.nix b/hosts/desktops/common/hardware.nix new file mode 100644 index 0000000..18cf38f --- /dev/null +++ b/hosts/desktops/common/hardware.nix @@ -0,0 +1,13 @@ +{ ... }: + +{ + hardware = { + xpadneo.enable = true; + bluetooth.enable = true; + steam-hardware.enable = true; # Allow steam client to manage controllers + graphics.enable32Bit = true; # For OpenGL games + i2c.enable = true; + }; + + security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority +} diff --git a/hosts/desktops/common/home-manager.nix b/hosts/desktops/common/home-manager.nix new file mode 100644 index 0000000..6046b3a --- /dev/null +++ b/hosts/desktops/common/home-manager.nix @@ -0,0 +1,15 @@ +{ inputs, ... }: + +{ + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + backupFileExtension = "bkp"; + users.user = { + imports = [ + ../../../users/desktops/user.nix + inputs.tritanium-shell.homeManagerModules.default + ]; + }; + }; +} diff --git a/hosts/modules/ephemeral.nix b/hosts/desktops/common/impermanence.nix similarity index 52% rename from hosts/modules/ephemeral.nix rename to hosts/desktops/common/impermanence.nix index cad5f41..d1ceacc 100644 --- a/hosts/modules/ephemeral.nix +++ b/hosts/desktops/common/impermanence.nix @@ -1,21 +1,6 @@ -{ config, inputs, ... }: +{ ... }: { - imports = [ - inputs.impermanence.nixosModules.impermanence - inputs.self.nixosModules.ephemeral - ]; - - ephemeral = { - enable = true; - rootDevice = - if config.networking.hostName == "trantor" then - "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2" - else - "/dev/mapper/cryptroot"; - rootSubvolume = "@root"; - }; - environment.persistence.main = { persistentStoragePath = "/persistent"; files = [ @@ -26,16 +11,13 @@ "/etc/ssh/ssh_host_rsa_key.pub" ]; directories = [ - "/etc/NetworkManager/system-connections" - "/etc/nixos" - "/var/lib/bluetooth" - "/var/lib/flatpak" - "/var/lib/lxd" - "/var/lib/nixos" - "/var/lib/systemd/coredump" - "/var/lib/systemd/timers" - "/var/lib/tailscale" "/var/log" + "/var/lib/bluetooth" + "/var/lib/nixos" + "/var/lib/flatpak" + "/var/lib/tailscale" + "/var/lib/systemd/coredump" + "/etc/NetworkManager/system-connections" ]; }; } diff --git a/hosts/modules/desktop/nix.nix b/hosts/desktops/common/nix.nix similarity index 100% rename from hosts/modules/desktop/nix.nix rename to hosts/desktops/common/nix.nix diff --git a/hosts/desktops/common/packages.nix b/hosts/desktops/common/packages.nix new file mode 100644 index 0000000..6fb9738 --- /dev/null +++ b/hosts/desktops/common/packages.nix @@ -0,0 +1,139 @@ +{ pkgs, ... }: +let + kdepkgs = with pkgs.kdePackages; [ + ark + dolphin-plugins + kolourpaint + ]; + kwrite = pkgs.symlinkJoin { + name = "kwrite"; + paths = [ pkgs.kdePackages.kate ]; + postBuild = '' + rm -rf $out/bin/kate \ + $out/bin/.kate-wrapped \ + $out/share/applications/org.kde.kate.desktop \ + $out/share/man \ + $out/share/icons/hicolor/*/apps/kate.png \ + $out/share/icons/hicolor/scalable/apps/kate.svg \ + $out/share/appdata/org.kde.kate.appdata.xml + ''; + }; +in +{ + environment.systemPackages = + with pkgs; + [ + adwaita-icon-theme + aspell + aspellDicts.de + aspellDicts.en + aspellDicts.en-computers + aspellDicts.pt_BR + bat + clonehero + deploy-rs + distrobox + fd + firefox + freecad-wayland + fzf + ghostty + gimp + heroic + inkscape + junction + kara + kde-rounded-corners + kwrite + libfido2 + libreoffice-qt + # lilipod BROKEN + mangohud + microsoft-edge + mission-center + mpv + nextcloud-client + nixfmt-rfc-style + nixos-firewall-tool + nix-init + nix-output-monitor + obsidian + obs-studio + orca-slicer + p7zip + plasma-panel-colorizer + plasticity + protonup + quickemu + quickgui + qview + qbittorrent + ripgrep + rnote + steam-run + tor-browser + ungoogled-chromium + unrar + ventoy + vesktop + ] + ++ kdepkgs; + + services.flatpak = { + enable = true; + packages = [ + "com.github.k4zmu2a.spacecadetpinball" + "com.github.tchx84.Flatseal" + "com.modrinth.ModrinthApp" + "com.steamgriddb.SGDBoop" + "app.zen_browser.zen" + "io.github.Foldex.AdwSteamGtk" + "io.itch.itch" + "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08" + ]; + uninstallUnmanaged = true; + update.auto.enable = true; + }; + + programs = { + adb.enable = true; + steam.enable = true; + dconf.enable = true; + nix-ld.enable = true; + kdeconnect.enable = true; + partition-manager.enable = true; + gamemode.enable = true; + hyprland.enable = true; + nix-index-database.comma.enable = true; + appimage = { + enable = true; + binfmt = true; + }; + nh = { + enable = true; + flake = "/home/user/Projects/personal/nix-config"; + }; + }; + + fonts = { + fontDir.enable = true; + packages = with pkgs; [ + corefonts + noto-fonts-cjk-sans + roboto + nerd-fonts.jetbrains-mono + ]; + }; + + environment.plasma6.excludePackages = ( + with pkgs.kdePackages; + [ + discover + elisa + gwenview + kate + khelpcenter + oxygen + ] + ); +} diff --git a/hosts/desktops/common/services.nix b/hosts/desktops/common/services.nix new file mode 100644 index 0000000..12a64e9 --- /dev/null +++ b/hosts/desktops/common/services.nix @@ -0,0 +1,61 @@ +{ + inputs, + config, + pkgs, + ... +}: + +{ + services = { + printing.enable = true; + udev.packages = with pkgs; [ yubikey-personalization ]; + desktopManager.plasma6.enable = true; + tailscale.useRoutingFeatures = "client"; + nginx = { + enable = true; + virtualHosts."localhost".root = inputs.homepage; + }; + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + wireplumber.enable = true; + }; + greetd = { + enable = true; + settings = { + default_session.command = + let + xSessions = "${config.services.displayManager.sessionData.desktops}/share/xsessions"; + wlSessions = "${config.services.displayManager.sessionData.desktops}/share/wayland-sessions"; + in + '' + ${pkgs.greetd.tuigreet}/bin/tuigreet \ + --remember \ + --asterisks \ + --time \ + --greeting "NixOS" \ + --sessions ${xSessions}:${wlSessions} + ''; + initial_session = { + command = '' + ${pkgs.kdePackages.plasma-workspace}/bin/startplasma-wayland &> /dev/null + ''; + user = "user"; + }; + }; + }; + }; + + xdg.portal = { + enable = true; + xdgOpenUsePortal = true; + extraPortals = with pkgs; [ + xdg-desktop-portal-kde + xdg-desktop-portal-gtk + xdg-desktop-portal-gnome + ]; + }; +} diff --git a/users/modules/stylix.nix b/hosts/desktops/common/stylix.nix similarity index 54% rename from users/modules/stylix.nix rename to hosts/desktops/common/stylix.nix index f1c7e44..f1760b1 100644 --- a/users/modules/stylix.nix +++ b/hosts/desktops/common/stylix.nix @@ -1,30 +1,17 @@ -{ - config, - inputs, - pkgs, - ... -}: +{ config, pkgs, ... }: { - imports = [ - inputs.stylix.homeModules.stylix - inputs.zen-browser.homeModules.beta - ]; - stylix = { enable = true; - polarity = "dark"; - base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyodark.yaml"; - cursor = { - package = pkgs.kdePackages.breeze; - name = "breeze_cursors"; - size = 24; + image = pkgs.fetchurl { + url = "https://w.wallhaven.cc/full/dp/wallhaven-dpwvl3.jpg"; + sha256 = "sha256-h9UeYj8jSRgSv8XL+zgds4KtooLlJ+IqwxZbQEXdCh4="; }; - icons = { - enable = true; - package = pkgs.morewaita-icon-theme; - light = "MoreWaita"; - dark = "MoreWaita"; + base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml"; + cursor = { + package = pkgs.kdePackages.breeze-icons; + name = "Breeze_Light"; + size = 24; }; opacity = { applications = 1.0; @@ -46,7 +33,7 @@ name = "FiraCode Nerd Font"; }; emoji = { - package = pkgs.noto-fonts-color-emoji; + package = pkgs.noto-fonts-emoji; name = "Noto Color Emoji"; }; sizes = { @@ -56,14 +43,5 @@ terminal = 12; }; }; - targets.zen-browser = { - enable = true; - profileNames = [ "william" ]; - }; - }; - - programs.zen-browser = { - enable = true; - profiles.william = { }; }; } diff --git a/hosts/desktops/common/users.nix b/hosts/desktops/common/users.nix new file mode 100644 index 0000000..c62d425 --- /dev/null +++ b/hosts/desktops/common/users.nix @@ -0,0 +1,20 @@ +{ ... }: + +{ + environment.sessionVariables = rec { + KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir + NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland + }; + + users.users.user = { + description = "William"; + extraGroups = [ + "uaccess" # Needed for HID dev + "dialout" # Needed for arduino dev + "libvirt" + "libvirtd" + "adbusers" + "i2c" + ]; + }; +} diff --git a/hosts/desktops/common/virtualisation.nix b/hosts/desktops/common/virtualisation.nix new file mode 100644 index 0000000..461eb36 --- /dev/null +++ b/hosts/desktops/common/virtualisation.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + virtualisation = { + libvirtd.enable = true; + lxd.enable = true; + }; +} diff --git a/hosts/io/services.nix b/hosts/desktops/io.nix similarity index 51% rename from hosts/io/services.nix rename to hosts/desktops/io.nix index df41a6f..1839968 100644 --- a/hosts/io/services.nix +++ b/hosts/desktops/io.nix @@ -1,6 +1,67 @@ { pkgs, ... }: +let + cml-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs { + wttsrc = pkgs.fetchFromGitHub { + owner = "WeirdTreeThing"; + repo = "chromebook-ucm-conf"; + rev = "b6ce2a7"; + hash = "sha256-QRUKHd3RQmg1tnZU8KCW0AmDtfw/daOJ/H3XU5qWTCc="; + }; + postInstall = '' + echo "v0.4.1" > $out/chromebook.patched + cp -R $wttsrc/{common,codecs,platforms} $out/share/alsa/ucm2 + cp -R $wttsrc/{cml,sof-rt5682} $out/share/alsa/ucm2/conf.d + ''; + }; +in { + imports = [ + # Host-common imports + ../common + # Desktop-common imports + ./common + # Host-specific imports + ./io + ]; + + networking.hostName = "io"; + + nix.nixPath = [ "nixos-config=${./io.nix}" ]; + + zramSwap = { + enable = true; + memoryPercent = 100; + }; + + boot = { + # TODO check if future kernel versions fix boot issue with systemd initrd with tpm + initrd.systemd.tpm2.enable = false; + kernelParams = [ + "nosgx" + "i915.fastboot=1" + "mem_sleep_default=deep" + ]; + extraModprobeConfig = '' + options snd-intel-dspcfg dsp_driver=3 + ''; + }; + + environment = { + systemPackages = with pkgs; [ + maliit-keyboard + sof-firmware + ]; + sessionVariables.ALSA_CONFIG_UCM2 = "${cml-ucm-conf}/share/alsa/ucm2"; + }; + + # TODO: remove once gmodena/nix-flatpak/issues/45 fixed + systemd.services."flatpak-managed-install" = { + serviceConfig = { + ExecStartPre = "${pkgs.coreutils}/bin/sleep 5"; + }; + }; + services = { keyd = { enable = true; @@ -39,7 +100,7 @@ f9 = "f10"; f10 = "f11"; f13 = "f12"; - y = "sysrq"; + u = "sysrq"; k = "home"; l = "pageup"; "," = "end"; @@ -48,14 +109,5 @@ }; }; }; - upower.enable = true; - power-profiles-daemon.enable = true; - }; - - # TODO: remove once gmodena/nix-flatpak/issues/45 fixed - systemd.services."flatpak-managed-install" = { - serviceConfig = { - ExecStartPre = "${pkgs.coreutils}/bin/sleep 5"; - }; }; } diff --git a/hosts/desktops/io/default.nix b/hosts/desktops/io/default.nix new file mode 100644 index 0000000..a480ae0 --- /dev/null +++ b/hosts/desktops/io/default.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + imports = [ + ./ephermal.nix + ./hardware-configuration.nix + ]; +} diff --git a/hosts/desktops/io/ephermal.nix b/hosts/desktops/io/ephermal.nix new file mode 100644 index 0000000..35542f8 --- /dev/null +++ b/hosts/desktops/io/ephermal.nix @@ -0,0 +1,46 @@ +{ ... }: + +{ + boot.initrd.systemd.services.recreate-root = { + description = "Rolling over and creating new filesystem root"; + requires = [ "initrd-root-device.target" ]; + after = [ + "local-fs-pre.target" + "initrd-root-device.target" + ]; + requiredBy = [ "initrd-root-fs.target" ]; + before = [ "sysroot.mount" ]; + unitConfig = { + AssertPathExists = "/etc/initrd-release"; + DefaultDependencies = false; + }; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + mkdir /btrfs_tmp + mount /dev/disk/by-uuid/3638cea6-5503-43cc-aa4f-3d37ebedad2f /btrfs_tmp + if [[ -e /btrfs_tmp/@root ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/@root)" "+%Y-%m-%-d_%H:%M:%S") + mv /btrfs_tmp/@root "/btrfs_tmp/old_roots/$timestamp" + fi + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do + delete_subvolume_recursively "$i" + done + + btrfs subvolume create /btrfs_tmp/@root + umount /btrfs_tmp + ''; + }; +} diff --git a/hosts/desktops/io/hardware-configuration.nix b/hosts/desktops/io/hardware-configuration.nix new file mode 100644 index 0000000..037a503 --- /dev/null +++ b/hosts/desktops/io/hardware-configuration.nix @@ -0,0 +1,83 @@ +{ + config, + lib, + modulesPath, + ... +}: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot = { + initrd = { + availableKernelModules = [ + "xhci_pci" + "ahci" + "usb_storage" + "sd_mod" + "sdhci_pci" + ]; + luks.devices."enc" = { + device = "/dev/disk/by-uuid/8018720e-42dd-453c-b374-adaa02eb48c9"; + keyFile = "/dev/disk/by-partuuid/cbc7e305-d32d-4250-b6ae-6a8264ea096e"; + }; + }; + kernelModules = [ "kvm-intel" ]; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/3638cea6-5503-43cc-aa4f-3d37ebedad2f"; + fsType = "btrfs"; + options = [ + "subvol=@root" + "noatime" + "compress=zstd" + ]; + }; + "/home" = { + device = "/dev/disk/by-uuid/3638cea6-5503-43cc-aa4f-3d37ebedad2f"; + fsType = "btrfs"; + options = [ + "subvol=@home" + "noatime" + "compress=zstd" + ]; + }; + "/nix" = { + device = "/dev/disk/by-uuid/3638cea6-5503-43cc-aa4f-3d37ebedad2f"; + fsType = "btrfs"; + options = [ + "subvol=@nix" + "noatime" + "compress=zstd" + ]; + }; + "/persistent" = { + device = "/dev/disk/by-uuid/3638cea6-5503-43cc-aa4f-3d37ebedad2f"; + fsType = "btrfs"; + options = [ + "subvol=@persistent" + "noatime" + "compress=zstd" + ]; + }; + "/boot/efi" = { + device = "/dev/disk/by-uuid/31C9-08FF"; + fsType = "vfat"; + options = [ + "noatime" + "fmask=0077" + "dmask=0077" + ]; + }; + }; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/desktops/rotterdam.nix b/hosts/desktops/rotterdam.nix new file mode 100644 index 0000000..9294f82 --- /dev/null +++ b/hosts/desktops/rotterdam.nix @@ -0,0 +1,90 @@ +{ pkgs, ... }: + +let + qubesnsh = pkgs.writeTextFile { + name = "qubes.nsh"; + text = "HD1f65535a1:EFI\\qubes\\grubx64.efi"; + }; + + reboot-into-qubes = pkgs.makeDesktopItem { + name = "reboot-into-qubes"; + icon = pkgs.fetchurl { + url = "https://raw.githubusercontent.com/vinceliuice/Qogir-icon-theme/31f267e1f5fd4e9596bfd78dfb41a03d3a9f33ee/src/scalable/apps/distributor-logo-qubes.svg"; + sha256 = "sha256-QbHr7s5Wcs7uFtfqZctMyS0iDbMfiiZOKy2nHhDOfn0="; + }; + desktopName = "Qubes OS"; + genericName = "Reboot into Qubes OS"; + categories = [ "System" ]; + startupNotify = true; + exec = pkgs.writeShellScript "reboot-into-qubes" '' + ${pkgs.yad}/bin/yad --form \ + --title="Qubes OS" \ + --image distributor-logo-qubes \ + --text "Are you sure you want to reboot into Qubes OS?" \ + --button="Yes:0" --button="Cancel:1" + if [ $? -eq 0 ]; then + systemctl reboot --boot-loader-entry=qubes.conf + fi + ''; + }; +in +{ + imports = [ + # Host-common imports + ../common + # Desktop-common imports + ./common + # Host-specific imports + ./rotterdam + ]; + + networking.hostName = "rotterdam"; + + services = { + flatpak.packages = [ "net.retrodeck.retrodeck" ]; + keyd = { + enable = true; + keyboards.main = { + ids = [ "5653:0001" ]; + settings.main = { + esc = "overload(meta, esc)"; + }; + }; + }; + }; + + environment.systemPackages = with pkgs; [ reboot-into-qubes ]; + + # hardware.graphics.extraPackages = with pkgs; [ rocmPackages.clr.icd ]; + + systemd.targets.hibernate.enable = false; # disable non-functional hibernate + + nix.nixPath = [ "nixos-config=${./rotterdam.nix}" ]; + + boot = { + kernelParams = [ + "processor.max_cstate=1" # Fixes bug where ryzen cpus freeze when in highest C state + "clearcpuid=514" + # Fixes amdgpu freezing + "amdgpu.noretry=0" + "amdgpu.ppfeaturemask=0xfffd3fff" + "amdgpu.gpu_recovery=1" + "amdgpu.lockup_timeout=1000" + ]; + # QubesOS boot entry + loader.systemd-boot = { + extraFiles = { + "efi/edk2-shell/shell.efi" = "${pkgs.edk2-uefi-shell}/shell.efi"; + "qubes.nsh" = qubesnsh; + }; + extraEntries."qubes.conf" = '' + title Qubes OS + efi /efi/edk2-shell/shell.efi + options -nointerrupt qubes.nsh + sort-key ab + ''; + }; + }; + + programs.steam.dedicatedServer.openFirewall = true; +} diff --git a/hosts/desktops/rotterdam/default.nix b/hosts/desktops/rotterdam/default.nix new file mode 100644 index 0000000..eedd2b4 --- /dev/null +++ b/hosts/desktops/rotterdam/default.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + imports = [ + ./hardware-configuration.nix + ./ephermal.nix + ]; +} diff --git a/hosts/desktops/rotterdam/ephermal.nix b/hosts/desktops/rotterdam/ephermal.nix new file mode 100644 index 0000000..8161a99 --- /dev/null +++ b/hosts/desktops/rotterdam/ephermal.nix @@ -0,0 +1,47 @@ +{ ... }: + +{ + boot.initrd.systemd.services.recreate-root = { + description = "Rolling over and creating new filesystem root"; + requires = [ "initrd-root-device.target" ]; + after = [ + "local-fs-pre.target" + "initrd-root-device.target" + ]; + requiredBy = [ "initrd-root-fs.target" ]; + before = [ "sysroot.mount" ]; + unitConfig = { + AssertPathExists = "/etc/initrd-release"; + DefaultDependencies = false; + }; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + mkdir /btrfs_tmp + mount /dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8 /btrfs_tmp + + if [[ -e /btrfs_tmp/@root ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/@root)" "+%Y-%m-%-d_%H:%M:%S") + mv /btrfs_tmp/@root "/btrfs_tmp/old_roots/$timestamp" + fi + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do + delete_subvolume_recursively "$i" + done + + btrfs subvolume create /btrfs_tmp/@root + umount /btrfs_tmp + ''; + }; +} diff --git a/hosts/rotterdam/hardware-configuration.nix b/hosts/desktops/rotterdam/hardware-configuration.nix similarity index 88% rename from hosts/rotterdam/hardware-configuration.nix rename to hosts/desktops/rotterdam/hardware-configuration.nix index 169c53f..524d0ab 100644 --- a/hosts/rotterdam/hardware-configuration.nix +++ b/hosts/desktops/rotterdam/hardware-configuration.nix @@ -72,8 +72,18 @@ "compress=zstd" ]; }; + "/swap" = { + device = "/dev/disk/by-uuid/3287dbc3-c0fa-4096-a0b3-59b017cfecc8"; + fsType = "btrfs"; + options = [ + "subvol=@swap" + "noatime" + ]; + }; }; + swapDevices = [ { device = "/swap/swapfile"; } ]; + networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/hosts/io/boot.nix b/hosts/io/boot.nix deleted file mode 100644 index 326f7dc..0000000 --- a/hosts/io/boot.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - boot = { - # TODO check if future kernel versions fix boot issue with systemd initrd with tpm - initrd.systemd.tpm2.enable = false; - kernelParams = [ - "nosgx" - "i915.fastboot=1" - "mem_sleep_default=deep" - ]; - extraModprobeConfig = '' - options snd-intel-dspcfg dsp_driver=3 - ''; - }; -} diff --git a/hosts/io/disko.nix b/hosts/io/disko.nix deleted file mode 100644 index 4e6c9d5..0000000 --- a/hosts/io/disko.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.disko.nixosModules.default ]; - - disko.devices.disk.main = { - type = "disk"; - device = "/dev/disk/by-id/mmc-hDEaP3_0x1041b689"; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - start = "1MiB"; - end = "1GiB"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot/efi"; - mountOptions = [ - "noatime" - "fmask=0077" - "dmask=0077" - ]; - }; - }; - cryptroot = { - priority = 2; - name = "root"; - size = "100%"; - content = { - type = "luks"; - name = "cryptroot"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "@root" = { - mountpoint = "/"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@root" - ]; - }; - "@home" = { - mountpoint = "/home"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@home" - ]; - }; - "@nix" = { - mountpoint = "/nix"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@nix" - ]; - }; - "@persistent" = { - mountpoint = "/persistent"; - mountOptions = [ - "noatime" - "compress=zstd" - "subvol=@persistent" - ]; - }; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/io/hardware-configuration.nix b/hosts/io/hardware-configuration.nix deleted file mode 100644 index 8e4dae4..0000000 --- a/hosts/io/hardware-configuration.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - config, - lib, - modulesPath, - inputs, - ... -}: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - initrd = { - availableKernelModules = [ - "xhci_pci" - "ahci" - "usb_storage" - "sd_mod" - "sdhci_pci" - ]; - }; - kernelModules = [ "kvm-intel" ]; - }; - - zramSwap = { - enable = true; - memoryPercent = 100; - }; - - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - - networking.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/io/programs.nix b/hosts/io/programs.nix deleted file mode 100644 index e272d22..0000000 --- a/hosts/io/programs.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ pkgs, ... }: - -let - cml-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs { - wttsrc = pkgs.fetchFromGitHub { - owner = "WeirdTreeThing"; - repo = "chromebook-ucm-conf"; - rev = "b6ce2a7"; - hash = "sha256-QRUKHd3RQmg1tnZU8KCW0AmDtfw/daOJ/H3XU5qWTCc="; - }; - postInstall = '' - echo "v0.4.1" > $out/chromebook.patched - cp -R $wttsrc/{common,codecs,platforms} $out/share/alsa/ucm2 - cp -R $wttsrc/{cml,sof-rt5682} $out/share/alsa/ucm2/conf.d - ''; - }; -in - -{ - environment = { - systemPackages = with pkgs; [ - maliit-keyboard - sof-firmware - ]; - sessionVariables.ALSA_CONFIG_UCM2 = "${cml-ucm-conf}/share/alsa/ucm2"; - }; -} diff --git a/hosts/modules/ai.nix b/hosts/modules/ai.nix deleted file mode 100644 index e2dd9d2..0000000 --- a/hosts/modules/ai.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ inputs, pkgs, ... }: - -{ - environment.systemPackages = with inputs.nix-ai-tools.packages.${pkgs.system}; [ - claude-desktop - claude-code - claudebox - opencode - ]; -} diff --git a/hosts/modules/bluetooth.nix b/hosts/modules/bluetooth.nix deleted file mode 100644 index fb6a06a..0000000 --- a/hosts/modules/bluetooth.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: - -{ - hardware.bluetooth.enable = true; -} diff --git a/hosts/modules/common/openssh.nix b/hosts/modules/common/openssh.nix deleted file mode 100644 index df70bdd..0000000 --- a/hosts/modules/common/openssh.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: - -{ - services.openssh = { - enable = true; - settings.PermitRootLogin = "no"; - extraConfig = '' - PrintLastLog no - ''; - }; -} diff --git a/hosts/modules/common/programs.nix b/hosts/modules/common/programs.nix deleted file mode 100644 index fd10953..0000000 --- a/hosts/modules/common/programs.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ lib, pkgs, ... }: - -{ - environment = { - systemPackages = with pkgs; [ - ### Dev Tools ### - git - ### System Utilities ### - btop - fastfetch - helix - nixos-firewall-tool - nvd - sysz - tmux - wget - yazi - ]; - shellAliases = { - cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; - ls = "${lib.getExe pkgs.eza} --icons --group-directories-first"; - tree = "ls --tree"; - }; - }; - - programs = { - command-not-found.enable = false; - fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - if set -q SSH_CONNECTION - export TERM=xterm-256color - clear - fastfetch - end - ''; - }; - }; -} diff --git a/hosts/modules/common/services.nix b/hosts/modules/common/services.nix deleted file mode 100644 index 89ac527..0000000 --- a/hosts/modules/common/services.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: - -{ - services = { - dbus.implementation = "broker"; - irqbalance.enable = true; - fstrim.enable = true; - }; -} diff --git a/hosts/modules/common/tailscale.nix b/hosts/modules/common/tailscale.nix deleted file mode 100644 index 98bea97..0000000 --- a/hosts/modules/common/tailscale.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - services.tailscale = { - enable = true; - extraUpFlags = [ "--operator=user" ]; - }; -} diff --git a/hosts/modules/desktop/desktop.nix b/hosts/modules/desktop/desktop.nix deleted file mode 100644 index 03ec04b..0000000 --- a/hosts/modules/desktop/desktop.nix +++ /dev/null @@ -1,163 +0,0 @@ -{ - config, - inputs, - lib, - pkgs, - ... -}: - -{ - imports = [ - inputs.niri-flake.nixosModules.niri - inputs.nix-flatpak.nixosModules.nix-flatpak - ]; - - environment = { - sessionVariables = { - KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir - NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland - }; - systemPackages = with pkgs; [ - ### Web ### - bitwarden-desktop - fragments - nextcloud-client - tor-browser - vesktop - inputs.zen-browser.packages."${system}".default - ### Office & Productivity ### - aspell - aspellDicts.de - aspellDicts.en - aspellDicts.en-computers - aspellDicts.pt_BR - libreoffice - onlyoffice-desktopeditors - papers - presenterm - rnote - ### Graphics & Design ### - gimp - inkscape - plasticity - ### System Utilities ### - adwaita-icon-theme - ghostty - gnome-disk-utility - junction - libfido2 - mission-center - nautilus - p7zip - rclone - toggleaudiosink - unrar - ### Media ### - decibels - loupe - obs-studio - showtime - ]; - }; - - services = { - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - wireplumber.enable = true; - }; - greetd = { - enable = true; - settings = { - default_session = { - command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; - user = "greeter"; - }; - } - // lib.optionalAttrs (config.networking.hostName == "io") { - initial_session = { - command = "${config.programs.niri.package}/bin/niri-session"; - user = "user"; - }; - }; - }; - flatpak = { - enable = true; - packages = [ - ### Graphics & Design ### - "com.boxy_svg.BoxySVG" - rec { - appId = "io.github.softfever.OrcaSlicer"; - sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; - bundle = "${pkgs.fetchurl { - url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; - inherit sha256; - }}"; - } - ### System Utilities ### - "com.github.tchx84.Flatseal" - "com.rustdesk.RustDesk" - ]; - uninstallUnmanaged = true; - update.auto.enable = true; - }; - gvfs.enable = true; - }; - - security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority - - users = { - users.greeter = { - isSystemUser = true; - group = "greeter"; - }; - groups.greeter = { }; - }; - - programs = { - niri = { - enable = true; - package = inputs.niri.packages.${pkgs.system}.niri; - }; - kdeconnect = { - enable = true; - package = pkgs.valent; - }; - dconf.enable = true; - appimage = { - enable = true; - binfmt = true; - }; - }; - - niri-flake.cache.enable = false; - - fonts = { - fontDir.enable = true; - packages = with pkgs; [ - corefonts - inter - nerd-fonts.fira-code - noto-fonts-cjk-sans - noto-fonts-color-emoji - roboto - ]; - }; - - xdg.portal = { - extraPortals = with pkgs; [ - xdg-desktop-portal-gnome - xdg-desktop-portal-gtk - ]; - config = { - common.default = "*"; - niri.default = [ - "gtk" - "gnome" - ]; - }; - }; -} diff --git a/hosts/modules/dev.nix b/hosts/modules/dev.nix deleted file mode 100644 index c4cca78..0000000 --- a/hosts/modules/dev.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ pkgs, ... }: - -{ - environment.systemPackages = with pkgs; [ - bat - lazygit - fd - fzf - glow - nixfmt-rfc-style - nix-init - nix-output-monitor - ripgrep - ]; - - programs.adb.enable = true; - - users.users.user.extraGroups = [ "adbusers" ]; -} diff --git a/hosts/modules/fwupd.nix b/hosts/modules/fwupd.nix deleted file mode 100644 index 52dc13e..0000000 --- a/hosts/modules/fwupd.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: - -{ - services.fwupd.enable = true; -} diff --git a/hosts/modules/gaming.nix b/hosts/modules/gaming.nix deleted file mode 100644 index 5aef14e..0000000 --- a/hosts/modules/gaming.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ pkgs, ... }: - -{ - environment.systemPackages = with pkgs; [ - clonehero - heroic - mangohud - prismlauncher - steam-run - ]; - - programs = { - steam = { - enable = true; - extraCompatPackages = [ pkgs.proton-ge-bin ]; - }; - gamemode.enable = true; - }; - - hardware = { - xpadneo.enable = true; - steam-hardware.enable = true; # Allow steam client to manage controllers - graphics.enable32Bit = true; # For OpenGL games - }; - - services.flatpak.packages = [ - "com.github.k4zmu2a.spacecadetpinball" - "com.steamgriddb.SGDBoop" - "io.github.Foldex.AdwSteamGtk" - "io.itch.itch" - "io.mrarm.mcpelauncher" - "net.retrodeck.retrodeck" - "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/24.08" - ]; -} diff --git a/hosts/modules/libvirtd.nix b/hosts/modules/libvirtd.nix deleted file mode 100644 index 41cfa27..0000000 --- a/hosts/modules/libvirtd.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ ... }: - -{ - virtualisation.libvirtd.enable = true; - - programs.virt-manager.enable = true; - - users.users.user.extraGroups = [ - "libvirt" - "libvirtd" - ]; -} diff --git a/hosts/modules/networkmanager.nix b/hosts/modules/networkmanager.nix deleted file mode 100644 index 7634116..0000000 --- a/hosts/modules/networkmanager.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ ... }: - -{ - networking.networkmanager = { - enable = true; - wifi.backend = "iwd"; - }; - - users.users.user.extraGroups = [ "networkmanager" ]; -} diff --git a/hosts/rotterdam/boot.nix b/hosts/rotterdam/boot.nix deleted file mode 100644 index d038ede..0000000 --- a/hosts/rotterdam/boot.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ pkgs, ... }: - -let - qubesnsh = pkgs.writeTextFile { - name = "qubes.nsh"; - text = "HD1f65535a1:EFI\\qubes\\grubx64.efi"; - }; -in - -{ - boot = { - kernelParams = [ - "processor.max_cstate=1" # Fixes bug where ryzen cpus freeze when in highest C state - "clearcpuid=514" - "amdgpu.ppfeaturemask=0xfffd3fff" # Fixes amdgpu freezing - ]; - # QubesOS boot entry - loader.systemd-boot = { - extraFiles = { - "efi/edk2-shell/shell.efi" = "${pkgs.edk2-uefi-shell}/shell.efi"; - "qubes.nsh" = qubesnsh; - }; - extraEntries."qubes.conf" = '' - title Qubes OS - efi /efi/edk2-shell/shell.efi - options -nointerrupt qubes.nsh - sort-key ab - ''; - }; - }; -} diff --git a/hosts/rotterdam/hardware.nix b/hosts/rotterdam/hardware.nix deleted file mode 100644 index 6f76e99..0000000 --- a/hosts/rotterdam/hardware.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: - -{ - hardware = { - amdgpu.opencl.enable = true; - graphics.extraPackages = with pkgs; [ rocmPackages.clr.icd ]; - }; -} diff --git a/hosts/rotterdam/programs.nix b/hosts/rotterdam/programs.nix deleted file mode 100644 index b4dcfd9..0000000 --- a/hosts/rotterdam/programs.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ pkgs, ... }: - -let - reboot-into-qubes = pkgs.makeDesktopItem { - name = "reboot-into-qubes"; - icon = pkgs.fetchurl { - url = "https://raw.githubusercontent.com/vinceliuice/Qogir-icon-theme/31f267e1f5fd4e9596bfd78dfb41a03d3a9f33ee/src/scalable/apps/distributor-logo-qubes.svg"; - sha256 = "sha256-QbHr7s5Wcs7uFtfqZctMyS0iDbMfiiZOKy2nHhDOfn0="; - }; - desktopName = "Qubes OS"; - genericName = "Reboot into Qubes OS"; - categories = [ "System" ]; - startupNotify = true; - exec = pkgs.writeShellScript "reboot-into-qubes" '' - ${pkgs.yad}/bin/yad --form \ - --title="Qubes OS" \ - --image distributor-logo-qubes \ - --text "Are you sure you want to reboot into Qubes OS?" \ - --button="Yes:0" --button="Cancel:1" - if [ $? -eq 0 ]; then - systemctl reboot --boot-loader-entry=qubes.conf - fi - ''; - }; -in - -{ - environment.systemPackages = [ reboot-into-qubes ]; - - programs.steam.dedicatedServer.openFirewall = true; -} diff --git a/hosts/rotterdam/services.nix b/hosts/rotterdam/services.nix deleted file mode 100644 index 0bf276f..0000000 --- a/hosts/rotterdam/services.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - services.keyd = { - enable = true; - keyboards.main = { - ids = [ "5653:0001" ]; - settings.main = { - esc = "overload(meta, esc)"; - }; - }; - }; -} diff --git a/hosts/servers/alexandria.nix b/hosts/servers/alexandria.nix new file mode 100644 index 0000000..4154097 --- /dev/null +++ b/hosts/servers/alexandria.nix @@ -0,0 +1,34 @@ +{ ... }: + +{ + imports = [ + # Host-common imports + ../common + # Server-common imports + ./common + # Host-specific imports + ./alexandria + ]; + + nix.nixPath = [ "nixos-config=${./alexandria.nix}" ]; + + swapDevices = [ + { + device = "/swapfile"; + size = 8192; + } + ]; + + networking = { + hostName = "alexandria"; + firewall = { + allowedTCPPorts = [ + 80 + 443 + 8010 + 9666 + ]; + allowedUDPPorts = [ 24454 ]; + }; + }; +} diff --git a/hosts/servers/alexandria/changedetection.nix b/hosts/servers/alexandria/changedetection.nix new file mode 100644 index 0000000..702952f --- /dev/null +++ b/hosts/servers/alexandria/changedetection.nix @@ -0,0 +1,20 @@ +{ config, lib, ... }: + +{ + services = { + changedetection-io = { + enable = true; + behindProxy = true; + datastorePath = "/data/changedetection"; + port = lib.toInt "${config.ports.changedetection-io}"; + baseURL = "https://detect.baduhai.dev"; + }; + + nginx.virtualHosts."detect.baduhai.dev" = { + useACMEHost = "baduhai.dev"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://127.0.0.1:${config.ports.changedetection-io}"; + }; + }; +} diff --git a/hosts/servers/alexandria/cinny.nix b/hosts/servers/alexandria/cinny.nix new file mode 100644 index 0000000..fc4770f --- /dev/null +++ b/hosts/servers/alexandria/cinny.nix @@ -0,0 +1,23 @@ +{ config, ... }: + +{ + virtualisation.oci-containers.containers."cinny" = { + image = "ghcr.io/cinnyapp/cinny:latest"; + ports = [ "${config.ports.cinny}:80" ]; + environment = { + TZ = "America/Bahia"; + }; + volumes = [ "/data/matrix/cinny-config.json:/app/config.json" ]; + extraOptions = [ + "--pull=newer" + "--label=io.containers.autoupdate=registry" + ]; + }; + + services.nginx.virtualHosts."matrix.baduhai.dev" = { + useACMEHost = "baduhai.dev"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://127.0.0.1:${config.ports.cinny}"; + }; +} diff --git a/hosts/servers/alexandria/default.nix b/hosts/servers/alexandria/default.nix new file mode 100644 index 0000000..d5069a1 --- /dev/null +++ b/hosts/servers/alexandria/default.nix @@ -0,0 +1,51 @@ +{ lib, ... }: + +let + mkStringOption = + default: + lib.mkOption { + inherit default; + type = lib.types.str; + }; + +in + +{ + imports = [ + ./changedetection.nix + ./cinny.nix + ./forgejo.nix + ./hardware-configuration.nix + ./jellyfin.nix + ./librespeed.nix + ./memos.nix + ./minecraft.nix + ./nextcloud.nix + ./nginx.nix + ./paperless.nix + ./searx.nix + ./services.nix + ./users.nix + ./vaultwarden.nix + ]; + + options.ports = { + bazaar = mkStringOption "6767"; + radarr = mkStringOption "7878"; + vaultwarden = mkStringOption "8000"; + changedetection-io = mkStringOption "8001"; + cinny = mkStringOption "8002"; + librespeed = mkStringOption "8003"; + paperless = mkStringOption "8004"; + yousable = mkStringOption "8005"; + cinny2 = mkStringOption "8006"; + searx = mkStringOption "8007"; + qbittorrent = mkStringOption "8008"; + actual = mkStringOption "8009"; + memos = mkStringOption "8010"; + collabora = mkStringOption "8011"; + jellyfin = mkStringOption "8096"; + sonarr = mkStringOption "8989"; + jackett = mkStringOption "9117"; + }; +} diff --git a/hosts/servers/alexandria/forgejo.nix b/hosts/servers/alexandria/forgejo.nix new file mode 100644 index 0000000..a51c050 --- /dev/null +++ b/hosts/servers/alexandria/forgejo.nix @@ -0,0 +1,33 @@ +{ config, ... }: + +let + domain = "git.baduhai.dev"; +in + +{ + services = { + forgejo = { + enable = true; + repositoryRoot = "/data/forgejo"; + settings = { + session.COOKIE_SECURE = true; + server = { + PROTOCOL = "http+unix"; + DOMAIN = domain; + ROOT_URL = "https://${domain}"; + OFFLINE_MODE = true; # disable use of CDNs + SSH_DOMAIN = "baduhai.dev"; + }; + log.LEVEL = "Warn"; + mailer.ENABLED = false; + actions.ENABLED = false; + }; + }; + nginx.virtualHosts.${domain} = { + useACMEHost = "baduhai.dev"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; + }; + }; +} diff --git a/hosts/alexandria/hardware-configuration.nix b/hosts/servers/alexandria/hardware-configuration.nix similarity index 66% rename from hosts/alexandria/hardware-configuration.nix rename to hosts/servers/alexandria/hardware-configuration.nix index 63ecba5..a5f9767 100644 --- a/hosts/alexandria/hardware-configuration.nix +++ b/hosts/servers/alexandria/hardware-configuration.nix @@ -23,23 +23,17 @@ extraModulePackages = [ ]; }; - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/31289617-1d84-4432-a833-680b52e88525"; - fsType = "ext4"; - }; - "/boot" = { - device = "/dev/disk/by-uuid/4130-BE54"; - fsType = "vfat"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/31289617-1d84-4432-a833-680b52e88525"; + fsType = "ext4"; }; - swapDevices = [ - { - device = "/swapfile"; - size = 8192; - } - ]; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/4130-BE54"; + fsType = "vfat"; + }; + + swapDevices = [ ]; networking.useDHCP = lib.mkDefault true; diff --git a/hosts/servers/alexandria/jellyfin.nix b/hosts/servers/alexandria/jellyfin.nix new file mode 100644 index 0000000..015f4aa --- /dev/null +++ b/hosts/servers/alexandria/jellyfin.nix @@ -0,0 +1,19 @@ +{ config, ... }: + +{ + services = { + jellyfin = { + enable = true; + user = "user"; + group = "hosted"; + openFirewall = true; + }; + + nginx.virtualHosts."jellyfin.baduhai.dev" = { + useACMEHost = "baduhai.dev"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://127.0.0.1:${config.ports.jellyfin}"; + }; + }; +} diff --git a/hosts/servers/alexandria/librespeed.nix b/hosts/servers/alexandria/librespeed.nix new file mode 100644 index 0000000..6b830b7 --- /dev/null +++ b/hosts/servers/alexandria/librespeed.nix @@ -0,0 +1,22 @@ +{ config, ... }: + +{ + virtualisation.oci-containers.containers."librespeed" = { + image = "lscr.io/linuxserver/librespeed:latest"; + environment = { + TZ = "America/Bahia"; + }; + ports = [ "${config.ports.librespeed}:80" ]; + extraOptions = [ + "--pull=newer" + "--label=io.containers.autoupdate=registry" + ]; + }; + + services.nginx.virtualHosts."speed.baduhai.dev" = { + useACMEHost = "baduhai.dev"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://127.0.0.1:${config.ports.librespeed}"; + }; +} diff --git a/hosts/servers/alexandria/memos.nix b/hosts/servers/alexandria/memos.nix new file mode 100644 index 0000000..2d41cc0 --- /dev/null +++ b/hosts/servers/alexandria/memos.nix @@ -0,0 +1,23 @@ +{ config, ... }: + +{ + virtualisation.oci-containers.containers."memos" = { + image = "docker.io/neosmemo/memos:stable"; + ports = [ "${config.ports.memos}:5230" ]; + environment = { + TZ = "America/Bahia"; + }; + volumes = [ "/data/memos/:/var/opt/memos" ]; + extraOptions = [ + "--pull=newer" + "--label=io.containers.autoupdate=registry" + ]; + }; + + services.nginx.virtualHosts."notes.baduhai.dev" = { + useACMEHost = "baduhai.dev"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://127.0.0.1:${config.ports.memos}"; + }; +} diff --git a/hosts/servers/alexandria/minecraft.nix b/hosts/servers/alexandria/minecraft.nix new file mode 100644 index 0000000..2ce951f --- /dev/null +++ b/hosts/servers/alexandria/minecraft.nix @@ -0,0 +1,73 @@ +{ pkgs, ... }: + +{ + services.minecraft-servers = { + enable = true; + eula = true; + dataDir = "/data/minecraft"; + servers."kingdomcums" = { + enable = true; + package = pkgs.fabricServers.fabric-1_20_1; + openFirewall = true; + serverProperties = { + difficulty = "normal"; + gamemode = "survival"; + motd = "Kingdom Cums"; + online-mode = false; + spawn-protection = false; + }; + symlinks."mods" = pkgs.linkFarmFromDrvs "mods" ( + builtins.attrValues { + villagerNames = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/gqRXDo8B/versions/rzXhJ2pH/villagernames-1.20.1-8.1.jar"; + sha256 = "0hcbbp3zi3nnr12kian9l645f22jr7495bcrlbng46nxp9h08pg5"; + }; + lithium = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/gvQqBUqZ/versions/ZSNsJrPI/lithium-fabric-mc1.20.1-0.11.2.jar"; + sha256 = "1ycdvrs46bbdxsa6i38sfx70v47nvzzbmblfpy3hq3k8blsrbid0"; + }; + lootr = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/EltpO5cN/versions/fqmzdpE2/lootr-fabric-1.20-0.7.33.81.jar"; + sha256 = "0db0472rb07nbc9i925qp3n7s7nmrq6q3alhprflgc9gqg0j0f14"; + }; + malilib = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/GcWjdA9I/versions/V7yLDtJV/malilib-fabric-1.20.1-0.16.3.jar"; + sha256 = "129m1jnk58p0wid5fmagqx13wp6pw4gja01yx14aljdxgzr8kqas"; + }; + immersivePaintings = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/6txNkua3/versions/UjL11A4h/immersive_paintings-0.6.7%2B1.20.1-fabric.jar"; + sha256 = "1di9a67q372z6lplnsa1kmh86armya83mimn61c8ai7izjlsfnid"; + }; + entityCulling = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/NNAgCjsB/versions/mahLIqpj/entityculling-fabric-1.6.7-mc1.20.1.jar"; + sha256 = "01iz8rgljgzl0d8gcwpmr6wcvv3b0cf1siggp3dn8q5hv9przk9k"; + }; + fabricAPI = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/P7dR8mSH/versions/P7uGFii0/fabric-api-0.92.2%2B1.20.1.jar"; + sha256 = "1z3hcxng2p9ymph1c0k729vxxaasi34n6fcdsqwx0wsmqi2gh025"; + }; + fallingTree = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/Fb4jn8m6/versions/NrtzFkZE/FallingTree-1.20.1-4.3.4.jar"; + sha256 = "0sfv2laxzgmkhmr0kizi7g09r6fkccjhj9p5j0viqywnwx02r7fs"; + }; + carryOn = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/joEfVgkn/versions/Mkla4B3q/carryon-fabric-1.20.1-2.1.2.7.jar"; + sha256 = "1pgbqrjrxw7bgwn6phpywgpjfmf5h341ba93j76ibk649wbgn9cd"; + }; + collective = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/e0M1UDsY/versions/jo7YkyNS/collective-1.20.1-7.84.jar"; + sha256 = "01qvaqmd5kmxq7sins6703xq5ckc47qs5kd62gnjyfq1dbjp2y2b"; + }; + dynamicLights = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/7YjclEGc/versions/eU6PA0pr/dynamiclights-v1.8.3-mc1.17x-1.21x-mod.jar"; + sha256 = "0vdv525gis1vj514iqh4rbl6byp7k0ls3lsyj0c3db8g58d784gm"; + }; + appleSkin = pkgs.fetchurl { + url = "https://cdn.modrinth.com/data/EsAfCjCV/versions/xcauwnEB/appleskin-fabric-mc1.20.1-2.5.1.jar"; + sha256 = "1d9qmzjlk763ycmizqpmhcq0hhqw9j8hij6xk8p8l11ljr13mql5"; + }; + } + ); + }; + }; +} diff --git a/hosts/alexandria/nextcloud.nix b/hosts/servers/alexandria/nextcloud.nix similarity index 67% rename from hosts/alexandria/nextcloud.nix rename to hosts/servers/alexandria/nextcloud.nix index c449cce..04d7407 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/servers/alexandria/nextcloud.nix @@ -2,37 +2,22 @@ lib, config, pkgs, - inputs, ... }: -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in - { services = { nextcloud = { enable = true; - package = pkgs.nextcloud32; + package = pkgs.nextcloud30; datadir = "/data/nextcloud"; hostName = "cloud.baduhai.dev"; configureRedis = true; https = true; + autoUpdateApps.enable = true; secretFile = config.age.secrets."nextcloud-secrets.json".path; database.createLocally = true; maxUploadSize = "16G"; - extraApps = { - inherit (config.services.nextcloud.package.packages.apps) - calendar - contacts - notes - tasks - user_oidc - ; - }; - extraAppsEnable = true; caching = { apcu = true; redis = true; @@ -41,7 +26,6 @@ in trusted_proxies = [ "127.0.0.1" ]; default_phone_region = "BR"; maintenance_window_start = "4"; - allow_local_remote_servers = true; enabledPreviewProviders = [ "OC\\Preview\\BMP" "OC\\Preview\\EMF" @@ -77,21 +61,43 @@ in }; }; - nginx.virtualHosts = mkNginxVHosts { - domains."cloud.baduhai.dev" = { }; + collabora-online = { + enable = true; + port = lib.strings.toInt config.ports.collabora; + settings.ssl = { + enable = false; + termination = true; + }; + }; + + nginx.virtualHosts = { + ${config.services.nextcloud.hostName} = { + useACMEHost = "baduhai.dev"; + forceSSL = true; + kTLS = true; + }; + "office.baduhai.dev" = { + useACMEHost = "baduhai.dev"; + forceSSL = true; + kTLS = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${config.ports.collabora}"; + proxyWebsockets = true; + }; + }; }; }; age.secrets = { "nextcloud-secrets.json" = { - file = ../../secrets/nextcloud-secrets.json.age; + file = ../../../secrets/nextcloud-secrets.json.age; owner = "nextcloud"; - group = "nextcloud"; + group = "hosted"; }; nextcloud-adminpass = { - file = ../../secrets/nextcloud-adminpass.age; + file = ../../../secrets/nextcloud-adminpass.age; owner = "nextcloud"; - group = "nextcloud"; + group = "hosted"; }; }; } diff --git a/hosts/servers/alexandria/nginx.nix b/hosts/servers/alexandria/nginx.nix new file mode 100644 index 0000000..5075bcf --- /dev/null +++ b/hosts/servers/alexandria/nginx.nix @@ -0,0 +1,37 @@ +{ config, ... }: + +{ + services.nginx = { + enable = true; + group = "hosted"; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + }; + + security.acme = { + acceptTerms = true; + defaults = { + email = "baduhai@proton.me"; + dnsResolver = "1.1.1.1:53"; + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.cloudflare.path; + }; + certs."baduhai.dev" = { + extraDomainNames = [ "*.baduhai.dev" ]; + }; + }; + + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + }; + + age.secrets.cloudflare = { + file = ../../../secrets/cloudflare.age; + owner = "nginx"; + group = "hosted"; + }; + +} diff --git a/hosts/servers/alexandria/paperless.nix b/hosts/servers/alexandria/paperless.nix new file mode 100644 index 0000000..d78d107 --- /dev/null +++ b/hosts/servers/alexandria/paperless.nix @@ -0,0 +1,30 @@ +{ config, lib, ... }: + +{ + services = { + paperless = { + enable = true; + dataDir = "/data/paperless/data"; + mediaDir = "/data/paperless/media"; + passwordFile = config.age.secrets.paperless.path; + port = lib.toInt "${config.ports.paperless}"; + consumptionDirIsPublic = true; + settings = { + PAPERLESS_OCR_LANGUAGE = "eng+por+deu"; + }; + }; + + nginx.virtualHosts."docs.baduhai.dev" = { + useACMEHost = "baduhai.dev"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://127.0.0.1:${config.ports.paperless}"; + }; + }; + + age.secrets.paperless = { + file = ../../../secrets/paperless.age; + owner = "paperless"; + group = "hosted"; + }; +} diff --git a/hosts/servers/alexandria/searx.nix b/hosts/servers/alexandria/searx.nix new file mode 100644 index 0000000..94f3017 --- /dev/null +++ b/hosts/servers/alexandria/searx.nix @@ -0,0 +1,28 @@ +{ + config, + pkgs, + lib, + ... +}: + +{ + services = { + searx = { + enable = true; + package = pkgs.searxng; + settings.server = { + port = lib.toInt "${config.ports.searx}"; + bind_address = "0.0.0.0"; + secret_key = "&yEf!xLA@y3FdJ5BjKnUnNAkqer$iW!9"; + method = "GET"; + }; + }; + + nginx.virtualHosts."search.baduhai.dev" = { + useACMEHost = "baduhai.dev"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://127.0.0.1:${config.ports.searx}"; + }; + }; +} diff --git a/hosts/servers/alexandria/services.nix b/hosts/servers/alexandria/services.nix new file mode 100644 index 0000000..08b927a --- /dev/null +++ b/hosts/servers/alexandria/services.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + services.postgresql.enable = true; + + # TODO: remove when bug fux + # Workaround for upstream bug in NetworkManager-wait-online.service + systemd.services.NetworkManager-wait-online.enable = false; +} diff --git a/hosts/servers/alexandria/users.nix b/hosts/servers/alexandria/users.nix new file mode 100644 index 0000000..db3f3ed --- /dev/null +++ b/hosts/servers/alexandria/users.nix @@ -0,0 +1,20 @@ +{ ... }: + +{ + users = { + users = { + nginx.extraGroups = [ "acme" ]; + }; + groups = { + hosted = { + gid = 1005; + members = [ + "user" + "minecraft" + "paperless" + "vaultwarden" + ]; + }; + }; + }; +} diff --git a/hosts/servers/alexandria/vaultwarden.nix b/hosts/servers/alexandria/vaultwarden.nix new file mode 100644 index 0000000..2207c08 --- /dev/null +++ b/hosts/servers/alexandria/vaultwarden.nix @@ -0,0 +1,22 @@ +{ config, ... }: + +{ + services = { + vaultwarden = { + enable = true; + config = { + DOMAIN = "https://pass.baduhai.dev"; + SIGNUPS_ALLOWED = true; + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = "${config.ports.vaultwarden}"; + }; + }; + + nginx.virtualHosts."pass.baduhai.dev" = { + useACMEHost = "baduhai.dev"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://127.0.0.1:${config.ports.vaultwarden}"; + }; + }; +} diff --git a/hosts/modules/server/boot.nix b/hosts/servers/common/boot.nix similarity index 100% rename from hosts/modules/server/boot.nix rename to hosts/servers/common/boot.nix diff --git a/hosts/servers/common/default.nix b/hosts/servers/common/default.nix new file mode 100644 index 0000000..db2cb46 --- /dev/null +++ b/hosts/servers/common/default.nix @@ -0,0 +1,10 @@ +{ ... }: + +{ + imports = [ + ./boot.nix + ./home-manager.nix + ./nix.nix + ./services.nix + ]; +} diff --git a/hosts/servers/common/home-manager.nix b/hosts/servers/common/home-manager.nix new file mode 100644 index 0000000..20186df --- /dev/null +++ b/hosts/servers/common/home-manager.nix @@ -0,0 +1,10 @@ +{ ... }: + +{ + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + backupFileExtension = "bkp"; + users.user = import ../../../users/servers/user.nix; + }; +} diff --git a/hosts/modules/server/nix.nix b/hosts/servers/common/nix.nix similarity index 100% rename from hosts/modules/server/nix.nix rename to hosts/servers/common/nix.nix diff --git a/hosts/modules/server/tailscale.nix b/hosts/servers/common/services.nix similarity index 55% rename from hosts/modules/server/tailscale.nix rename to hosts/servers/common/services.nix index 1f105ba..035de35 100644 --- a/hosts/modules/server/tailscale.nix +++ b/hosts/servers/common/services.nix @@ -5,9 +5,4 @@ extraSetFlags = [ "--advertise-exit-node" ]; useRoutingFeatures = "server"; }; - - boot.kernel.sysctl = { - "net.ipv4.ip_forward" = 1; - "net.ipv6.conf.all.forwarding" = 1; - }; } diff --git a/hosts/trantor/boot.nix b/hosts/trantor/boot.nix deleted file mode 100644 index 0498818..0000000 --- a/hosts/trantor/boot.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - boot = { - initrd.systemd.enable = true; - loader.efi.efiSysMountPoint = "/boot/efi"; - }; -} diff --git a/hosts/trantor/disko.nix b/hosts/trantor/disko.nix deleted file mode 100644 index 0e47058..0000000 --- a/hosts/trantor/disko.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.disko.nixosModules.default ]; - - disko.devices.disk.main = { - type = "disk"; - device = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20"; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - name = "ESP"; - start = "1MiB"; - end = "512MiB"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot/efi"; - mountOptions = [ - "noatime" - "fmask=0077" - "dmask=0077" - ]; - }; - }; - root = { - priority = 2; - name = "root"; - size = "100%"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "@root" = { - mountpoint = "/"; - mountOptions = [ - "noatime" - "compress=zstd" - ]; - }; - "@nix" = { - mountpoint = "/nix"; - mountOptions = [ - "noatime" - "compress=zstd" - ]; - }; - "@persistent" = { - mountpoint = "/persistent"; - mountOptions = [ - "noatime" - "compress=zstd" - ]; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/trantor/fail2ban.nix b/hosts/trantor/fail2ban.nix deleted file mode 100644 index bc05139..0000000 --- a/hosts/trantor/fail2ban.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, pkgs, ... }: - -{ - services.fail2ban = { - enable = true; - maxretry = 5; - ignoreIP = [ - "127.0.0.0/8" - "::1" - "10.0.0.0/8" - "172.16.0.0/12" - "192.168.0.0/16" - "100.64.0.0/10" - ]; - bantime = "1h"; - bantime-increment = { - enable = true; - multipliers = "1 2 4 8 16 32 64"; - maxtime = "10000h"; - overalljails = true; - }; - }; -} diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix deleted file mode 100644 index fdfa64a..0000000 --- a/hosts/trantor/forgejo.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts; -in - -{ - services = { - forgejo = { - enable = true; - settings = { - session.COOKIE_SECURE = true; - server = { - PROTOCOL = "http+unix"; - DOMAIN = "git.baduhai.dev"; - ROOT_URL = "https://git.baduhai.dev"; - OFFLINE_MODE = true; # disable use of CDNs - SSH_DOMAIN = "git.baduhai.dev"; - }; - log.LEVEL = "Warn"; - mailer.ENABLED = false; - actions.ENABLED = false; - service.DISABLE_REGISTRATION = true; - oauth2_client = { - ENABLE_AUTO_REGISTRATION = true; - UPDATE_AVATAR = true; - ACCOUNT_LINKING = "login"; - USERNAME = "preferred_username"; - }; - }; - }; - nginx.virtualHosts = mkNginxVHosts { - domains."git.baduhai.dev".locations."/".proxyPass = - "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; - }; - fail2ban.jails.forgejo = { - settings = { - enabled = true; - filter = "forgejo"; - maxretry = 3; - findtime = "10m"; - bantime = "1h"; - }; - }; - }; - - environment = { - etc."fail2ban/filter.d/forgejo.conf".text = '' - [Definition] - failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from - ignoreregex = - journalmatch = _SYSTEMD_UNIT=forgejo.service - ''; - - persistence.main.directories = [ - { - directory = config.services.forgejo.stateDir; - inherit (config.services.forgejo) user group; - mode = "0700"; - } - ]; - }; - - # Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories - systemd.services.forgejo.serviceConfig.PrivateMounts = lib.mkForce false; -} diff --git a/hosts/trantor/hardware-configuration.nix b/hosts/trantor/hardware-configuration.nix deleted file mode 100644 index 039129e..0000000 --- a/hosts/trantor/hardware-configuration.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - lib, - modulesPath, - ... -}: - -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - boot.initrd.availableKernelModules = [ - "xhci_pci" - "virtio_pci" - "virtio_scsi" - "usbhid" - ]; - - networking.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; -} diff --git a/hosts/trantor/networking.nix b/hosts/trantor/networking.nix deleted file mode 100644 index 4dcbe1e..0000000 --- a/hosts/trantor/networking.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - networking = { - firewall = { - allowedTCPPorts = [ 25566 ]; - allowedUDPPorts = [ 25566 ]; - }; - }; -} diff --git a/hosts/trantor/nginx.nix b/hosts/trantor/nginx.nix deleted file mode 100644 index 56eed7c..0000000 --- a/hosts/trantor/nginx.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: - -let - utils = import ../../utils.nix { inherit inputs lib; }; - inherit (utils) mkNginxVHosts services; - - # Get all unique domains from shared services on trantor (host = "trantor") - localDomains = lib.unique ( - map (s: s.domain) (lib.filter (s: s.host == "trantor") services) - ); - - # Generate ACME cert configs for all local domains - acmeCerts = lib.genAttrs localDomains (domain: { - group = "nginx"; - }); -in - -{ - security.acme = { - acceptTerms = true; - defaults = { - email = "baduhai@proton.me"; - dnsResolver = "1.1.1.1:53"; - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets.cloudflare.path; - }; - certs = acmeCerts; - }; - - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts = { - "_" = { - default = true; - locations."/".return = "444"; - }; - }; - }; - - users.users.nginx.extraGroups = [ "acme" ]; - - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; - - age.secrets.cloudflare = { - file = ../../secrets/cloudflare.age; - owner = "nginx"; - group = "nginx"; - }; -} diff --git a/hosts/trantor/openssh.nix b/hosts/trantor/openssh.nix deleted file mode 100644 index 704b3df..0000000 --- a/hosts/trantor/openssh.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ ... }: - -{ - services = { - openssh = { - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; - fail2ban.jails.sshd = { - settings = { - enabled = true; - port = "ssh"; - filter = "sshd"; - logpath = "/var/log/auth.log"; - maxretry = 3; - findtime = "10m"; - bantime = "1h"; - }; - }; - }; -} diff --git a/hosts/trantor/unbound.nix b/hosts/trantor/unbound.nix deleted file mode 100644 index 46808c6..0000000 --- a/hosts/trantor/unbound.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ inputs, lib, ... }: - -let - utils = import ../../utils.nix { inherit inputs lib; }; -in - -{ - services.unbound = { - enable = true; - enableRootTrustAnchor = true; - settings = { - server = { - interface = [ - "0.0.0.0" - "::" - ]; - access-control = [ - "127.0.0.0/8 allow" - "100.64.0.0/10 allow" # Tailscale CGNAT range - "::1/128 allow" - "fd7a:115c:a1e0::/48 allow" # Tailscale IPv6 - ]; - - num-threads = 2; - msg-cache-size = "50m"; - rrset-cache-size = "100m"; - cache-min-ttl = 300; - cache-max-ttl = 86400; - prefetch = true; - prefetch-key = true; - hide-identity = true; - hide-version = true; - so-rcvbuf = "1m"; - so-sndbuf = "1m"; - - # Tailnet DNS records from shared services - local-zone = ''"baduhai.dev." transparent''; - local-data = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') utils.services; - }; - - forward-zone = [ - { - name = "."; - forward-addr = [ - "1.1.1.1@853#cloudflare-dns.com" - "1.0.0.1@853#cloudflare-dns.com" - ]; - forward-tls-upstream = true; - } - ]; - }; - }; - - networking.firewall = { - allowedTCPPorts = [ 53 ]; - allowedUDPPorts = [ 53 ]; - }; -} diff --git a/modules/ephemeral.nix b/modules/ephemeral.nix deleted file mode 100644 index 7403aac..0000000 --- a/modules/ephemeral.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ lib, config, ... }: - -let - cfg = config.ephemeral; -in -{ - options.ephemeral = { - enable = lib.mkEnableOption "ephemeral root with automatic rollback"; - - rootDevice = lib.mkOption { - type = lib.types.str; - example = "/dev/mapper/cryptroot"; - description = "Device path for the root btrfs filesystem"; - }; - - rootSubvolume = lib.mkOption { - type = lib.types.str; - example = "@root"; - description = "Name of the root btrfs subvolume"; - }; - - oldRootRetentionDays = lib.mkOption { - type = lib.types.int; - default = 30; - description = "Number of days to keep old root snapshots before deletion"; - }; - }; - - config = lib.mkIf cfg.enable { - boot.initrd.systemd.services.recreate-root = { - description = "Rolling over and creating new filesystem root"; - requires = [ "initrd-root-device.target" ]; - after = [ - "local-fs-pre.target" - "initrd-root-device.target" - ]; - requiredBy = [ "initrd-root-fs.target" ]; - before = [ "sysroot.mount" ]; - unitConfig = { - AssertPathExists = "/etc/initrd-release"; - DefaultDependencies = false; - }; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - set -euo pipefail - - mkdir /btrfs_tmp - if ! mount ${cfg.rootDevice} /btrfs_tmp; then - echo "ERROR: Failed to mount ${cfg.rootDevice}" - exit 1 - fi - - if [[ -e /btrfs_tmp/${cfg.rootSubvolume} ]]; then - mkdir -p /btrfs_tmp/old_roots - timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/${cfg.rootSubvolume})" "+%Y-%m-%-d_%H:%M:%S") - mv /btrfs_tmp/${cfg.rootSubvolume} "/btrfs_tmp/old_roots/$timestamp" - fi - - delete_subvolume_recursively() { - IFS=$'\n' - for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do - delete_subvolume_recursively "/btrfs_tmp/$i" - done - btrfs subvolume delete "$1" - } - - for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +${toString cfg.oldRootRetentionDays}); do - delete_subvolume_recursively "$i" - done - - if ! btrfs subvolume create /btrfs_tmp/${cfg.rootSubvolume}; then - echo "ERROR: Failed to create subvolume ${cfg.rootSubvolume}" - umount /btrfs_tmp - exit 1 - fi - - umount /btrfs_tmp - ''; - }; - }; -} diff --git a/modules/qbittorrent.nix b/modules/qbittorrent.nix new file mode 100644 index 0000000..09123a5 --- /dev/null +++ b/modules/qbittorrent.nix @@ -0,0 +1,123 @@ +{ + config, + lib, + pkgs, + ... +}: + +with lib; +let + cfg = config.services.qbittorrent; + configDir = "${cfg.dataDir}/.config"; + openFilesLimit = 4096; +in +{ + options.services.qbittorrent = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + Run qBittorrent headlessly as systemwide daemon + ''; + }; + + dataDir = mkOption { + type = types.path; + default = "/var/lib/qbittorrent"; + description = '' + The directory where qBittorrent will create files. + ''; + }; + + user = mkOption { + type = types.str; + default = "qbittorrent"; + description = '' + User account under which qBittorrent runs. + ''; + }; + + group = mkOption { + type = types.str; + default = "qbittorrent"; + description = '' + Group under which qBittorrent runs. + ''; + }; + + port = mkOption { + type = types.port; + default = 8080; + description = '' + qBittorrent web UI port. + ''; + }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Open services.qBittorrent.port to the outside network. + ''; + }; + + openFilesLimit = mkOption { + default = openFilesLimit; + description = '' + Number of files to allow qBittorrent to open. + ''; + }; + }; + + config = mkIf cfg.enable { + + environment.systemPackages = [ pkgs.qbittorrent ]; + + nixpkgs.overlays = [ + (final: prev: { + qbittorrent = prev.qbittorrent.override { guiSupport = false; }; + }) + ]; + + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ cfg.port ]; + allowedUDPPorts = [ cfg.port ]; + }; + + systemd.services.qbittorrent = { + after = [ "network.target" ]; + description = "qBittorrent Daemon"; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.qbittorrent ]; + serviceConfig = { + ExecStart = '' + ${pkgs.qbittorrent}/bin/qbittorrent-nox \ + --profile=${configDir} \ + --webui-port=${toString cfg.port} + ''; + # To prevent "Quit & shutdown daemon" from working; we want systemd to + # manage it! + Restart = "on-success"; + User = cfg.user; + Group = cfg.group; + UMask = "0002"; + LimitNOFILE = cfg.openFilesLimit; + }; + }; + + users.users = mkIf (cfg.user == "qbittorrent") { + qbittorrent = { + group = cfg.group; + home = cfg.dataDir; + createHome = true; + description = "qBittorrent Daemon user"; + }; + }; + + users.groups = mkIf (cfg.group == "qbittorrent") { + qbittorrent = { + gid = null; + }; + }; + }; +} diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix deleted file mode 100644 index c4969c1..0000000 --- a/nixosConfigurations.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ inputs, ... }: -let - lib = inputs.nixpkgs.lib; - utils = import ./utils.nix { inherit inputs lib; }; - inherit (utils) mkHost; -in -{ - flake.nixosConfigurations = { - rotterdam = mkHost { - hostname = "rotterdam"; - tags = [ - "desktop" - "ai" - "bluetooth" - "dev" - "ephemeral" - "fwupd" - "gaming" - "libvirtd" - "networkmanager" - "podman" - ]; - }; - - io = mkHost { - hostname = "io"; - tags = [ - "desktop" - "ai" - "bluetooth" - "dev" - "ephemeral" - "networkmanager" - "podman" - ]; - }; - - alexandria = mkHost { - hostname = "alexandria"; - tags = [ - # "server" TODO: uncomment when 25.11 is out. - "fwupd" - ]; - }; - - trantor = mkHost { - hostname = "trantor"; - system = "aarch64-linux"; - tags = [ - "server" - "ephemeral" - ]; - }; - }; -} diff --git a/nixosModules.nix b/nixosModules.nix deleted file mode 100644 index 5fd416b..0000000 --- a/nixosModules.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: - -{ - flake.nixosModules = { - ephemeral = import ./modules/ephemeral.nix; - }; -} diff --git a/overlays.nix b/overlays.nix deleted file mode 100644 index eab4edf..0000000 --- a/overlays.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ inputs, ... }: - -{ - flake.overlays = { - default = final: prev: { - base16-schemes = inputs.self.packages.${final.system}.base16-schemes; - fastfetch = inputs.self.packages.${final.system}.fastfetch; - hm-cli = inputs.self.packages.${final.system}.hm-cli; - kwrite = inputs.self.packages.${final.system}.kwrite; - toggleaudiosink = inputs.self.packages.${final.system}.toggleaudiosink; - }; - }; -} diff --git a/packages.nix b/packages.nix deleted file mode 100644 index 46979f8..0000000 --- a/packages.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ ... }: - -{ - perSystem = - { pkgs, system, ... }: - { - packages = { - base16-schemes = pkgs.callPackage ./packages/base16-schemes.nix { }; - fastfetch = pkgs.callPackage ./packages/fastfetch.nix { }; - hm-cli = pkgs.callPackage ./packages/hm-cli.nix { }; - kwrite = pkgs.callPackage ./packages/kwrite.nix { }; - toggleaudiosink = pkgs.callPackage ./packages/toggleaudiosink.nix { }; - }; - }; -} diff --git a/packages/base16-schemes.nix b/packages/base16-schemes.nix deleted file mode 100644 index ffd6c04..0000000 --- a/packages/base16-schemes.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - lib, - stdenv, - fetchFromGitHub, -}: -stdenv.mkDerivation (finalAttrs: { - pname = "base16-schemes"; - version = "0-unstable-2025-06-04"; - - src = fetchFromGitHub { - owner = "tinted-theming"; - repo = "schemes"; - rev = "317a5e10c35825a6c905d912e480dfe8e71c7559"; - hash = "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM="; - }; - - installPhase = '' - runHook preInstall - - mkdir -p $out/share/themes/ - install base16/*.yaml $out/share/themes/ - - runHook postInstall - ''; - - meta = { - description = "All the color schemes for use in base16 packages"; - homepage = "https://github.com/tinted-theming/schemes"; - maintainers = [ lib.maintainers.DamienCassou ]; - license = lib.licenses.mit; - }; -}) diff --git a/packages/fastfetch.nix b/packages/fastfetch.nix deleted file mode 100644 index fa8e0ea..0000000 --- a/packages/fastfetch.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ - lib, - pkgs ? import { }, -}: - -let - fastfetch-logo = pkgs.fetchurl { - url = "https://discourse.nixos.org/uploads/default/original/3X/3/6/36954e6d6aa32c8b00f50ca43f142d898c1ff535.png"; - hash = "sha256-aLHz8jSAFocrn+Pb4vRq0wtkYFJpBpZRevd+VoZC/PQ="; - }; - - fastfetch-config = pkgs.writeText "fastfetch-config.json" ( - builtins.toJSON { - "$schema" = "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json"; - modules = [ - "title" - "separator" - { - type = "os"; - keyWidth = 9; - } - { - type = "kernel"; - keyWidth = 9; - } - { - type = "uptime"; - keyWidth = 9; - } - { - type = "shell"; - keyWidth = 9; - } - "break" - { - type = "cpu"; - keyWidth = 11; - } - { - type = "memory"; - keyWidth = 11; - } - { - type = "swap"; - keyWidth = 11; - } - { - type = "disk"; - folders = "/"; - keyWidth = 11; - } - { - type = "command"; - key = "Systemd"; - keyWidth = 11; - text = "echo \"$(systemctl list-units --state=failed --no-legend | wc -l) failed units, $(systemctl list-jobs --no-legend | wc -l) queued jobs\""; - } - "break" - { - type = "command"; - key = "Public IP"; - keyWidth = 15; - text = "curl -s -4 ifconfig.me 2>/dev/null || echo 'N/A'"; - } - { - type = "command"; - key = "Tailscale IP"; - keyWidth = 15; - text = "tailscale ip -4 2>/dev/null || echo 'N/A'"; - } - { - type = "command"; - key = "Local IP"; - keyWidth = 15; - text = "ip -4 addr show scope global | grep inet | head -n1 | awk '{print $2}' | cut -d/ -f1"; - } - ]; - } - ); -in -pkgs.writeShellScriptBin "fastfetch" ''exec ${lib.getExe pkgs.fastfetch} --config ${fastfetch-config} --logo-type kitty --logo ${fastfetch-logo} --logo-padding-right 1 --logo-width 36 "$@" '' diff --git a/packages/hm-cli.nix b/packages/hm-cli.nix deleted file mode 100644 index f6034ea..0000000 --- a/packages/hm-cli.nix +++ /dev/null @@ -1,105 +0,0 @@ -{ - pkgs ? import { }, -}: - -pkgs.writeShellScriptBin "hm" '' - set -e - - HM="${pkgs.lib.getExe pkgs.home-manager}" - FLAKE_PATH="''${HM_PATH:-$HOME/.config/home-manager}" - FLAKE_OUTPUT="''${HM_USER:-$(whoami)@$(hostname)}" - - show_usage() { - cat < [args] - - Commands: - apply Switch to a new generation - generation list List all generations - generation delete ID... Delete specified generation(s) - generation rollback Rollback to the previous generation - generation switch ID Switch to the specified generation - generation cleanup Delete all but the current generation - - Environment Variables: - HM_PATH Override default flake path (~/.config/home-manager) - Currently set to "''${HM_PATH:-}" - HM_USER Override default user output ("$(whoami)@$(hostname)") - Currently set to "''${HM_USER:-}" - EOF - } - - if [[ $# -eq 0 ]]; then - show_usage - exit 1 - fi - - case "$1" in - apply) - "$HM" switch --flake "$FLAKE_PATH#$FLAKE_OUTPUT" -b bkp - ;; - generation) - if [[ $# -lt 2 ]]; then - echo "Error: generation command requires a subcommand" - show_usage - exit 1 - fi - - case "$2" in - list) - "$HM" generations - ;; - delete) - if [[ $# -lt 3 ]]; then - echo "Error: delete requires at least one generation ID" - exit 1 - fi - shift 2 - "$HM" remove-generations "$@" - ;; - rollback) - PREV_GEN=$("$HM" generations | \ - sed -n 's/^[[:space:]]*id \([0-9]\+\).*/\1/p' | \ - head -n 2 | tail -n 1) - if [[ -z "$PREV_GEN" ]]; then - echo "Error: could not determine previous generation (possibly only one generation exists)" - exit 1 - fi - "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$PREV_GEN" -b bkp - ;; - switch) - if [[ $# -ne 3 ]]; then - echo "Error: switch requires exactly one generation ID" - exit 1 - fi - "$HM" switch --flake "$FLAKE_PATH" --switch-generation "$3" -b bkp - ;; - cleanup) - CURRENT_GEN=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .* (current)$/\1/p') - if [[ -z "$CURRENT_GEN" ]]; then - echo "Error: could not determine current generation" - exit 1 - fi - OLD_GENS=$("$HM" generations | sed -n 's/^.*id \([0-9]\+\) .*/\1/p' | grep -v "^$CURRENT_GEN$") - if [[ -z "$OLD_GENS" ]]; then - echo "No old generations to delete" - else - echo "Deleting generations: $(echo $OLD_GENS | tr '\n' ' ')" - echo "$OLD_GENS" | xargs "$HM" remove-generations - echo "Cleanup complete. Current generation $CURRENT_GEN preserved." - fi - ;; - *) - echo "Error: unknown generation subcommand '$2'" - show_usage - exit 1 - ;; - esac - ;; - *) - echo "Error: unknown command '$1'" - show_usage - exit 1 - ;; - esac -'' diff --git a/packages/kwrite.nix b/packages/kwrite.nix deleted file mode 100644 index 14ebce1..0000000 --- a/packages/kwrite.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ pkgs }: - -pkgs.symlinkJoin { - name = "kwrite"; - paths = [ pkgs.kdePackages.kate ]; - postBuild = '' - rm -rf $out/bin/kate \ - $out/bin/.kate-wrapped \ - $out/share/applications/org.kde.kate.desktop \ - $out/share/man \ - $out/share/icons/hicolor/*/apps/kate.png \ - $out/share/icons/hicolor/scalable/apps/kate.svg \ - $out/share/appdata/org.kde.kate.appdata.xml - ''; -} diff --git a/packages/plasticity.nix b/packages/plasticity.nix new file mode 100644 index 0000000..5ffbaeb --- /dev/null +++ b/packages/plasticity.nix @@ -0,0 +1,133 @@ +{ + alsa-lib, + at-spi2-atk, + autoPatchelfHook, + cairo, + cups, + dbus, + desktop-file-utils, + expat, + fetchurl, + gdk-pixbuf, + gtk3, + gvfs, + hicolor-icon-theme, + lib, + libdrm, + libglvnd, + libnotify, + libsForQt5, + libxkbcommon, + mesa, + nspr, + nss, + openssl, + pango, + rpmextract, + stdenv, + systemd, + trash-cli, + vulkan-loader, + wrapGAppsHook3, + xdg-utils, + xorg, +}: +stdenv.mkDerivation rec { + pname = "plasticity"; + version = "24.2.3"; + + src = fetchurl { + url = "https://github.com/nkallen/plasticity/releases/download/v${version}/Plasticity-${version}-1.x86_64.rpm"; + hash = "sha256-iiVh4k5r5PXN1/VJZcropTMu36N2B/ECq2L5e59QxJY="; + }; + + passthru.updateScript = ./update.sh; + + nativeBuildInputs = [ + wrapGAppsHook3 + autoPatchelfHook + rpmextract + mesa + ]; + + buildInputs = [ + alsa-lib + at-spi2-atk + cairo + cups + dbus + desktop-file-utils + expat + gdk-pixbuf + gtk3 + gvfs + hicolor-icon-theme + libdrm + libnotify + libsForQt5.kde-cli-tools + libxkbcommon + nspr + nss + openssl + pango + stdenv.cc.cc.lib + trash-cli + xdg-utils + ]; + + runtimeDependencies = [ + systemd + libglvnd + vulkan-loader # may help with nvidia users + xorg.libX11 + xorg.libxcb + xorg.libXcomposite + xorg.libXdamage + xorg.libXext + xorg.libXfixes + xorg.libXrandr + xorg.libXtst + ]; + + dontUnpack = true; + + # can't find anything on the internet about these files, no clue what they do + autoPatchelfIgnoreMissingDeps = [ + "ACCAMERA.tx" + "AcMPolygonObj15.tx" + "ATEXT.tx" + "ISM.tx" + "RText.tx" + "SCENEOE.tx" + "TD_DbEntities.tx" + "TD_DbIO.tx" + "WipeOut.tx" + ]; + + installPhase = '' + runHook preInstall + + mkdir $out + cd $out + rpmextract $src + mv $out/usr/* $out + rm -r $out/usr + + runHook postInstall + ''; + + #--use-gl=egl for it to use hardware rendering it seems. Otherwise there are terrible framerates + postInstall = '' + substituteInPlace share/applications/Plasticity.desktop \ + --replace-fail 'Exec=Plasticity %U' "Exec=Plasticity --use-gl=egl %U" + ''; + + meta = with lib; { + description = "CAD for artists"; + homepage = "https://www.plasticity.xyz"; + mainProgram = "Plasticity"; + sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; + maintainers = with maintainers; [ imadnyc ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/packages/toggleaudiosink.nix b/packages/toggleaudiosink.nix deleted file mode 100644 index 623346f..0000000 --- a/packages/toggleaudiosink.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ - pkgs ? import { }, -}: - -pkgs.writeShellScriptBin "toggleaudiosink" '' - #!/usr/bin/env bash - - sound_server="pipewire" - - # Grab a count of how many audio sinks we have - sink_count=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -c "Sink #[[:digit:]]") - # Create an array of the actual sink IDs - sinks=() - mapfile -t sinks < <(${pkgs.pulseaudio}/bin/pactl list sinks | grep 'Sink #[[:digit:]]' | sed -n -e 's/.*Sink #\([[:digit:]]\)/\1/p') - # Get the ID of the active sink - active_sink_name=$(${pkgs.pulseaudio}/bin/pactl info | grep 'Default Sink:' | sed -n -e 's/.*Default Sink:[[:space:]]\+\(.*\)/\1/p') - active_sink=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -B 2 "$active_sink_name" | sed -n -e 's/Sink #\([[:digit:]]\)/\1/p' | head -n 1) - - # Get the ID of the last sink in the array - final_sink=''${sinks[$((sink_count - 1))]} - - # Find the index of the active sink - for index in "''${!sinks[@]}"; do - if [[ "''${sinks[$index]}" == "$active_sink" ]]; then - active_sink_index=$index - fi - done - - # Default to the first sink in the list - next_sink=''${sinks[0]} - next_sink_index=0 - - # If we're not at the end of the list, move up the list - if [[ $active_sink -ne $final_sink ]]; then - next_sink_index=$((active_sink_index + 1)) - next_sink=''${sinks[$next_sink_index]} - fi - - # Change the default sink - # Get the name of the next sink - next_sink_name=$(${pkgs.pulseaudio}/bin/pactl list sinks | grep -C 2 "Sink #$next_sink" | sed -n -e 's/.*Name:[[:space:]]\+\(.*\)/\1/p' | head -n 1) - ${pkgs.pulseaudio}/bin/pactl set-default-sink "$next_sink_name" - - # Move all inputs to the new sink - for app in $(${pkgs.pulseaudio}/bin/pactl list sink-inputs | sed -n -e 's/.*Sink Input #\([[:digit:]]\)/\1/p'); do - ${pkgs.pulseaudio}/bin/pactl "move-sink-input $app $next_sink" - done -'' diff --git a/readme.md b/readme.md index a2b815f..f19ab12 100644 --- a/readme.md +++ b/readme.md @@ -1,87 +1,7 @@ -# Nix Configuration +All my personal Nix and NixOS hosts, in a flake. -My personal Nix configuration for multiple NixOS hosts, home-manager users, miscellaneous resources... too many things to list. If I could put my life in a flake I would. - -## Hosts - -### Desktop Systems -- **rotterdam** - Main desktop workstation (x86_64) - - Features: Desktop, AI tools, Bluetooth, Dev environment, Gaming, Virtualization (libvirtd), Podman - - Storage: Ephemeral root with LUKS encryption - -- **io** - Laptop workstation (x86_64) - - Features: Desktop, AI tools, Bluetooth, Dev environment, Podman - - Storage: Ephemeral root with LUKS encryption - -### Servers -- **alexandria** - Home server (x86_64) - - Hosts: Nextcloud, Vaultwarden, Jellyfin, Kanidm - -- **trantor** - Cloud server (aarch64) - - Hosts: Forgejo - - Cloud provider: Oracle Cloud Infrastructure - - Storage: Ephemeral root with btrfs - -## Home Manager Configurations - -- **user@rotterdam** - Full desktop setup with gaming, OBS, and complete development environment -- **user@io** - Lightweight desktop setup - -Both configurations include: -- btop, direnv, helix, starship, tmux -- Stylix theme management -- Fish shell with custom configurations - -## Terranix Configurations - -Infrastructure as code using Terranix (NixOS + Terraform/OpenTofu): - -- **oci-trantor** - Oracle Cloud Infrastructure provisioning for Trantor server -- **cloudflare-baduhaidev** - DNS and CDN configuration for baduhai.dev domain -- **tailscale-tailnet** - Tailscale network ACL and device management - -## Services - -All services are accessible via custom domains under baduhai.dev: - -- **Kanidm** (auth.baduhai.dev) - Identity and access management -- **Vaultwarden** (pass.baduhai.dev) - Password manager -- **Forgejo** (git.baduhai.dev) - Git forge (publicly accessible) -- **Nextcloud** (cloud.baduhai.dev) - File sync and collaboration -- **Jellyfin** (jellyfin.baduhai.dev) - Media server - -Services are accessible via: -- LAN for alexandria-hosted services -- Tailscale VPN for all services -- Public internet for Forgejo only - -## Notable Features - -### Ephemeral Root -Rotterdam, io, and trantor use an ephemeral root filesystem that resets on every boot: -- Root filesystem is automatically rolled back using btrfs snapshots -- Old snapshots retained for 30 days -- Persistent data stored in dedicated subvolumes -- Implements truly stateless systems - -### Custom DNS Architecture -- Unbound DNS servers on both alexandria and trantor -- Service routing based on visibility flags (public/LAN/Tailscale) -- Split-horizon DNS for optimal access paths - -### Security -- LUKS full-disk encryption on desktop systems -- Fail2ban on public-facing servers -- agenix for secrets management -- Tailscale for secure remote access - -### Desktop Environment -- Custom Niri window manager (Wayland compositor) -- Using forked version with auto-centering feature -- Stylix for consistent theming - -### Development Setup -- Nix flakes for reproducible builds -- deploy-rs for automated deployments -- Podman for containerization -- Complete AI tooling integration +|Host|Description|Nixpkgs version| +|:---|:---:|---:| +|alexandria|Personal server/NAS|24.05| +|io|Mobile workstation|unstable| +|rotterdam|Workstation|unstable| diff --git a/secrets/cloudflare.age b/secrets/cloudflare.age index 028e964..a2ea31f 100644 Binary files a/secrets/cloudflare.age and b/secrets/cloudflare.age differ diff --git a/secrets/forgejo-root-password.age b/secrets/forgejo-root-password.age deleted file mode 100644 index 90be612..0000000 Binary files a/secrets/forgejo-root-password.age and /dev/null differ diff --git a/secrets/nextcloud-adminpass.age b/secrets/nextcloud-adminpass.age index b4a29fa..4adb2b1 100644 Binary files a/secrets/nextcloud-adminpass.age and b/secrets/nextcloud-adminpass.age differ diff --git a/secrets/nextcloud-secrets.json.age b/secrets/nextcloud-secrets.json.age index 02d170d..3860d4e 100644 Binary files a/secrets/nextcloud-secrets.json.age and b/secrets/nextcloud-secrets.json.age differ diff --git a/secrets/paperless.age b/secrets/paperless.age new file mode 100644 index 0000000..01199b7 --- /dev/null +++ b/secrets/paperless.age @@ -0,0 +1,13 @@ +age-encryption.org/v1 +-> ssh-ed25519 hi+lKA 3Oayrcg8bbzLNyuFqv8J0W9IJXL9SttFfU9yyysoD2Y +Uoxk9Ns1TwreeCyJ/7Euyqn57DY1spd6j3oZDqL65X0 +-> ssh-ed25519 SP9f6A FInq9erSMD008Le4Va/28fAPXnTLSWioYWsTBlkJg2k +SG9fEh+eLnUHcC36PHZbkD+pQVRX4RLJj1vxMeSKdNk +-> ssh-ed25519 8YSAiw hOqCc9a6K7RAwD1CY7uQ4se4mynx0z4AmoNhxmWJtQg +j+MYuftCyA7RDlzUciTxFyd/Esqzxpcm+ccKu4NNrmU +-> ssh-ed25519 3Chb7w oCX+CYB+fobvBy/5EcUJMxzwkwA+gQOY2tq17Ui68nw +B1feop9p1RDBXCyBCxIMZyd++QM2dnDrU12m6rwz5/4 +-> ssh-ed25519 J6tVTA PXVULNtK26OEKApHzOM2o6odRQNa9KbzjmAh2xgkHk4 +GLSEROgoiNVIVUhSpZWlg6q62GJHXRNsi1t7OwRw5MM +--- ddMx67t9wQFDJUlwFCDPvsUAR/JRUNweS28Erojuw8A +5/d}+cZM{-jo(UY{oa|˨~4xPހ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index a90cd74..6feadc4 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,35 +1,28 @@ let - io-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io"; - io = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCIrKJk5zWzWEHvLMPMK8T3PyeBjsCsqzxPN+OrXfhA root@io"; + io-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcwF1yuWEfYGScNocEbs0AmGxyTIzGc4/IhpU587SJE"; + io-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCIrKJk5zWzWEHvLMPMK8T3PyeBjsCsqzxPN+OrXfhA"; + io = [ + io-user + io-host + ]; - rotterdam-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam"; - rotterdam = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIjXcqQqlu03x2VVTdWOyxtKRszXAKX0AxTkGvF1oeJL root@rotterdam"; + rotterdam-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL"; + rotterdam-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7zAxgU8LNi5/O5XgoOcLKjbNMmO2S7jAuCI9Nr/V4v"; + rotterdam = [ + rotterdam-user + rotterdam-host + ]; - alexandria = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK95QueW+jp1ZmF299Xr3XkgHJ6dL7aZVsfWxqbOKVKA root@alexandria"; + alexandria-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK95QueW+jp1ZmF299Xr3XkgHJ6dL7aZVsfWxqbOKVKA"; + alexandria = [ alexandria-host ]; - trantor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIh/2u5pr/iPVeavlsor5hbTtsgUfP1JpzZVco2YQAo3 root@trantor"; + desktops = io ++ rotterdam; + servers = alexandria; + all-hosts = desktops ++ servers; in - { - "cloudflare.age".publicKeys = [ - io-user - rotterdam-user - alexandria - trantor - ]; - "nextcloud-adminpass.age".publicKeys = [ - io-user - rotterdam-user - alexandria - ]; - "nextcloud-secrets.json.age".publicKeys = [ - io-user - rotterdam-user - alexandria - ]; - "forgejo-root-password.age".publicKeys = [ - io-user - rotterdam-user - trantor - ]; + "nextcloud-secrets.json.age".publicKeys = all-hosts; + "nextcloud-adminpass.age".publicKeys = all-hosts; + "cloudflare.age".publicKeys = all-hosts; + "paperless.age".publicKeys = all-hosts; } diff --git a/shared/services.nix b/shared/services.nix deleted file mode 100644 index 44f9208..0000000 --- a/shared/services.nix +++ /dev/null @@ -1,48 +0,0 @@ -# Shared service definitions for cross-host configuration -# Used by: -# - alexandria: DNS server (LAN) + service hosting (vaultwarden, nextcloud, jellyfin, kanidm) -# - trantor: DNS server (Tailnet) + service hosting (forgejo) -{ - services = [ - { - name = "kanidm"; - domain = "auth.baduhai.dev"; - host = "alexandria"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - port = 8443; - } - { - name = "vaultwarden"; - domain = "pass.baduhai.dev"; - host = "alexandria"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - port = 8222; - } - { - name = "forgejo"; - domain = "git.baduhai.dev"; - host = "trantor"; - public = true; - tailscaleIP = "100.108.5.90"; - port = 3000; - } - { - name = "nextcloud"; - domain = "cloud.baduhai.dev"; - host = "alexandria"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - port = 443; - } - { - name = "jellyfin"; - domain = "jellyfin.baduhai.dev"; - host = "alexandria"; - lanIP = "192.168.15.142"; - tailscaleIP = "100.76.19.50"; - port = 8096; - } - ]; -} diff --git a/terranix/cloudflare/baduhai.dev.nix b/terranix/cloudflare/baduhai.dev.nix deleted file mode 100644 index 1b456f3..0000000 --- a/terranix/cloudflare/baduhai.dev.nix +++ /dev/null @@ -1,86 +0,0 @@ -# Required environment variables: -# CLOUDFLARE_API_TOKEN - API token with "Edit zone DNS" permissions -# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage -# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage - -{ config, lib, ... }: - -let - inherit (import ../../shared/services.nix) services; - - # Helper to extract subdomain from full domain (e.g., "git.baduhai.dev" -> "git") - getSubdomain = domain: lib.head (lib.splitString "." domain); - - # Generate DNS records for services - # Public services point to trantor's public IP - # Private services point to their tailscale IP - mkServiceRecords = lib.listToAttrs ( - lib.imap0 ( - i: svc: - let - subdomain = getSubdomain svc.domain; - targetIP = - if svc.public or false then - config.data.terraform_remote_state.trantor "outputs.instance_public_ip" - else - svc.tailscaleIP; - in - { - name = "service_${toString i}"; - value = { - zone_id = config.variable.zone_id.default; - name = subdomain; - type = "A"; - content = targetIP; - proxied = false; - ttl = 3600; - }; - } - ) services - ); -in - -{ - terraform.required_providers.cloudflare = { - source = "cloudflare/cloudflare"; - version = "~> 5.0"; - }; - - terraform.backend.s3 = { - bucket = "terraform-state"; - key = "cloudflare/baduhai.dev.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - - variable = { - zone_id = { - default = "c63a8332fdddc4a8e5612ddc54557044"; - type = "string"; - }; - }; - - data = { - terraform_remote_state.trantor = { - backend = "s3"; - config = { - bucket = "terraform-state"; - key = "oci/trantor.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - }; - }; - - resource.cloudflare_dns_record = mkServiceRecords; -} diff --git a/terranix/cloudflare/kernelpanic.space.nix b/terranix/cloudflare/kernelpanic.space.nix deleted file mode 100644 index e69de29..0000000 diff --git a/terranix/oci/terminus.nix b/terranix/oci/terminus.nix deleted file mode 100644 index e69de29..0000000 diff --git a/terranix/oci/trantor.nix b/terranix/oci/trantor.nix deleted file mode 100644 index 170ad04..0000000 --- a/terranix/oci/trantor.nix +++ /dev/null @@ -1,258 +0,0 @@ -# Required environment variables: -# instead of OCI variables, ~/.oci/config may also be used -# OCI_TENANCY_OCID - Oracle tenancy OCID (or use TF_VAR_* to override variables) -# OCI_USER_OCID - Oracle user OCID -# OCI_FINGERPRINT - API key fingerprint -# OCI_PRIVATE_KEY_PATH - Path to OCI API private key -# AWS variables are required -# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage -# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage - -{ config, ... }: - -{ - terraform.required_providers.oci = { - source = "oracle/oci"; - version = "~> 7.0"; - }; - - provider.oci.region = "sa-saopaulo-1"; - - terraform.backend.s3 = { - bucket = "terraform-state"; - key = "oci/trantor.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - - variable = { - tenancy_ocid = { - default = "ocid1.tenancy.oc1..aaaaaaaap3vfdz4piygqza6e6zqunbcuso43ddqfo3ydmpmnomidyghh7rvq"; - type = "string"; - }; - - compartment_name = { - default = "trantor"; - type = "string"; - }; - - vcn_cidr = { - default = "10.0.0.0/24"; - type = "string"; - }; - - instance_name = { - default = "trantor"; - type = "string"; - }; - - ssh_public_keys = { - default = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQPkAyy+Du9Omc2WtnUF2TV8jFAF4H6mJi2D4IZ1nzg user@himalia" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3Y0PVpGfJHonqDS7qoCFhqzUvqGq9I9sax+F9e/5cs user@io" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1v3+q3EaruiiStWjubEJWvtejam/r41uoOpCdwJtLL user@rotterdam" - ]; - type = "list(string)"; - }; - }; - - data = { - oci_identity_availability_domains.ads = { - compartment_id = config.variable.tenancy_ocid.default; - }; - - oci_core_images.ubuntu_arm = { - compartment_id = config.variable.tenancy_ocid.default; - operating_system = "Canonical Ubuntu"; - operating_system_version = "24.04"; - shape = "VM.Standard.A1.Flex"; - sort_by = "TIMECREATED"; - sort_order = "DESC"; - }; - }; - - resource = { - oci_identity_compartment.trantor = { - compartment_id = config.variable.tenancy_ocid.default; - description = "trantor infrastructure compartment"; - name = config.variable.compartment_name.default; - }; - - oci_core_vcn.vcn = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - cidr_blocks = [ config.variable.vcn_cidr.default ]; - display_name = "trantor-vcn"; - dns_label = "trantor"; - }; - - oci_core_internet_gateway.ig = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - vcn_id = config.resource.oci_core_vcn.vcn "id"; - display_name = "trantor-ig"; - enabled = true; - }; - - oci_core_route_table.rt = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - vcn_id = config.resource.oci_core_vcn.vcn "id"; - display_name = "trantor-rt"; - - route_rules = [ - { - network_entity_id = config.resource.oci_core_internet_gateway.ig "id"; - destination = "0.0.0.0/0"; - destination_type = "CIDR_BLOCK"; - } - ]; - }; - - oci_core_security_list.sl = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - vcn_id = config.resource.oci_core_vcn.vcn "id"; - display_name = "trantor-sl"; - - egress_security_rules = [ - { - destination = "0.0.0.0/0"; - protocol = "all"; - stateless = false; - } - ]; - - ingress_security_rules = [ - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 22; - max = 22; - }; - } - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 80; - max = 80; - }; - } - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 443; - max = 443; - }; - } - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 25565; - max = 25565; - }; - } - { - protocol = "6"; # TCP - source = "0.0.0.0/0"; - stateless = false; - tcp_options = { - min = 19132; - max = 19133; - }; - } - { - protocol = "17"; # UDP - source = "0.0.0.0/0"; - stateless = false; - udp_options = { - min = 19132; - max = 19133; - }; - } - ]; - }; - - oci_core_subnet.subnet = { - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - vcn_id = config.resource.oci_core_vcn.vcn "id"; - cidr_block = config.variable.vcn_cidr.default; - display_name = "trantor-subnet"; - dns_label = "subnet"; - route_table_id = config.resource.oci_core_route_table.rt "id"; - security_list_ids = [ (config.resource.oci_core_security_list.sl "id") ]; - prohibit_public_ip_on_vnic = false; - }; - - oci_core_instance.trantor = { - availability_domain = config.data.oci_identity_availability_domains.ads "availability_domains[0].name"; - compartment_id = config.resource.oci_identity_compartment.trantor "id"; - display_name = config.variable.instance_name.default; - shape = "VM.Standard.A1.Flex"; - - shape_config = { - ocpus = 2; - memory_in_gbs = 12; - }; - - source_details = { - source_type = "image"; - source_id = config.data.oci_core_images.ubuntu_arm "images[0].id"; - boot_volume_size_in_gbs = 100; - }; - - create_vnic_details = { - subnet_id = config.resource.oci_core_subnet.subnet "id"; - display_name = "trantor-vnic"; - assign_public_ip = true; - hostname_label = config.variable.instance_name.default; - }; - - metadata = { - ssh_authorized_keys = builtins.concatStringsSep "\n" config.variable.ssh_public_keys.default; - }; - - preserve_boot_volume = false; - }; - - oci_budget_budget.trantor_budget = { - compartment_id = config.variable.tenancy_ocid.default; - targets = [ (config.resource.oci_identity_compartment.trantor "id") ]; - amount = 1; - reset_period = "MONTHLY"; - display_name = "trantor-budget"; - description = "Monthly budget for trantor compartment"; - target_type = "COMPARTMENT"; - }; - - oci_budget_alert_rule.daily_spend_alert = { - budget_id = config.resource.oci_budget_budget.trantor_budget "id"; - type = "ACTUAL"; - threshold = 5; - threshold_type = "PERCENTAGE"; - display_name = "daily-spend-alert"; - recipients = "baduhai@proton.me"; - description = "Alert when daily spending exceeds $0.05"; - message = "Daily spending has exceeded $0.05 in the trantor compartment"; - }; - }; - - output = { - compartment_id = { - value = config.resource.oci_identity_compartment.trantor "id"; - }; - - instance_public_ip = { - value = config.resource.oci_core_instance.trantor "public_ip"; - }; - }; -} diff --git a/terranix/tailscale/tailnet.nix b/terranix/tailscale/tailnet.nix deleted file mode 100644 index 929e79b..0000000 --- a/terranix/tailscale/tailnet.nix +++ /dev/null @@ -1,43 +0,0 @@ -# Required environment variables: -# TAILSCALE_API_KEY - Tailscale API key with appropriate permissions -# TAILSCALE_TAILNET - Your tailnet name (e.g., "user@example.com" or "example.org.github") -# AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage -# AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage - -{ config, ... }: - -{ - terraform.required_providers.tailscale = { - source = "tailscale/tailscale"; - version = "~> 0.17"; - }; - - terraform.backend.s3 = { - bucket = "terraform-state"; - key = "tailscale/tailnet.tfstate"; - region = "auto"; - endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com"; - skip_credentials_validation = true; - skip_metadata_api_check = true; - skip_region_validation = true; - skip_requesting_account_id = true; - use_path_style = true; - }; - - variable = { - trantor_tailscale_ip = { - default = "100.108.5.90"; - type = "string"; - }; - }; - - resource = { - tailscale_dns_nameservers.global = { - nameservers = [ - config.variable.trantor_tailscale_ip.default - "1.1.1.1" - "1.0.0.1" - ]; - }; - }; -} diff --git a/terranixConfigurations.nix b/terranixConfigurations.nix deleted file mode 100644 index 12c90d1..0000000 --- a/terranixConfigurations.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ - inputs.terranix.flakeModule - ]; - - perSystem = - { pkgs, ... }: - - { - terranix.terranixConfigurations = { - oci-trantor = { - modules = [ ./terranix/oci/trantor.nix ]; - terraformWrapper.package = pkgs.opentofu; - }; - cloudflare-baduhaidev = { - modules = [ ./terranix/cloudflare/baduhai.dev.nix ]; - terraformWrapper.package = pkgs.opentofu; - }; - tailscale-tailnet = { - modules = [ ./terranix/tailscale/tailnet.nix ]; - terraformWrapper.package = pkgs.opentofu; - }; - }; - }; -} diff --git a/users/common/default.nix b/users/common/default.nix new file mode 100644 index 0000000..a6eeaf4 --- /dev/null +++ b/users/common/default.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + imports = [ + ./home.nix + ./programs.nix + ]; +} diff --git a/users/common/home.nix b/users/common/home.nix new file mode 100644 index 0000000..5bafc2f --- /dev/null +++ b/users/common/home.nix @@ -0,0 +1,13 @@ +{ pkgs, ... }: + +{ + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + sessionVariables = { + EDITOR = "hx"; + }; + packages = with pkgs; [ nix-your-shell ]; + }; +} diff --git a/users/common/programs.nix b/users/common/programs.nix new file mode 100644 index 0000000..1dc9390 --- /dev/null +++ b/users/common/programs.nix @@ -0,0 +1,156 @@ +{ pkgs, ... }: + +{ + programs = { + password-store.enable = true; + + bash = { + enable = true; + historyFile = "~/.cache/bash_history"; + }; + + helix = { + enable = true; + settings = { + editor = { + file-picker.hidden = false; + idle-timeout = 0; + line-number = "relative"; + cursor-shape = { + normal = "block"; + insert = "bar"; + select = "underline"; + }; + soft-wrap.enable = true; + auto-format = true; + indent-guides.render = true; + }; + keys.normal.space = { + space = "file_picker"; + w = ":w"; + q = ":q"; + esc = [ + "collapse_selection" + "keep_primary_selection" + ]; + }; + }; + languages = { + language = [ + { + name = "nix"; + auto-format = true; + formatter.command = "nixfmt"; + } + { + name = "typst"; + auto-format = true; + formatter.command = "typstyle -c 1000 -i"; + } + ]; + }; + }; + + direnv = { + enable = true; + nix-direnv.enable = true; + }; + + tmux = { + enable = true; + clock24 = true; + terminal = "xterm-256color"; + mouse = true; + keyMode = "vi"; + }; + + starship = { + enable = true; + enableBashIntegration = true; + enableFishIntegration = true; + settings = { + add_newline = false; + format = '' + $directory$git_branch$git_status$nix_shell + [ ❯ ](bold green) + ''; + right_format = "$cmd_duration$character"; + character = { + error_symbol = "[](red)"; + success_symbol = "[󱐋](green)"; + }; + cmd_duration = { + format = "[󰄉 $duration ]($style)"; + style = "yellow"; + min_time = 500; + }; + git_branch = { + symbol = " "; + style = "purple"; + }; + git_status.style = "red"; + nix_shell = { + format = "via [$symbol$state]($style)"; + heuristic = true; + style = "blue"; + symbol = "󱄅 "; + }; + }; + }; + + git = { + enable = true; + diff-so-fancy.enable = true; + userName = "William"; + userEmail = "baduhai@proton.me"; + }; + + btop = { + enable = true; + settings = { + theme_background = false; + proc_sorting = "cpu direct"; + update_ms = 500; + }; + }; + + fish = { + enable = true; + interactiveShellInit = "nix-your-shell fish | source"; + loginShellInit = "nix-your-shell fish | source"; + functions = { + fish_greeting = ""; + tsh = "ssh -o RequestTTY=yes $argv tmux -u -CC new -A -s tmux-main"; + }; + plugins = [ + { + name = "bang-bang"; + src = pkgs.fetchFromGitHub { + owner = "oh-my-fish"; + repo = "plugin-bang-bang"; + rev = "f969c618301163273d0a03d002614d9a81952c1e"; + sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; + }; + } + { + name = "z"; + src = pkgs.fetchFromGitHub { + owner = "jethrokuan"; + repo = "z"; + rev = "85f863f20f24faf675827fb00f3a4e15c7838d76"; + sha256 = "sha256-+FUBM7CodtZrYKqU542fQD+ZDGrd2438trKM0tIESs0="; + }; + } + { + name = "sponge"; + src = pkgs.fetchFromGitHub { + owner = "meaningful-ooo"; + repo = "sponge"; + rev = "384299545104d5256648cee9d8b117aaa9a6d7be"; + sha256 = "sha256-MdcZUDRtNJdiyo2l9o5ma7nAX84xEJbGFhAVhK+Zm1w="; + }; + } + ]; + }; + }; +} diff --git a/users/desktops/common/default.nix b/users/desktops/common/default.nix new file mode 100644 index 0000000..eb72910 --- /dev/null +++ b/users/desktops/common/default.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + imports = [ + ./programs.nix + ./hyprland.nix + ]; +} diff --git a/users/desktops/common/hyprland.nix b/users/desktops/common/hyprland.nix new file mode 100644 index 0000000..49bcd56 --- /dev/null +++ b/users/desktops/common/hyprland.nix @@ -0,0 +1,294 @@ +{ lib, pkgs, ... }: + +let + heightfittr = pkgs.writeShellApplication { + name = "heightfittr"; + runtimeInputs = with pkgs; [ + socat + hyprland + ]; + text = '' + function handle { + case "$1" in + *openwindow*) + hyprctl dispatch scroller:fitheight all > /dev/null + ;; + *closewindow*) + hyprctl dispatch scroller:fitheight all > /dev/null + ;; + esac + } + socat - "UNIX-CONNECT:$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/.socket2.sock" | while read -r line; do + handle "$line" + done + ''; + }; + + scrollermodetoggle = pkgs.writeShellApplication { + name = "scrollermodetoggle"; + runtimeInputs = with pkgs; [ hyprland ]; + text = '' + if [ -f "$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/colmode" ]; then + rm "$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/colmode" + hyprctl --batch 'dispatch scroller:setmode row; notify 2 1000 0 "Row Mode"' + else + touch "$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/colmode" + hyprctl --batch 'dispatch scroller:setmode col; notify 2 1000 0 "Column Mode"' + fi + ''; + }; +in + +{ + wayland.windowManager.hyprland = { + enable = true; + plugins = with pkgs.hyprlandPlugins; [ hyprscroller ]; + extraConfig = '' + ################ + ### MONITORS ### + ################ + monitor=,preferred,auto,auto + + ################# + ### AUTOSTART ### + ################# + exec-once = ulauncher --hide-window + exec-once = ${lib.getExe heightfittr} + env = XCURSOR_SIZE,24 + env = HYPRCURSOR_SIZE,24 + + ##################### + ### LOOK AND FEEL ### + ##################### + general { + gaps_in = 5 + gaps_out = 20 + border_size = 2 + resize_on_border = true + allow_tearing = false + layout = scroller + } + misc { + font_family = Inter + } + plugin { + scroller { + column_default_width = onethird + focuswrap = false + column_widths = onethird onehalf twothirds + center_row_if_space_available = true + } + } + decoration { + rounding = 10 + rounding_power = 2 + dim_inactive = true + dim_strength = 0.3 + shadow { + enabled = true + range = 4 + render_power = 3 + } + blur { + enabled = true + size = 8 + passes = 1 + vibrancy = 0.1696 + } + } + animations { + enabled = yes, please :) + bezier = easeOutQuint,0.23,1,0.32,1 + bezier = easeInOutCubic,0.65,0.05,0.36,1 + bezier = linear,0,0,1,1 + bezier = almostLinear,0.5,0.5,0.75,1.0 + bezier = quick,0.15,0,0.1,1 + animation = global, 1, 1, default + animation = border, 1, 1, easeOutQuint + animation = windows, 1, 1, easeOutQuint + animation = windowsIn, 1, 1, easeOutQuint, popin 87% + animation = windowsOut, 1, 1, linear, popin 87% + animation = fadeIn, 1, 1, almostLinear + animation = fadeOut, 1, 1, almostLinear + animation = fade, 1, 1, quick + animation = layers, 1, 1, easeOutQuint + animation = layersIn, 1, 1, easeOutQuint, fade + animation = layersOut, 1, 1, linear, fade + animation = fadeLayersIn, 1, 1, almostLinear + animation = fadeLayersOut, 1, 1, almostLinear + animation = workspaces, 1, 1, almostLinear, slidevert + } + misc { + force_default_wallpaper = 0 + disable_hyprland_logo = true + } + + ############# + ### INPUT ### + ############# + input { + kb_layout = us + kb_variant = altgr-intl + follow_mouse = 1 + sensitivity = 0 + accel_profile = flat + natural_scroll = true + touchpad { + natural_scroll = true + clickfinger_behavior = true + } + } + + ################### + ### KEYBINDINGS ### + ################### + $mainMod = SUPER + $terminal = ghostty + $menu = ulauncher-toggle + # APP SHORTCUTS + bind = ALT, SPACE, exec, $menu + bind = $mainMod, RETURN, exec, $terminal + # SESSION MANAGEMENT + bind = CTRL ALT, DELETE, exit, + bind = $mainMod, mouse_up, exec, hyprnome + bind = $mainMod, mouse_down, exec, hyprnome --previous + bind = CTRL ALT, j, exec, hyprnome + bind = CTRL ALT, k, exec, hyprnome --previous + bind = $mainMod CTRL ALT, j, exec, hyprnome --move + bind = $mainMod CTRL ALT, k, exec, hyprnome --move --previous + bindel = ,XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+ + bindel = ,XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%- + bindel = ,XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle + bindel = ,XF86AudioMicMute, exec, wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle + bindel = ,XF86MonBrightnessUp, exec, brightnessctl s 10%+ + bindel = ,XF86MonBrightnessDown, exec, brightnessctl s 10%- + bindl = , XF86AudioNext, exec, playerctl next + bindl = , XF86AudioPause, exec, playerctl play-pause + bindl = , XF86AudioPlay, exec, playerctl play-pause + bindl = , XF86AudioPrev, exec, playerctl previous + bind = CTRL ALT SHIFT, a, exec, bash /home/user/.local/bin/toggle-audio-output.sh + # WINDOW MANAGEMENT + bind = ALT, F4, killactive, + bind = $mainMod, space, togglefloating, + bind = $mainMod, f, fullscreen + bindm = $mainMod, mouse:272, movewindow + bindm = $mainMod, mouse:273, resizewindow + bind = SUPER, h, movefocus, l + bind = SUPER, l, movefocus, r + bind = SUPER, k, movefocus, u + bind = SUPER, j, movefocus, d + bind = $mainMod CTRL, h, movewindow, l + bind = $mainMod CTRL, l, movewindow, r + bind = $mainMod CTRL, k, movewindow, u + bind = $mainMod CTRL, j, movewindow, d + bind = $mainMod, v, exec, ${lib.getExe scrollermodetoggle} + bind = $mainMod, r, scroller:cyclewidth, next + bind = $mainMod CTRL, r, scroller:cyclewidth, prev + bind = $mainMod, p, scroller:pin, + bind = $mainMod, c, scroller:alignwindow, center + bind = $mainMod CTRL, f, scroller:fitsize, all + + #################### + ### WINDOW RULES ### + #################### + windowrulev2 = suppressevent maximize, class:.* + windowrulev2 = nofocus,class:^$,title:^$,xwayland:1,floating:1,fullscreen:0,pinned:0 + # ulauncher + windowrule = float, ulauncher + windowrule = pin, ulauncher + windowrule = noborder, ulauncher + windowrule = noshadow, ulauncher + windowrule = nomaxsize, ulauncher + windowrule = noblur, ulauncher + windowrulev2 = animation slide top, class:^(ulauncher)$ + # firefox + windowrulev2 = plugin:scroller:columnwidth onehalf, class:(firefox) + ''; + }; + + services = { + tritanium-shell = { + enable = true; + integrations.hyprland.enable = true; + settings = { + vertical = true; + animations.activeWorkspace = "smooth"; + minWorkspaces = 1; + lockCommand = "hyprlock"; + bar.modules.workspacesIndicator.reverseScrollDirection = true; + }; + }; + swaync = { + enable = true; + settings = { + positionX = "left"; + positionY = "top"; + layer = "overlay"; + control-center-layer = "top"; + layer-shell = true; + cssPriority = "application"; + control-center-margin-top = 20; + control-center-margin-bottom = 20; + control-center-margin-right = 20; + control-center-margin-left = 20; + notification-2fa-action = true; + notification-inline-replies = false; + notification-icon-size = 64; + notification-body-image-height = 100; + notification-body-image-width = 200; + timeout = 10; + timeout-low = 5; + timeout-critical = 0; + fit-to-screen = true; + relative-timestamps = true; + control-center-width = 500; + control-center-height = 600; + notification-window-width = 500; + keyboard-shortcuts = true; + image-visibility = "when-available"; + transition-time = 200; + hide-on-clear = false; + hide-on-action = true; + script-fail-notify = true; + widgets = [ + "inhibitors" + "title" + "dnd" + "notifications" + "mpris" + ]; + widget-config = { + inhibitors = { + text = "Inhibitors"; + button-text = "Clear All"; + clear-all-button = true; + }; + title = { + text = "Notifications"; + clear-all-button = true; + button-text = "Clear All"; + }; + dnd = { + text = "Do Not Disturb"; + }; + mpris = { + image-size = 96; + image-radius = 12; + }; + }; + }; + }; + }; + + programs = { + hyprlock.enable = true; + }; + + home.packages = with pkgs; [ + brightnessctl + hyprnome + playerctl + swaynotificationcenter + ulauncher + ]; +} diff --git a/users/desktops/common/programs.nix b/users/desktops/common/programs.nix new file mode 100644 index 0000000..f1e4665 --- /dev/null +++ b/users/desktops/common/programs.nix @@ -0,0 +1,28 @@ +{ pkgs, ... }: + +{ + fonts.fontconfig.enable = true; + + programs = { + password-store.package = pkgs.pass-wayland; + + mangohud.enable = true; + + obs-studio = { + enable = true; + plugins = [ + pkgs.obs-studio-plugins.obs-vkcapture + pkgs.obs-studio-plugins.obs-backgroundremoval + pkgs.obs-studio-plugins.obs-pipewire-audio-capture + ]; + }; + + fish = { + functions = { + sysrebuild = "nh os switch --ask"; + sysrebuild-boot = "nh os boot --ask"; + sysupdate = "nix flake update --commit-lock-file --flake /home/user/Projects/personal/nix-config"; + }; + }; + }; +} diff --git a/users/desktops/user.nix b/users/desktops/user.nix new file mode 100644 index 0000000..80e1f3a --- /dev/null +++ b/users/desktops/user.nix @@ -0,0 +1,10 @@ +{ ... }: + +{ + imports = [ + # Host-common imports + ../common + # Desktop-common imports + ./common + ]; +} diff --git a/users/modules/btop.nix b/users/modules/btop.nix deleted file mode 100644 index c19c4bb..0000000 --- a/users/modules/btop.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ pkgs, ... }: - -{ - programs.btop = { - enable = true; - settings = { - theme_background = false; - proc_sorting = "cpu direct"; - update_ms = 500; - }; - }; -} \ No newline at end of file diff --git a/users/modules/comma.nix b/users/modules/comma.nix deleted file mode 100644 index 0aad530..0000000 --- a/users/modules/comma.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ inputs, ... }: - -{ - imports = [ inputs.nix-index-database.homeModules.nix-index ]; - - programs.nix-index-database.comma.enable = true; -} diff --git a/users/modules/common/bash.nix b/users/modules/common/bash.nix deleted file mode 100644 index a5a0823..0000000 --- a/users/modules/common/bash.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: - -{ - programs.bash = { - enable = true; - historyFile = "~/.cache/bash_history"; - }; -} \ No newline at end of file diff --git a/users/modules/common/fish.nix b/users/modules/common/fish.nix deleted file mode 100644 index c753297..0000000 --- a/users/modules/common/fish.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ pkgs, lib, ... }: - -{ - programs.fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - ${lib.getExe pkgs.nix-your-shell} fish | source - ''; - loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; - plugins = [ - { - name = "bang-bang"; - src = pkgs.fetchFromGitHub { - owner = "oh-my-fish"; - repo = "plugin-bang-bang"; - rev = "f969c618301163273d0a03d002614d9a81952c1e"; - sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; - }; - } - { - name = "z"; - src = pkgs.fetchFromGitHub { - owner = "jethrokuan"; - repo = "z"; - rev = "067e867debee59aee231e789fc4631f80fa5788e"; - sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU="; - }; - } - ]; - }; -} diff --git a/users/modules/common/hm-cli.nix b/users/modules/common/hm-cli.nix deleted file mode 100644 index d2ed715..0000000 --- a/users/modules/common/hm-cli.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, ... }: - -{ - home = { - packages = with pkgs; [ hm-cli ]; - sessionVariables = { - HM_PATH = "/etc/nixos"; - }; - }; -} diff --git a/users/modules/desktop/desktop.nix b/users/modules/desktop/desktop.nix deleted file mode 100644 index 6940e1f..0000000 --- a/users/modules/desktop/desktop.nix +++ /dev/null @@ -1,132 +0,0 @@ -{ - inputs, - pkgs, - ... -}: - -{ - imports = [ inputs.vicinae.homeManagerModules.default ]; - - fonts.fontconfig.enable = true; - - home.packages = with pkgs; [ xwayland-satellite ]; - - services.vicinae = { - enable = true; - autoStart = true; - }; - - programs = { - - ghostty = { - enable = true; - settings = { - cursor-style = "block"; - shell-integration-features = "no-cursor"; - cursor-style-blink = false; - custom-shader = "${builtins.fetchurl { - url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; - sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; - }}"; - bell-features = ""; - gtk-titlebar-style = "tabs"; - keybind = [ "shift+enter=text:\\x1b\\r" ]; - }; - }; - - password-store = { - enable = true; - package = pkgs.pass-wayland; - }; - }; - - xdg = { - enable = true; - userDirs.enable = true; - mimeApps = { - enable = true; - defaultApplications = { - "text/html" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/http" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/https" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/about" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "x-scheme-handler/unknown" = [ - "re.sonny.Junction.desktop" - "zen-browser.desktop" - "torbrowser.desktop" - ]; - "image/jpeg" = "org.gnome.Loupe.desktop"; - "image/png" = "org.gnome.Loupe.desktop"; - "image/gif" = "org.gnome.Loupe.desktop"; - "image/webp" = "org.gnome.Loupe.desktop"; - "image/bmp" = "org.gnome.Loupe.desktop"; - "image/svg+xml" = "org.gnome.Loupe.desktop"; - "image/tiff" = "org.gnome.Loupe.desktop"; - "video/mp4" = "io.bassi.Showtime.desktop"; - "video/x-matroska" = "io.bassi.Showtime.desktop"; - "video/webm" = "io.bassi.Showtime.desktop"; - "video/mpeg" = "io.bassi.Showtime.desktop"; - "video/x-msvideo" = "io.bassi.Showtime.desktop"; - "video/quicktime" = "io.bassi.Showtime.desktop"; - "video/x-flv" = "io.bassi.Showtime.desktop"; - "audio/mpeg" = "io.bassi.Showtime.desktop"; - "audio/flac" = "io.bassi.Showtime.desktop"; - "audio/ogg" = "io.bassi.Showtime.desktop"; - "audio/wav" = "io.bassi.Showtime.desktop"; - "audio/mp4" = "io.bassi.Showtime.desktop"; - "audio/x-opus+ogg" = "io.bassi.Showtime.desktop"; - "application/pdf" = [ - "org.gnome.Papers.desktop" - "zen-browser.desktop" - ]; - "text/plain" = "Helix.desktop"; - "text/markdown" = "Helix.desktop"; - "text/x-log" = "Helix.desktop"; - "application/x-shellscript" = "Helix.desktop"; - "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = - "onlyoffice-desktopeditors.desktop"; # DOCX - "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = - "onlyoffice-desktopeditors.desktop"; # XLSX - "application/vnd.openxmlformats-officedocument.presentationml.presentation" = - "onlyoffice-desktopeditors.desktop"; # PPTX - "application/vnd.oasis.opendocument.text" = "onlyoffice-desktopeditors.desktop"; # ODT - "application/vnd.oasis.opendocument.spreadsheet" = "onlyoffice-desktopeditors.desktop"; # ODS - "application/vnd.oasis.opendocument.presentation" = "onlyoffice-desktopeditors.desktop"; # ODP - "application/msword" = "onlyoffice-desktopeditors.desktop"; # DOC - "application/vnd.ms-excel" = "onlyoffice-desktopeditors.desktop"; # XLS - "application/vnd.ms-powerpoint" = "onlyoffice-desktopeditors.desktop"; # PPT - "application/zip" = "org.gnome.FileRoller.desktop"; - "application/x-tar" = "org.gnome.FileRoller.desktop"; - "application/x-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-bzip-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-xz-compressed-tar" = "org.gnome.FileRoller.desktop"; - "application/x-7z-compressed" = "org.gnome.FileRoller.desktop"; - "application/x-rar" = "org.gnome.FileRoller.desktop"; - "application/gzip" = "org.gnome.FileRoller.desktop"; - "application/x-bzip" = "org.gnome.FileRoller.desktop"; - "inode/directory" = "org.gnome.Nautilus.desktop"; - }; - }; - }; - - # Set Ghostty as default terminal - home.sessionVariables = { - TERMINAL = "ghostty"; - }; -} diff --git a/users/modules/desktop/niri.nix b/users/modules/desktop/niri.nix deleted file mode 100644 index 0cb5db8..0000000 --- a/users/modules/desktop/niri.nix +++ /dev/null @@ -1,229 +0,0 @@ -{ - inputs, - lib, - pkgs, - hostname ? null, - ... -}: - -let - isRotterdam = hostname == "rotterdam"; -in - -{ - imports = [ inputs.noctalia.homeModules.default ]; - - services.kanshi = { - enable = true; - settings = [ - { - profile.name = "default"; - profile.outputs = [ - { - criteria = "*"; - scale = 1.0; - } - ]; - } - ]; - }; - - home = { - packages = with pkgs; [ - xwayland-satellite - inputs.noctalia.packages.${pkgs.system}.default - ]; - sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; - }; - - xdg.configFile."niri/config.kdl".text = '' - input { - keyboard { - xkb { - layout "us" - variant "altgr-intl" - } - } - touchpad { - tap - dwt - drag true - drag-lock - natural-scroll - accel-speed 0.2 - accel-profile "flat" - scroll-method "two-finger" - middle-emulation - } - mouse { - natural-scroll - accel-speed 0.2 - accel-profile "flat" - } - warp-mouse-to-focus mode="center-xy" - focus-follows-mouse - } - - layout { - gaps 8 - center-focused-column "never" - auto-center-when-space-available - preset-column-widths { - ${ - if isRotterdam then - '' - proportion 0.33333 - proportion 0.5 - proportion 0.66667 - '' - else - '' - proportion 0.5 - proportion 1.0 - '' - } - } - default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } - focus-ring { - off - } - border { - width 4 - active-color "#ffc87f" - inactive-color "#505050" - urgent-color "#9b0000" - } - tab-indicator { - width 4 - gap 4 - place-within-column - } - } - - overview { - zoom 0.65 - } - - spawn-at-startup "noctalia-shell" "-d" - layer-rule { - match namespace="^wallpaper$" - place-within-backdrop true - } - layer-rule { - match namespace="^quickshell-overview$" - place-within-backdrop true - } - - hotkey-overlay { - skip-at-startup - } - - prefer-no-csd - screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" - - animations { - slowdown 0.3 - } - - window-rule { - match app-id="zen" - default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; } - } - - window-rule { - geometry-corner-radius 12 - clip-to-geometry true - } - - config-notification { - disable-failed - } - - binds { - Alt+Space repeat=false { spawn "vicinae" "toggle"; } - XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; } - XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; } - XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; } - XF86MonBrightnessUp allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "increase"; } - XF86MonBrightnessDown allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "decrease"; } - XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; } - XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } - XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } - XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } - Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; } - Mod+Shift+L repeat=false { spawn "noctalia-shell" "ipc" "call" "lockScreen" "lock"; } - Mod+Return { spawn "ghostty"; } - Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } - Mod+W repeat=false { toggle-overview; } - Mod+Q { close-window; } - Alt+Shift+Q { close-window;} - Mod+Shift+Q { close-window; } - Alt+F4 { close-window; } - Mod+Left { focus-column-left; } - Mod+Down { focus-window-or-workspace-down; } - Mod+Up { focus-window-or-workspace-up; } - Mod+Right { focus-column-right; } - Mod+H { focus-column-left; } - Mod+L { focus-column-right; } - Mod+J { focus-window-or-workspace-down; } - Mod+K { focus-window-or-workspace-up; } - Mod+Ctrl+Left { move-column-left; } - Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } - Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } - Mod+Ctrl+Right { move-column-right; } - Mod+Ctrl+H { move-column-left; } - Mod+Ctrl+J { move-window-down-or-to-workspace-down; } - Mod+Ctrl+K { move-window-up-or-to-workspace-up; } - Mod+Ctrl+L { move-column-right; } - Mod+Home { focus-column-first; } - Mod+End { focus-column-last; } - Mod+Ctrl+Home { move-column-to-first; } - Mod+Ctrl+End { move-column-to-last; } - Mod+Alt+Left { focus-monitor-left; } - Mod+Alt+Down { focus-monitor-down; } - Mod+Alt+Up { focus-monitor-up; } - Mod+Alt+Right { focus-monitor-right; } - Mod+Alt+H { focus-monitor-left; } - Mod+Alt+J { focus-monitor-down; } - Mod+Alt+K { focus-monitor-up; } - Mod+Alt+L { focus-monitor-right; } - Mod+Alt+Ctrl+Left { move-column-to-monitor-left; } - Mod+Alt+Ctrl+Down { move-column-to-monitor-down; } - Mod+Alt+Ctrl+Up { move-column-to-monitor-up; } - Mod+Alt+Ctrl+Right { move-column-to-monitor-right; } - Mod+Alt+Ctrl+H { move-column-to-monitor-left; } - Mod+Alt+Ctrl+J { move-column-to-monitor-down; } - Mod+Alt+Ctrl+K { move-column-to-monitor-up; } - Mod+Alt+Ctrl+L { move-column-to-monitor-right; } - Mod+Ctrl+U { move-workspace-down; } - Mod+Ctrl+I { move-workspace-up; } - Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; } - Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; } - Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; } - Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; } - Mod+Shift+WheelScrollDown { focus-column-right; } - Mod+Shift+WheelScrollUp { focus-column-left; } - Mod+Ctrl+Shift+WheelScrollDown { move-column-right; } - Mod+Ctrl+Shift+WheelScrollUp { move-column-left; } - Mod+BracketLeft { consume-or-expel-window-left; } - Mod+BracketRight { consume-or-expel-window-right; } - Mod+Comma { consume-window-into-column; } - Mod+Period { expel-window-from-column; } - Mod+R { switch-preset-column-width; } - Mod+F { maximize-column; } - Mod+Ctrl+F { fullscreen-window; } - Mod+C { center-visible-columns; } - Mod+Ctrl+C { center-column; } - Mod+Space { toggle-window-floating; } - Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; } - Mod+T { toggle-column-tabbed-display; } - Print { screenshot-screen; } - Mod+Print { screenshot; } - Ctrl+Print { screenshot-window; } - Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } - Mod+Alt+E { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } - Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } - Mod+Ctrl+P { power-off-monitors; } - } - ''; -} diff --git a/users/modules/direnv.nix b/users/modules/direnv.nix deleted file mode 100644 index c91d0af..0000000 --- a/users/modules/direnv.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: - -{ - programs.direnv = { - enable = true; - nix-direnv.enable = true; - }; -} \ No newline at end of file diff --git a/users/modules/gaming.nix b/users/modules/gaming.nix deleted file mode 100644 index df33b11..0000000 --- a/users/modules/gaming.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ... }: - -{ - programs.mangohud.enable = true; -} diff --git a/users/modules/helix.nix b/users/modules/helix.nix deleted file mode 100644 index a72ead3..0000000 --- a/users/modules/helix.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ pkgs, ... }: - -{ - home.sessionVariables = { - EDITOR = "hx"; - }; - - programs.helix = { - enable = true; - settings = { - editor = { - file-picker.hidden = false; - idle-timeout = 0; - line-number = "relative"; - cursor-shape = { - normal = "underline"; - insert = "bar"; - select = "underline"; - }; - soft-wrap.enable = true; - auto-format = true; - indent-guides.render = true; - }; - keys.normal = { - space = { - o = "file_picker_in_current_buffer_directory"; - esc = [ - "collapse_selection" - "keep_primary_selection" - ]; - }; - }; - }; - languages = { - language = [ - { - name = "nix"; - auto-format = true; - formatter.command = "nixfmt"; - } - { - name = "typst"; - auto-format = true; - formatter.command = "typstyle -c 1000 -i"; - } - ]; - }; - }; -} diff --git a/users/modules/obs-studio.nix b/users/modules/obs-studio.nix deleted file mode 100644 index 67e3b8b..0000000 --- a/users/modules/obs-studio.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ pkgs, ... }: - -{ - programs.obs-studio = { - enable = true; - plugins = [ - pkgs.obs-studio-plugins.obs-vkcapture - pkgs.obs-studio-plugins.obs-backgroundremoval - pkgs.obs-studio-plugins.obs-pipewire-audio-capture - ]; - }; - -} diff --git a/users/modules/starship.nix b/users/modules/starship.nix deleted file mode 100644 index c836c51..0000000 --- a/users/modules/starship.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ pkgs, ... }: - -{ - programs.starship = { - enable = true; - enableBashIntegration = true; - enableFishIntegration = true; - settings = { - add_newline = false; - format = '' - $hostname$directory$git_branch$git_status$nix_shell - [ ❯ ](bold green) - ''; - right_format = "$cmd_duration$character"; - hostname = { - ssh_symbol = "󰖟 "; - }; - character = { - error_symbol = "[](red)"; - success_symbol = "[󱐋](green)"; - }; - cmd_duration = { - format = "[󰄉 $duration ]($style)"; - style = "yellow"; - min_time = 500; - }; - git_branch = { - symbol = " "; - style = "purple"; - }; - git_status.style = "red"; - nix_shell = { - format = "via [$symbol$state]($style)"; - heuristic = true; - style = "blue"; - symbol = "󱄅 "; - }; - }; - }; -} diff --git a/users/modules/tmux.nix b/users/modules/tmux.nix deleted file mode 100644 index 4268e7a..0000000 --- a/users/modules/tmux.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ pkgs, ... }: - -{ - programs.tmux = { - enable = true; - clock24 = true; - terminal = "xterm-256color"; - mouse = true; - keyMode = "vi"; - }; -} \ No newline at end of file diff --git a/users/servers/user.nix b/users/servers/user.nix new file mode 100644 index 0000000..990167f --- /dev/null +++ b/users/servers/user.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + imports = [ + # Host-common imports + ../common + ]; +} diff --git a/users/user/git.nix b/users/user/git.nix deleted file mode 100644 index 9c1fb20..0000000 --- a/users/user/git.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, ... }: - -{ - programs = { - git = { - enable = true; - settings.user = { - name = "William"; - email = "baduhai@proton.me"; - }; - }; - diff-so-fancy = { - enable = true; - enableGitIntegration = true; - }; - }; -} diff --git a/utils.nix b/utils.nix deleted file mode 100644 index 8c20ab9..0000000 --- a/utils.nix +++ /dev/null @@ -1,223 +0,0 @@ -{ inputs, lib }: - -let - inherit (inputs) - self - nixpkgs - nixpkgs-stable - home-manager - agenix - ; - - # Import shared service definitions - sharedServices = import ./shared/services.nix; -in - -{ - # Re-export shared services for use in host configs - inherit (sharedServices) services; - # Tag-based host configuration system - mkHost = - { - hostname, - tags ? [ ], - system ? "x86_64-linux", - extraModules ? [ ], - }: - let - # Validate that server and desktop tags are mutually exclusive - hasServer = builtins.elem "server" tags; - hasDesktop = builtins.elem "desktop" tags; - - # Always include "common" tag implicitly - allTags = - if hasServer && hasDesktop then - throw "Error: 'server' and 'desktop' tags are mutually exclusive for host '${hostname}'" - else - [ "common" ] ++ tags; - - # Choose nixpkgs based on server tag - pkgs = if builtins.elem "server" allTags then nixpkgs-stable else nixpkgs; - - # Tag-specific modules: each tag can be either: - # 1. A file: hosts/modules/${tag}.nix - # 2. A directory: hosts/modules/${tag}/*.nix (all .nix files imported) - tagModuleFiles = builtins.concatMap ( - tag: - let - filePath = ./hosts/modules/${tag}.nix; - dirPath = ./hosts/modules/${tag}; - in - # Check if it's a file first - if builtins.pathExists filePath then - [ filePath ] - # Then check if it's a directory - else if builtins.pathExists dirPath then - let - entries = builtins.readDir dirPath; - nixFiles = pkgs.lib.filterAttrs ( - name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name - ) entries; - in - map (name: dirPath + "/${name}") (builtins.attrNames nixFiles) - else - [ ] - ) allTags; - - # Automatically import all .nix files from hosts/${hostname}/ - hostModulePath = ./hosts/${hostname}; - hostModuleFiles = - if builtins.pathExists hostModulePath then - let - entries = builtins.readDir hostModulePath; - nixFiles = pkgs.lib.filterAttrs ( - name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name && name != "${hostname}.nix" - ) entries; - in - map (name: hostModulePath + "/${name}") (builtins.attrNames nixFiles) - else - [ ]; - - # Combine all modules - allModules = [ - agenix.nixosModules.default - { - networking.hostName = hostname; - nix.nixPath = [ "nixos-config=${self.outPath}/nixosConfigurations/${hostname}" ]; - nixpkgs.overlays = [ - agenix.overlays.default - self.overlays.default - ]; - } - ] - ++ tagModuleFiles - ++ hostModuleFiles - ++ extraModules; - in - pkgs.lib.nixosSystem { - inherit system; - specialArgs = { - inherit inputs; - hostTags = allTags; - }; - modules = allModules; - }; - - # Tag-based user configuration system - mkHome = - { - username, - hostname ? null, - homeDirectory ? "/home/${username}", - tags ? [ ], - extraModules ? [ ], - }: - let - pkgs = nixpkgs.legacyPackages.x86_64-linux; - - # Always include "common" tag implicitly - allTags = [ "common" ] ++ tags; - - # Tag-specific modules: each tag maps to users/modules/${tag}.nix if it exists - tagModuleFiles = builtins.concatMap ( - tag: - let - filePath = ./users/modules/${tag}.nix; - dirPath = ./users/modules/${tag}; - in - # Check if it's a file first - if builtins.pathExists filePath then - [ filePath ] - # Then check if it's a directory - else if builtins.pathExists dirPath then - let - entries = builtins.readDir dirPath; - nixFiles = pkgs.lib.filterAttrs ( - name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name - ) entries; - in - map (name: dirPath + "/${name}") (builtins.attrNames nixFiles) - else - [ ] - ) allTags; - - # Automatically import all .nix files from users/${username}/ - userModulePath = ./users/${username}; - userModuleFiles = - if builtins.pathExists userModulePath then - let - entries = builtins.readDir userModulePath; - nixFiles = pkgs.lib.filterAttrs ( - name: type: type == "regular" && pkgs.lib.hasSuffix ".nix" name - ) entries; - in - map (name: userModulePath + "/${name}") (builtins.attrNames nixFiles) - else - [ ]; - - # Combine all modules - allModules = [ - { - home = { - inherit username homeDirectory; - stateVersion = "22.05"; - }; - } - ] - ++ tagModuleFiles - ++ userModuleFiles - ++ extraModules; - in - home-manager.lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { - inherit inputs hostname; - userTags = allTags; - }; - modules = allModules ++ [ - { - nixpkgs.overlays = [ self.overlays.default ]; - } - ]; - }; - - # Nginx virtual host utilities - mkNginxVHosts = - { domains }: - let - # Extract domain name and apply it as useACMEHost - mkVHostConfig = domain: config: - lib.recursiveUpdate { - useACMEHost = domain; - forceSSL = true; - kTLS = true; - } config; - in - lib.mapAttrs mkVHostConfig domains; - - # Split DNS utilities for unbound - # Generates unbound view config from a list of DNS entries - mkSplitDNS = - entries: - let - # Generate local-data entries for all domains - tailscaleData = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') entries; - lanData = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') entries; - in - [ - # Single Tailscale view with all domains - { - name = "tailscale"; - view-first = true; - local-zone = ''"baduhai.dev." transparent''; - local-data = tailscaleData; - } - # Single LAN view with all domains - { - name = "lan"; - view-first = true; - local-zone = ''"baduhai.dev." transparent''; - local-data = lanData; - } - ]; -}